Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet!

Sunflower_e1 · 05.06.2014, 07:45

Hallo,

ich habe gestern eine sehr gut nachgemachte Email von Vodafone mit einem Pdf Link erhalten, auf den ich leider viel zu schnell geklickt habe, nachdem ich gesehen habe, dass ich angeblich über EUR 300,00 schulde! Der Link öffnete anstatt einer PDF Rechnung eine russische Website (silakov.net). Ich habe die Webseite sofort zugemacht und einen vollen System Scan mit meiner Bitdefender Software durchgeführt. Der Scan entdeckte jedoch nichts (Logfile hängt gezipped mit an, da ich kein xml file anhängen durfte).

Danach habe ich Eure Schritte durchgeführt. Alle Logfiles sind unten reinkopiert.

Bisher habe ich jetzt noch keine Probleme feststellen können, aber ich habe natürlich Angst, dass da jetzt im Hintergrund irgendein Programm z. B. meine Keystrokes mit logged... Windows habe ich bisher noch nicht runtergefahren, d.h. ich weiß auch nicht, ob ich beim nächsten hochfahren dann Probleme hätte.

Vielen Dank schon mal im Voraus für Eure Hilfe,

Eva

P.S.: Ich habe alle Logs hier unten reinkopiert oder anghängt (nachdem mein Text zu lang war und ich eine Fehlermeldung bekam) in der folgenden Reihenfolge:
Defogger_disable.Log
FRST.txt
Addition.txt
Gmer.log

Die originale Email hätte ich auch noch, falls ihr möchtet, dass ich die mit anhänge oder weiterleite...

Falls ihr doch lieber die Log files als Anhänge wollt (txt.files), dann kann ich sie gerne auch noch anhängen.

DEFOGGER_DISABLE.LOG:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:45 on 04/06/2014 (Eva)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST.TXT - LOG:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Eva (administrator) on EVA-LAPTOP on 04-06-2014 23:48:21
Running from C:\Users\Eva\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SqueakyChocolate, LLC) C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\odscanui.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-12-23] (Synaptics Incorporated)
HKLM\...\Run: [BDAgent] => C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe [1091200 2012-12-25] (Bitdefender)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-06-16] (IDT, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772096 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Run: [UpdateChecker] => C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe [7168 2013-08-25] (SqueakyChocolate, LLC)
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableChangePassword] 0
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\MountPoints2: {b4ece5a0-7a09-11e1-9300-806e6f6e6963} - E:\Einstiegsseite.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {3BC120E5-EBC2-4F55-A293-38CF53293866} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {3BC120E5-EBC2-4F55-A293-38CF53293866} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {03890185-559A-49FB-B03D-BBA4B7CFBF49} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {3BC120E5-EBC2-4F55-A293-38CF53293866} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {50C2C9D4-D2DA-46DC-A2C3-4CD2E20F545A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {BCACBEEE-2659-42BA-80B4-A7D4DDF59842} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CAF40F1D-E56A-4980-B56A-751F6C503523} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: SmileysWeLoveToolbar - {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll ()
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: SmileysWeLoveToolbar - {E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - SmileysWeLove - {CF0F43AB-9C23-4D7B-8040-201B82844854} - C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - GMX MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - GMX MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default
FF Homepage: www.benefinde.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-10-12]
FF Extension: BetterPrivacy - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-11]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]

Chrome:
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP", "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Free Smileys & Emoticons) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl [2013-10-12]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]

==================== Services (Whitelisted) =================

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-28] (Intel Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
S3 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [75384 2012-08-23] (Bitdefender)
S3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2012-06-06] (BitDefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [67904 2012-08-23] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe [1957912 2012-12-25] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 AKSIM; C:\Windows\System32\drivers\aksim.sys [35528 2013-06-24] (ActivIdentity)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-05-25] (Advanced Micro Devices, Inc.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [705552 2012-12-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-12-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [587024 2012-12-25] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-08-23] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2012-06-06] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2012-06-06] (BitDefender LLC)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2012-06-06] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [103944 2010-01-19] (BitDefender)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-10-28] (Intel Corporation)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-12-23] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2012-06-06] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\Eva\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-04 23:48 - 2014-06-04 23:48 - 00026100 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-04 23:46 - 2014-06-04 23:48 - 00000000 ____D () C:\FRST
2014-06-04 23:45 - 2014-06-04 23:45 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log
2014-06-04 23:45 - 2014-06-04 23:45 - 00000000 _____ () C:\Users\Eva\defogger_reenable
2014-06-04 22:34 - 2014-06-04 22:34 - 01110476 _____ () C:\Users\Eva\Downloads\7z920.exe
2014-06-04 22:33 - 2014-06-04 22:33 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe
2014-06-04 22:32 - 2014-06-04 22:32 - 02068992 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-04 22:28 - 2014-06-04 22:28 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 10:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-26 10:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-26 10:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-26 10:27 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-26 10:27 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-26 10:27 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-24 23:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-24 23:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-24 23:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-24 23:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-24 23:18 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-24 23:18 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-24 23:18 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-24 23:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-24 23:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-24 23:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-24 23:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx

==================== One Month Modified Files and Folders =======

2014-06-04 23:48 - 2014-06-04 23:48 - 00026100 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-04 23:48 - 2014-06-04 23:46 - 00000000 ____D () C:\FRST
2014-06-04 23:48 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva\AppData\Local\Temp
2014-06-04 23:45 - 2014-06-04 23:45 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log
2014-06-04 23:45 - 2014-06-04 23:45 - 00000000 _____ () C:\Users\Eva\defogger_reenable
2014-06-04 23:45 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva
2014-06-04 23:43 - 2012-12-08 21:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 23:12 - 2012-12-08 21:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-04 23:12 - 2012-12-08 21:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-04 22:43 - 2009-07-14 07:13 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 22:34 - 2014-06-04 22:34 - 01110476 _____ () C:\Users\Eva\Downloads\7z920.exe
2014-06-04 22:33 - 2014-06-04 22:33 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe
2014-06-04 22:32 - 2014-06-04 22:32 - 02068992 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-04 22:31 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-04 22:31 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-04 22:28 - 2014-06-04 22:28 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe
2014-06-04 12:55 - 2012-06-07 12:19 - 00000376 _____ () C:\Users\Eva\AppData\Roamingprivacy.xml
2014-06-04 07:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-04 07:39 - 2009-07-14 06:51 - 00095232 _____ () C:\Windows\setupact.log
2014-06-03 21:32 - 2012-06-06 17:43 - 01282856 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 11:37 - 2013-12-27 09:27 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEva
2014-06-03 11:37 - 2013-12-27 09:27 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForEva.job
2014-06-02 21:02 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\pw safe
2014-06-02 20:57 - 2012-06-06 19:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A494FF5-41D7-40BA-9BEE-750CCBC366EE}
2014-06-02 20:50 - 2013-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-01 21:32 - 2012-06-07 12:54 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\HpUpdate
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-26 11:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-26 11:30 - 2012-12-08 21:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-26 11:30 - 2012-02-04 16:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 11:30 - 2012-02-04 16:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 11:10 - 2014-05-01 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-26 10:33 - 2012-12-08 21:09 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-26 10:19 - 2013-09-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpunkt-Sicherheit
2014-05-24 23:28 - 2012-06-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-24 23:26 - 2013-09-03 17:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-24 23:22 - 2012-09-18 20:42 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx
2014-05-24 23:07 - 2012-12-08 21:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 23:07 - 2012-12-08 21:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 23:05 - 2013-04-11 21:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-09 08:14 - 2014-05-24 23:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-24 23:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-06 06:40 - 2014-05-26 10:28 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-26 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-26 10:27 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-26 10:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-26 10:28 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-26 10:28 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\gmx_mediacenter_setup_bundled.exe
C:\Users\Eva\AppData\Local\Temp\GMX_Toolbar_IE_Setup.exe
C:\Users\Eva\AppData\Local\Temp\ose00000.exe
C:\Users\Eva\AppData\Local\Temp\sp-downloader.exe
C:\Users\Eva\AppData\Local\Temp\sp64126.exe
C:\Users\Eva\AppData\Local\Temp\SPIdentifier.exe
C:\Users\Eva\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-30 10:34

==================== End Of Log ============================

schrauber · 05.06.2014, 08:07

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

erstmal bitte nur noch die Addition.txt posten.

Sunflower_e1 · 05.06.2014, 14:12

Hier der Addition Log File:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Eva at 2014-06-04 23:49:03
Running from C:\Users\Eva\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Bitdefender Virenschutz (Enabled - Up to date) {98CD50CE-5097-4098-9669-6C401FB3969C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Out of date) {23ACB12A-76AD-4F16-ACD9-57326434DC21}
FW: Bitdefender Firewall (Enabled) {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
AMD APP SDK Runtime (Version: 10.0.851.6 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{51F9B09B-2FE4-8B3A-628A-0C0654E253AF}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
B110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bitdefender Total Security 2012 (HKLM\...\Bitdefender) (Version: 15.0.25 - Bitdefender)
Bitdefender Total Security 2012 (Version: 15.0.25 - Bitdefender) Hidden
Bubble Shooter Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0117.2242.40496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0305.0347.6610 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0305.348.6610 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.4003 - CDBurnerXP)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.3.5120 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.3.5120 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
EaseUS Partition Master 9.2.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{768A6276-5822-489C-8A2B-67190F745655}) (Version: 4.1.2 - Hewlett-Packard)
Evernote v. 4.5.2 (HKLM-x32\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fishdom (TM) 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Free Video Flip and Rotate version 2.1.6.128 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.6.128 - DVDVideoSoft Ltd.)
GMX Desktop Icons (HKLM-x32\...\1&1 Mail & Media GmbH 1und1DesktopIconsInstaller) (Version: 3.0.5.0 - 1&1 Mail & Media GmbH)
GMX MailCheck für Internet Explorer (HKLM-x32\...\1&1 Mail & Media GmbH Toolbar IE8) (Version: 2.5.1.0 - 1&1 Mail & Media GmbH)
GMX Softwareaktualisierung (HKLM-x32\...\1&1 Mail & Media GmbH 1und1Softwareaktualisierung) (Version: 3.0.0.55 - 1&1 Mail & Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{16652164-D80F-4EE6-90C6-2E8D5D06092A}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Launch Box (HKLM\...\{5A847522-375C-4D05-BD3D-88C450CC047F}) (Version: 1.1.5 - Hewlett-Packard Company)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
HP Security Assistant (HKLM\...\{ED6CD3AC-616B-4B20-BCF3-6E637B92A5AD}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15109.3899 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.14901.3869 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6392.0 - IDT)
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Display Audio Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3090 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.95 - WildTangent) Hidden
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 1.1.500.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 1.1.500.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Ralink RT5390R 802.11b/g/n Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rapport (Version: 3.5.1205.11 - Trusteer) Hidden
Rapport (x32 Version: 3.5.1307.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.29004 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
Smileys We Love Toolbar for IE (HKLM-x32\...\{4B67E501-761A-4544-BD88-3CCB23746516}) (Version: 3.0.17 - SqueekyChocolate, LLC) <==== ATTENTION
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.0 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Totem Tribe (x32 Version: 2.2.0.95 - WildTangent) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trusteer Endpunkt-Sicherheit (HKLM-x32\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
UpdateChecker (HKLM-x32\...\SqueakyChocolate, LLC UpdateChecker) (Version:  - SqueakyChocolate, LLC) <==== ATTENTION
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows 7 Codec Pack 4.0.8 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.8 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
XMedia Recode version 3.1.4.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.4.9 - XMedia Recode)
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

01-05-2014 10:58:41 Windows Update
01-05-2014 14:11:47 Installed Rapport
03-05-2014 09:12:19 Windows Update
24-05-2014 21:16:51 Windows Update
26-05-2014 08:17:10 Installed Rapport
26-05-2014 08:21:46 Windows Update
03-06-2014 06:50:36 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {00CEFD61-572C-4D0A-813B-2EC0AC33AE92} - System32\Tasks\{926787F5-0A81-48C2-B7A8-131C69D3919B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {284CCDC9-70BD-49D2-895D-DF0462CB3059} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-26] (Adobe Systems Incorporated)
Task: {3C740712-8D40-41EB-A06B-2FF8E5955A84} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08] (Google Inc.)
Task: {45BA2CFB-89E0-4615-810C-A7100DDA6CEE} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4AE09A19-57F3-4BC1-BA7E-1B557FC43C5D} - System32\Tasks\Registration 1und1 Task => C:\Program Files (x86)\1und1Softwareaktualisierung\cdsupdclient.exe [2013-06-18] (1&1 Mail & Media GmbH)
Task: {546EB146-1470-4E13-A47D-5C08505FC7AC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {5CAC64AE-6642-4253-BA61-910F84AAB542} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation)
Task: {5FEFA772-F45B-4C65-BB7B-6F75D8AD8229} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft)
Task: {63EE863A-AD9E-4DC5-A807-624026816BCF} - System32\Tasks\{F09CCC15-CFF3-45E2-A8F7-FEAF281CBF69} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {66EE9CEC-4147-4C70-AB1E-81E4A991E9A4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-03-20] (CyberLink)
Task: {6BCABD4B-7A03-4E4C-A350-1EF55F526815} - System32\Tasks\{D3E4F631-E6D3-4870-A5A4-E54A34A11520} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {7E90A155-069E-4550-BA66-7BAE92157474} - System32\Tasks\{F8FBAA16-4F73-4CEB-88E3-2786DD2CEBC8} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {8BCEE959-5B85-49B4-A735-9E3CAE606035} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation)
Task: {931B3939-2124-46B5-9DEC-F22423562171} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08] (Google Inc.)
Task: {94F7E143-877B-4623-AFA0-9CFDEED7BEB6} - System32\Tasks\{EE873865-A557-4C2A-A8AF-E9A4E8B5DB5B} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1603
Task: {9F0B9600-A238-4374-8606-54D14E0FBBBB} - System32\Tasks\{4AC22654-BB07-4D1D-947C-819BE6945B29} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {AEBEA94B-8973-4855-8FBB-2B80F33DB6C8} - System32\Tasks\{8B692059-7182-45AD-BCB9-E320A29E24C7} => Firefox.exe hxxp://ui.skype.com/ui/0/6.7.0.102/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {FE85DCB1-2A5F-4A7F-96CA-F84720504F6F} - System32\Tasks\HPCeeScheduleForEva => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForEva.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-06-06 22:45 - 2012-06-06 22:45 - 00036256 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\strdecoder.dll
2012-06-06 22:49 - 2012-06-06 22:49 - 00262832 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\txmlutil.dll
2012-06-06 22:50 - 2012-06-06 22:50 - 00184016 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\framework.dll
2012-06-06 22:44 - 2012-06-06 22:44 - 00042960 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\procinfo.dll
2012-06-06 22:50 - 2012-06-06 22:50 - 00076384 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\ExcludeMgr.dll
2012-06-06 22:43 - 2012-06-06 22:43 - 00144912 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\connector.dll
2012-06-06 22:49 - 2012-06-06 22:49 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\UI\accessl.ui
2012-07-06 18:04 - 2012-12-25 12:03 - 00264128 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\avc3al.dll
2012-06-06 22:45 - 2012-06-06 22:45 - 00153680 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\bdfwcore.dll
2012-06-06 22:48 - 2012-06-06 22:48 - 00076408 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\bdmltusrsrv.dll
2012-12-25 12:04 - 2012-12-25 12:04 - 00098816 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\bdmetrics.dll
2012-06-06 22:42 - 2012-06-06 22:42 - 00005120 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\UI\IMSecurityAL.ui
2012-06-06 22:44 - 2012-06-06 22:44 - 00832000 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpbr.mdl
2012-06-06 22:44 - 2012-06-06 22:44 - 00650752 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpdsp.mdl
2012-06-06 22:43 - 2012-06-06 22:43 - 02816000 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpf.mdl
2012-06-06 22:43 - 2012-06-06 22:43 - 02621952 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttpph.mdl
2012-06-06 22:47 - 2012-06-06 22:47 - 01228800 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\ashttprbl.mdl
2012-06-06 22:50 - 2012-06-06 22:50 - 00480256 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimbr.mdl
2012-06-06 22:42 - 2012-06-06 22:42 - 00565760 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimdsp.mdl
2012-06-06 22:46 - 2012-06-06 22:46 - 02555904 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\as2core\asimf.mdl
2011-12-19 23:34 - 2011-12-19 23:34 - 00108880 _____ () C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
2012-01-06 03:24 - 2012-01-06 03:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-05 04:43 - 2012-03-05 04:43 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-03 13:33 - 2012-02-03 13:33 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-06-06 22:44 - 2012-08-23 16:05 - 00365568 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\bdidntconp.dll
2012-08-23 16:05 - 2012-08-23 16:05 - 00116736 _____ () C:\Program Files\Bitdefender\Bitdefender 2012\UI\bdidntconp.ui
2012-09-05 16:42 - 2014-05-26 10:23 - 01404120 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2014-02-27 08:47 - 2014-02-27 08:47 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\c2d51c14c3df104eccfffc7313d902b6\PSIClient.ni.dll
2012-03-30 02:40 - 2012-10-28 17:31 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2014-05-26 21:22 - 2014-05-26 21:22 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0E08FC17
AlternateDataStreams: C:\Users\Eva\Downloads\7z920.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\AVS421MediaPlayer.exe.part:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Defogger.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\epm.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Firefox Setup 20.0 (1).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Firefox Setup 20.0.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Gmer-19357.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\PDFCreator-1_6_2_setup (1).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\PDFCreator-1_6_2_setup.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\PDFCreator-1_7_1_setup.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\PDFCreator-1_7_2_setup.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Shockwave_Installer_Slim(1).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Shockwave_Installer_Slim.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\Silverlight_x64.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\SkypeSetup(1).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\SkypeSetup.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\sp58915 (1).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\sp58915.exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\windows.7.codec.pack.v4.0.8.setup(1).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\windows.7.codec.pack.v4.0.8.setup(2).exe:BDU
AlternateDataStreams: C:\Users\Eva\Downloads\windows.7.codec.pack.v4.0.8.setup.exe:BDU

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 07:40:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2014 08:44:15 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (06/03/2014 08:05:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 08:52:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/01/2014 08:49:31 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (05/28/2014 09:50:54 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (05/27/2014 08:48:44 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.

Error: (05/27/2014 08:13:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 11:14:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 11:04:14 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
The manifest file root element must be assembly.


System errors:
=============
Error: (06/04/2014 10:39:35 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (ABCDEF1234001330).

Error: (06/04/2014 07:39:25 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
trufos

Error: (06/03/2014 09:31:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/03/2014 08:04:37 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
trufos

Error: (06/02/2014 09:05:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (06/02/2014 08:51:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
trufos

Error: (06/01/2014 09:37:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (06/01/2014 09:37:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (06/01/2014 09:36:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/30/2014 09:20:33 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


Microsoft Office Sessions:
=========================
Error: (01/25/2014 09:15:49 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 36109 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/28/2012 00:21:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 81651 seconds with 5400 seconds of active time.  This session ended with a crash.

Error: (10/27/2012 01:39:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1721 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (10/27/2012 01:09:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15648 seconds with 1380 seconds of active time.  This session ended with a crash.

Error: (10/10/2012 07:52:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 571001 seconds with 5040 seconds of active time.  This session ended with a crash.

Error: (10/03/2012 05:15:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12632 seconds with 2340 seconds of active time.  This session ended with a crash.

Error: (10/03/2012 01:40:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16616 seconds with 2940 seconds of active time.  This session ended with a crash.

Error: (10/03/2012 09:02:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 85745 seconds with 10740 seconds of active time.  This session ended with a crash.

Error: (10/02/2012 09:12:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1534 seconds with 780 seconds of active time.  This session ended with a crash.

Error: (10/02/2012 08:45:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 77411 seconds with 9180 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-06-04 23:43:14.519
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 22:34:50.075
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 22:28:18.626
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 21:52:44.867
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 17:20:50.268
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 17:02:49.565
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 16:57:08.201
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 15:53:24.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 15:23:15.165
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-04 13:01:41.414
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2012\Active Virus Control\Avc3_00234_052\avcuf64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Percentage of memory in use: 74%
Total physical RAM: 3992.36 MB
Available physical RAM: 1006.11 MB
Total Pagefile: 7982.9 MB
Available Pagefile: 4807.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:445.49 GB) (Free:304.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:19.97 GB) (Free:2.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Photos - April14) (CDROM) (Total:3.17 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: EA4EE5C5)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

==================== End Of Log ============================

Vielen Dank schon mal!

Viele Grüße,
Eva

schrauber · 06.06.2014, 11:42

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Sunflower_e1 · 06.06.2014, 16:03

Hallo Schrauber,

hier die ComboFix.txt.

Er hat gemeckert, dass angeblich noch BitDefender lief, aber ich hatte es definitiv deaktiviert.

Combofix Logfile:

Code:

ATTFilter

ComboFix 14-06-04.01 - Eva 06.06.2014  16:13:15.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1033.18.3992.1387 [GMT 2:00]
ausgeführt von:: c:\users\Eva\Desktop\ComboFix.exe
AV: Bitdefender Virenschutz *Enabled/Updated* {98CD50CE-5097-4098-9669-6C401FB3969C}
FW: Bitdefender Firewall *Disabled* {A0F6D1EB-1AF8-41C0-BD36-C575E160D1E7}
SP: Bitdefender Spyware-Schutz *Enabled/Outdated* {23ACB12A-76AD-4F16-ACD9-57326434DC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Smileys We Love Toolbar for IE\adXLoader.dll
c:\programdata\1339005738.bdinstall.bin
c:\programdata\1343411738.bdinstall.bin
c:\programdata\1343411835.bdinstall.bin
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-06 bis 2014-06-06  ))))))))))))))))))))))))))))))
.
.
2014-06-06 14:32 . 2014-06-06 14:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-06 14:32 . 2014-06-06 14:32	--------	d-----w-	c:\users\Dave\AppData\Local\temp
2014-06-05 06:40 . 2014-06-05 06:40	--------	d-----w-	c:\program files (x86)\7-Zip
2014-06-05 06:28 . 2014-06-05 06:28	--------	d-sh--w-	c:\users\Eva\AppData\Local\EmieUserList
2014-06-05 06:28 . 2014-06-05 06:28	--------	d-sh--w-	c:\users\Eva\AppData\Local\EmieSiteList
2014-06-05 06:28 . 2014-06-05 06:28	--------	d-----w-	c:\users\Eva\AppData\Roaming\SmileysWeLove
2014-06-04 21:46 . 2014-06-04 21:49	--------	d-----w-	C:\FRST
2014-05-26 08:28 . 2014-05-06 04:40	23544320	----a-w-	c:\windows\system32\mshtml.dll
2014-05-26 08:28 . 2014-05-06 03:00	84992	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-26 08:27 . 2014-05-06 04:17	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-26 08:27 . 2014-05-06 03:07	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-24 21:19 . 2014-03-25 02:43	14175744	----a-w-	c:\windows\system32\shell32.dll
2014-05-24 21:19 . 2014-05-09 06:14	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-24 21:19 . 2014-05-09 06:11	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-24 21:18 . 2014-04-12 02:19	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-05-24 21:18 . 2014-03-04 09:44	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-05-24 21:18 . 2014-03-04 09:20	3969984	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2014-05-24 21:18 . 2014-03-04 09:43	455168	----a-w-	c:\windows\system32\winlogon.exe
2014-05-24 21:18 . 2014-03-04 09:20	3914176	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2014-05-24 21:18 . 2014-03-04 09:17	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-05-24 21:18 . 2014-03-04 09:44	314880	----a-w-	c:\windows\system32\msv1_0.dll
2014-05-24 21:18 . 2014-03-04 09:17	259584	----a-w-	c:\windows\SysWow64\msv1_0.dll
2014-05-24 21:18 . 2014-03-04 09:44	722944	----a-w-	c:\windows\system32\objsel.dll
2014-05-24 21:18 . 2014-03-04 09:47	5550016	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-26 09:30 . 2012-02-04 14:09	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-26 09:30 . 2012-02-04 14:09	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-24 21:22 . 2012-09-18 18:42	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-03 20:55 . 2012-09-05 14:42	358552	----a-w-	c:\windows\system32\drivers\RapportKE64.sys
2014-03-31 20:46 . 2014-03-31 20:46	130712	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46	1070232	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"UpdateChecker"="c:\program files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe" [2013-08-25 7168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-09-15 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-05 343168]
"EaseUS EPM tray"="c:\program files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe" [2013-03-29 2081792]
"MailCheck IE Broker"="c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe" [2014-04-24 1772096]
.
c:\users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2013-8-29 48200]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AKSIM;ActivKey Sim;c:\windows\system32\drivers\aksim.sys;c:\windows\SYSNATIVE\drivers\aksim.sys [x]
R3 ALSysIO;ALSysIO;c:\users\Eva\AppData\Local\Temp\ALSysIO64.sys;c:\users\Eva\AppData\Local\Temp\ALSysIO64.sys [x]
R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RapportKE64;RapportKE64;c:\windows\system32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe;c:\program files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 RapportCerberus_68261;RapportCerberus_68261;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe;c:\program files\Bitdefender\Bitdefender 2012\updatesrv.exe [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - PWLOQKOW
*Deregistered* - pwloqkow
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-26 08:19	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-02-04 09:30]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08 19:08]
.
2014-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-08 19:08]
.
2014-06-03 c:\windows\Tasks\HPCeeScheduleForEva.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 03:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2012-08-23 14:05	266952	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2012-08-23 14:05	266952	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2012-08-23 14:05	266952	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2012-08-23 14:05	266952	----a-w-	c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\Bitdefender\Bitdefender 2012\bdagent.exe" [2012-12-25 1091200]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-19 44880]
"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-26 1464928]
"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-26 2004584]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-06-16 1425408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-06 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-06 398104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-06 440600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-28 21720]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll
FF - ProfilePath - c:\users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\
FF - prefs.js: browser.startup.homepage - www.benefinde.de
FF - ExtSQL: !HIDDEN! 2012-09-18 21:55; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775} - c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader.dll
Toolbar-{CF0F43AB-9C23-4D7B-8040-201B82844854} - c:\program files (x86)\Smileys We Love Toolbar for IE\adxloader.dll
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-06  16:38:56
ComboFix-quarantined-files.txt  2014-06-06 14:38
.
Vor Suchlauf: 326.425.477.120 bytes free
Nach Suchlauf: 329.750.503.424 bytes free
.
- - End Of File - - 3982B76C527B75993BF162026C666358

--- --- ---

Viele Grüße,
Eva

schrauber · 07.06.2014, 11:09

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Sunflower_e1 · 08.06.2014, 15:18

Hallo Schrauber,

hier alle gewünschten Logs:

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 08.06.2014
Scan Time: 08:18:30
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.08.01
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Eva

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316220
Time Elapsed: 14 min, 14 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe, 5196, Delete-on-Reboot, [956c4333cdae49edc85f8e487390db25]

Modules: 2
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\System.Net.Json.dll, Delete-on-Reboot, [7d8485f1215ac373e995c6be60a2d12f], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdaterLibrary.dll, Delete-on-Reboot, [7d8485f1215ac373e995c6be60a2d12f], 

Registry Keys: 12
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [53aef1851b602c0af256c0b24cb68b75], 
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-90339688-1947325759-2833218809-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [53aef1851b602c0af256c0b24cb68b75], 
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-90339688-1947325759-2833218809-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [53aef1851b602c0af256c0b24cb68b75], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SmileysWeLoveToolbar.IEModule, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-90339688-1947325759-2833218809-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKU\S-1-5-21-90339688-1947325759-2833218809-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E4EF8A64-0A30-48F5-B3FE-5FDA978DA775}, Quarantined, [34cdf383ec8f989e51f8cea44cb6d729], 
PUP.Optional.SqueakyChocolate.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SqueakyChocolate, LLC UpdateChecker, Quarantined, [7d8485f1215ac373e995c6be60a2d12f], 

Registry Values: 3
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{CF0F43AB-9C23-4D7B-8040-201B82844854}, SmileysWeLoveToolbar.IEModule, Quarantined, [53aef1851b602c0af256c0b24cb68b75]
PUP.Optional.SmileysWeLove.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{CF0F43AB-9C23-4D7B-8040-201B82844854}, Quarantined, [6e9394e21467989e63e5234fca38a35d], 
PUP.Optional.SqueakyChocolate.A, HKU\S-1-5-21-90339688-1947325759-2833218809-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|UpdateChecker, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe, Quarantined, [956c4333cdae49edc85f8e487390db25]

Registry Data: 0
(No malicious items detected)

Folders: 19
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE, Quarantined, [0ff286f062197abcab7bd7ff5fa47090], 
PUP.Optional.OpenCandy, C:\Users\Eva\AppData\Roaming\OpenCandy, Quarantined, [c83985f114676bcba1432a598082a060], 
PUP.Optional.OpenCandy, C:\Users\Eva\AppData\Roaming\OpenCandy\014A6E0B14FE40AEBB4815D396B02562, Quarantined, [c83985f114676bcba1432a598082a060], 
PUP.Optional.OpenCandy, C:\Users\Eva\AppData\Roaming\OpenCandy\CC285DBF9C6140C8A801D09ADE3F6960, Quarantined, [c83985f114676bcba1432a598082a060], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker, Delete-on-Reboot, [7d8485f1215ac373e995c6be60a2d12f], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\da, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\de, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\en, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\es, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\es_419, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\fr, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\pt_BR, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\pt_PT, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\ru, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\zh_CN, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 

Files: 75
PUP.Optional.OpenCandy.A, C:\Users\Eva\AppData\Roaming\OpenCandy\014A6E0B14FE40AEBB4815D396B02562\dlm.exe, Quarantined, [4ab790e65328fd39861e9f82c43d5da3], 
PUP.Optional.Conduit.A, C:\Users\Eva\AppData\Roaming\OpenCandy\014A6E0B14FE40AEBB4815D396B02562\SSStub_SearchProtect_p1v0.exe, Quarantined, [827ff97d3d3ea591eef439e56e938a76], 
PUP.Optional.OpenCandy.A, C:\Users\Eva\Downloads\windows.7.codec.pack.v4.0.8.setup(1).exe, Quarantined, [16ebe78faccf2c0a8ae359e9ca36ca36], 
PUP.Optional.OpenCandy.A, C:\Users\Eva\Downloads\windows.7.codec.pack.v4.0.8.setup(2).exe, Quarantined, [56abe096106bc96d234a59e9966abc44], 
PUP.Optional.OpenCandy.A, C:\Users\Eva\Downloads\windows.7.codec.pack.v4.0.8.setup.exe, Quarantined, [926fc5b10675b28497d691b1817f18e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLove.ico, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\AddinExpress.IE.tlb, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.dll.manifest, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader.exe, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxloader64.exe, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\adxregistrator.exe, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\HtmlAgilityPack.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Interop.SHDocVw.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\Microsoft.mshtml.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SmileysWeLoveToolbar.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLCustomInstaller.InstallState, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLHelperLibrary.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\SWLSettingsApp.exe, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\Program Files (x86)\Smileys We Love Toolbar for IE\System.Net.Json.dll, Quarantined, [54adb0c6334870c6b0754a8c2dd618e8], 
PUP.Optional.SmileysWeLove.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmileysWeLove for IE\SmileysWeLove Settings for IE.lnk, Quarantined, [0ff286f062197abcab7bd7ff5fa47090], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateCheckerApp.exe, Delete-on-Reboot, [956c4333cdae49edc85f8e487390db25], 
PUP.Optional.OpenCandy, C:\Users\Eva\AppData\Roaming\OpenCandy\014A6E0B14FE40AEBB4815D396B02562\7208.ico, Quarantined, [c83985f114676bcba1432a598082a060], 
PUP.Optional.OpenCandy, C:\Users\Eva\AppData\Roaming\OpenCandy\CC285DBF9C6140C8A801D09ADE3F6960\SmileysWeLove_SetupS_cdn.exe, Quarantined, [c83985f114676bcba1432a598082a060], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\System.Net.Json.dll, Delete-on-Reboot, [7d8485f1215ac373e995c6be60a2d12f], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\uninstall.exe, Quarantined, [7d8485f1215ac373e995c6be60a2d12f], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdateNotifier.exe, Quarantined, [7d8485f1215ac373e995c6be60a2d12f], 
PUP.Optional.SqueakyChocolate.A, C:\Program Files (x86)\SqueakyChocolate\UpdateChecker\UpdaterLibrary.dll, Delete-on-Reboot, [7d8485f1215ac373e995c6be60a2d12f], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\email.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\options.css, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\am.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\application-128x128.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\application-16x16.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\application-19x19.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\application-38x38.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\application-48x48.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\application-64x64.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\background.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\chromepopup.css, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\facebook.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\feedback.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\google_plus.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\imageoverlay.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\jquery.hoverIntent.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\jquery.lazyload.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\jquery.scrollstop.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\jquery_swl-1.7.2.min.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\laugh.ico, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\manifest.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\options.html, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\options.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\popup.html, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\popup.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\rate.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\smileys.htm, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\smileyscript.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\SmileysWeLove.ico, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\swl_base.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\swl_core.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\swl_facebookchat.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\swl_smileys.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\twitter.png, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\uuid.js, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\da\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\de\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\en\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\es\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\es_419\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\fr\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\pt_BR\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\pt_PT\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\ru\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 
PUP.Optional.BProtector.A, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjbbjfdilbioabojmcplalojlmdngbjl\3.0.23.0_0\_locales\zh_CN\messages.json, Quarantined, [27da2a4c9cdfc472d3e358304bb72bd5], 

Physical Sectors: 0
(No malicious items detected)


(end)

AdwCleaner.txt
AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v3.212 - Report created 08/06/2014 at 13:10:58
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Eva - EVA-LAPTOP
# Running from : C:\Users\Eva\Desktop\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Eva\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Eva\AppData\Roaming\pdfforge
File Deleted : C:\END
File Deleted : C:\Users\Eva\Desktop\eBay.lnk
File Deleted : C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\invalidprefs.js
File Deleted : C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
File Deleted : C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\SmileysWeLove

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\wman5kd0.default\prefs.js ]


[ File : C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}

[ File : C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://de.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?cc=us&lang=en&charset=utf-8&qt={searchTerms}&search=
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fjbbjfdilbioabojmcplalojlmdngbjl
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [6233 octets] - [08/06/2014 13:05:49]
AdwCleaner[S0].txt - [5813 octets] - [08/06/2014 13:10:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5873 octets] ##########

--- --- ---

[/CODE]

JRT.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Eva on 08.06.2014 at 13:26:41,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BC120E5-EBC2-4F55-A293-38CF53293866}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3BC120E5-EBC2-4F55-A293-38CF53293866}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{01381485-B5E5-42B6-896A-8768AE89F1D1}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{2254E9E9-7079-49DD-861D-CEE85CFAB0A8}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{45ADEDC1-C86A-4D73-8972-A1FDF74DFFE0}
Successfully deleted: [Empty Folder] C:\Users\Eva\appdata\local\{E6AFD630-7D36-4D9C-8F68-6098EE58FF99}



~~~ FireFox

Emptied folder: C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\okop6zmg.default\minidumps [15 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.06.2014 at 13:45:27,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST.Log new:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Eva (administrator) on EVA-LAPTOP on 08-06-2014 16:05:59
Running from C:\Users\Eva\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-12-23] (Synaptics Incorporated)
HKLM\...\Run: [BDAgent] => C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe [1091200 2012-12-25] (Bitdefender)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-06-16] (IDT, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772096 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3BC120E5-EBC2-4F55-A293-38CF53293866} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {03890185-559A-49FB-B03D-BBA4B7CFBF49} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {50C2C9D4-D2DA-46DC-A2C3-4CD2E20F545A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {BCACBEEE-2659-42BA-80B4-A7D4DDF59842} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CAF40F1D-E56A-4980-B56A-751F6C503523} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default
FF Homepage: www.benefinde.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-10-12]
FF Extension: BetterPrivacy - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-11]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]

Chrome: 
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP",
			"hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]

==================== Services (Whitelisted) =================

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
S3 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [75384 2012-08-23] (Bitdefender)
S3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2012-06-06] (BitDefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [67904 2012-08-23] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe [1957912 2012-12-25] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 AKSIM; C:\Windows\System32\drivers\aksim.sys [35528 2013-06-24] (ActivIdentity)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-05-25] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [705552 2012-12-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-12-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [587024 2012-12-25] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-08-23] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2012-06-06] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2012-06-06] (BitDefender LLC)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2012-06-06] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [103944 2010-01-19] (BitDefender)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-10-28] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-12-23] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2012-06-06] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\Eva\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-08 16:05 - 2014-06-08 16:05 - 00000000 ____D () C:\Users\Eva\Downloads\FRST-OlderVersion
2014-06-08 13:45 - 2014-06-08 13:45 - 00001598 _____ () C:\Users\Eva\Desktop\JRT.txt
2014-06-08 13:26 - 2014-06-08 13:26 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 13:24 - 2014-06-08 13:24 - 01016261 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe
2014-06-08 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-08 13:05 - 2014-06-08 13:11 - 00000000 ____D () C:\AdwCleaner
2014-06-08 13:04 - 2014-06-08 13:03 - 01333465 _____ () C:\Users\Eva\Desktop\adwcleaner_3.212.exe
2014-06-08 13:03 - 2014-06-08 13:03 - 01333465 _____ () C:\Users\Eva\Downloads\adwcleaner_3.212.exe
2014-06-08 13:01 - 2014-06-08 13:01 - 00022251 _____ () C:\Users\Eva\Desktop\mbam.txt
2014-06-08 08:17 - 2014-06-08 13:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-08 08:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 08:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 08:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-08 08:13 - 2014-06-08 08:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Dave\AppData\Local\temp
2014-06-06 16:38 - 2014-06-06 16:38 - 00024833 _____ () C:\ComboFix.txt
2014-06-06 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-06 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-06 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-06 16:03 - 2014-06-06 16:39 - 00000000 ____D () C:\Qoobox
2014-06-06 16:02 - 2014-06-06 16:35 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 16:01 - 2014-06-06 16:01 - 05205146 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe
2014-06-06 16:00 - 2014-06-06 16:01 - 05205146 _____ (Swearware) C:\Users\Eva\Downloads\ComboFix.exe
2014-06-05 08:41 - 2014-06-05 08:41 - 00030200 _____ () C:\Users\Eva\Downloads\Gmer.7z
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieUserList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieSiteList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\SmileysWeLove
2014-06-05 00:07 - 2014-06-05 00:07 - 02478588 _____ () C:\Users\Eva\Downloads\Gmer.log
2014-06-04 23:49 - 2014-06-04 23:50 - 00049950 _____ () C:\Users\Eva\Downloads\Addition.txt
2014-06-04 23:48 - 2014-06-08 16:05 - 00023361 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-04 23:46 - 2014-06-08 16:06 - 00000000 ____D () C:\FRST
2014-06-04 23:45 - 2014-06-04 23:45 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log
2014-06-04 23:45 - 2014-06-04 23:45 - 00000000 _____ () C:\Users\Eva\defogger_reenable
2014-06-04 22:34 - 2014-06-04 22:34 - 01110476 _____ () C:\Users\Eva\Downloads\7z920.exe
2014-06-04 22:33 - 2014-06-04 22:33 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe
2014-06-04 22:32 - 2014-06-08 16:05 - 02072576 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-04 22:28 - 2014-06-04 22:28 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 10:28 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-26 10:28 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-26 10:28 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-26 10:27 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-26 10:27 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-26 10:27 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-24 23:19 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-24 23:19 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-24 23:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-24 23:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-24 23:18 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-24 23:18 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-24 23:18 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-24 23:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-24 23:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-24 23:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-24 23:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx

==================== One Month Modified Files and Folders =======

2014-06-08 16:06 - 2014-06-04 23:48 - 00023361 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-08 16:06 - 2014-06-04 23:46 - 00000000 ____D () C:\FRST
2014-06-08 16:06 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva\AppData\Local\Temp
2014-06-08 16:06 - 2009-07-14 07:13 - 00788414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 16:05 - 2014-06-08 16:05 - 00000000 ____D () C:\Users\Eva\Downloads\FRST-OlderVersion
2014-06-08 16:05 - 2014-06-04 22:32 - 02072576 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-08 16:04 - 2012-12-08 21:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-08 16:03 - 2012-12-08 21:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-08 13:45 - 2014-06-08 13:45 - 00001598 _____ () C:\Users\Eva\Desktop\JRT.txt
2014-06-08 13:29 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:29 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-08 13:27 - 2012-06-06 17:43 - 01416365 _____ () C:\Windows\WindowsUpdate.log
2014-06-08 13:26 - 2014-06-08 13:26 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 13:24 - 2014-06-08 13:24 - 01016261 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe
2014-06-08 13:22 - 2014-06-08 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 13:21 - 2012-12-08 21:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-08 13:21 - 2012-06-07 12:19 - 00000376 _____ () C:\Users\Eva\AppData\Roamingprivacy.xml
2014-06-08 13:21 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-08 13:20 - 2010-11-21 05:47 - 00534522 _____ () C:\Windows\PFRO.log
2014-06-08 13:20 - 2009-07-14 06:51 - 00095344 _____ () C:\Windows\setupact.log
2014-06-08 13:11 - 2014-06-08 13:05 - 00000000 ____D () C:\AdwCleaner
2014-06-08 13:03 - 2014-06-08 13:04 - 01333465 _____ () C:\Users\Eva\Desktop\adwcleaner_3.212.exe
2014-06-08 13:03 - 2014-06-08 13:03 - 01333465 _____ () C:\Users\Eva\Downloads\adwcleaner_3.212.exe
2014-06-08 13:01 - 2014-06-08 13:01 - 00022251 _____ () C:\Users\Eva\Desktop\mbam.txt
2014-06-08 12:59 - 2012-06-06 19:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A494FF5-41D7-40BA-9BEE-750CCBC366EE}
2014-06-08 12:55 - 2013-10-12 22:56 - 00000000 ____D () C:\Program Files (x86)\SqueakyChocolate
2014-06-08 08:19 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\Rezepte
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-08 08:13 - 2014-06-08 08:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-07 18:57 - 2013-12-27 09:27 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForEva.job
2014-06-07 18:56 - 2013-12-27 09:27 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEva
2014-06-06 21:53 - 2012-10-29 11:26 - 00793608 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Dave\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:03 - 00000000 ____D () C:\Qoobox
2014-06-06 16:39 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-06 16:38 - 2014-06-06 16:38 - 00024833 _____ () C:\ComboFix.txt
2014-06-06 16:35 - 2014-06-06 16:02 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 16:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-06 16:01 - 2014-06-06 16:01 - 05205146 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe
2014-06-06 16:01 - 2014-06-06 16:00 - 05205146 _____ (Swearware) C:\Users\Eva\Downloads\ComboFix.exe
2014-06-05 08:41 - 2014-06-05 08:41 - 00030200 _____ () C:\Users\Eva\Downloads\Gmer.7z
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieUserList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieSiteList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\SmileysWeLove
2014-06-05 00:07 - 2014-06-05 00:07 - 02478588 _____ () C:\Users\Eva\Downloads\Gmer.log
2014-06-04 23:50 - 2014-06-04 23:49 - 00049950 _____ () C:\Users\Eva\Downloads\Addition.txt
2014-06-04 23:45 - 2014-06-04 23:45 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log
2014-06-04 23:45 - 2014-06-04 23:45 - 00000000 _____ () C:\Users\Eva\defogger_reenable
2014-06-04 23:45 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva
2014-06-04 22:34 - 2014-06-04 22:34 - 01110476 _____ () C:\Users\Eva\Downloads\7z920.exe
2014-06-04 22:33 - 2014-06-04 22:33 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe
2014-06-04 22:28 - 2014-06-04 22:28 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe
2014-06-02 21:02 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\pw safe
2014-06-02 20:50 - 2013-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-01 21:32 - 2012-06-07 12:54 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\HpUpdate
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-26 11:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-26 11:30 - 2012-12-08 21:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-26 11:30 - 2012-02-04 16:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 11:30 - 2012-02-04 16:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 11:10 - 2014-05-01 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-26 10:33 - 2012-12-08 21:09 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-26 10:19 - 2013-09-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpunkt-Sicherheit
2014-05-24 23:28 - 2012-06-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-24 23:26 - 2013-09-03 17:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-24 23:22 - 2012-09-18 20:42 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx
2014-05-24 23:07 - 2012-12-08 21:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 23:07 - 2012-12-08 21:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 23:05 - 2013-04-11 21:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-06-08 08:17 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-08 08:17 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-08 08:17 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-09 08:14 - 2014-05-24 23:19 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-24 23:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-08 08:49

==================== End Of Log ============================

--- --- ---

--- --- ---

Viele Grüße,
Eva

schrauber · 09.06.2014, 06:57

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Sunflower_e1 · 13.06.2014, 07:43

Hallo Schrauber,

so, jetzt endlich hab ich alle Logs... ich habe den ESET scanner schon am 09.06. gestartet, aber er ging SEHR LAAAANGSAM. Es hat über 32 Stunden gedauert, bis er fertig war und dann habe ich blöderweise nicht erst den Log irgendwoanders hin gespeichert, bevor ich Deine Anweisungen weiter befolgt habe. Bei Deinstallation wird fast alles - inklusive dem Log-File - gelöscht! Tja, also nochmal von vorne! Und was ich auch bemerkt habe: ESET Online Scanner schien langsamer zu laufen wenn entweder noch ein Firefox Fenster auf war, bzw. irgendein anderer Scanner lief. BitDefender hatte ich ausgeschaltet, aber mir ist erst später aufgefallen, dass der mbam scanner an war. Den hat der ESET Online Scanner aber lustigerweise nicht selber erkannt. Egal, nachdem ich alle Internet Fenster und alle anderen Scanner ausgeschalten hatte, lief es einigermaßen schnell(er). Trotzdem noch über Nacht!

So, hier der ESET Log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=a453da4a985dea4e9dc66bad472ef4ce
# engine=18678
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-12 04:47:50
# local_time=2014-06-12 06:47:50 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Bitdefender Antivirus'
# compatibility_mode=2056 16777213 100 85 35780 161672767 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 28974859 154221519 0 0
# scanned=210910
# found=5
# cleaned=0
# scan_time=35520
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_6_2_setup (1).exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_6_2_setup.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_7_1_setup.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_7_2_setup.exe"
sh=AD108EE737309C62464BC84FEAC0A3791CF9B22F ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.SmileysLove.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\7e50c8c.msi"

Und hier der Checkup.txt:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Bitdefender Virenschutz   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 13.0.0.214  
 Adobe Reader XI  
 Mozilla Firefox (29.0.1) 
 Google Chrome 34.0.1847.131  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 Bitdefender Bitdefender 2012 vsserv.exe  
 Bitdefender Bitdefender 2012 updatesrv.exe  
 Bitdefender Bitdefender 2012 bdagent.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log``````````````````````

und zu allerletzt noch ein frisches FRST.txt:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by Eva (administrator) on EVA-LAPTOP on 13-06-2014 08:17:42
Running from C:\Users\Eva\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-12-23] (Synaptics Incorporated)
HKLM\...\Run: [BDAgent] => C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe [1091200 2012-12-25] (Bitdefender)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-06-16] (IDT, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772096 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3BC120E5-EBC2-4F55-A293-38CF53293866} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {03890185-559A-49FB-B03D-BBA4B7CFBF49} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {50C2C9D4-D2DA-46DC-A2C3-4CD2E20F545A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {BCACBEEE-2659-42BA-80B4-A7D4DDF59842} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CAF40F1D-E56A-4980-B56A-751F6C503523} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default
FF Homepage: www.benefinde.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SmileysWeLove: Smileys for use with Facebook, GMail, and more - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\jid1-vW9nopuIAJiRHw@jetpack.xpi [2013-10-12]
FF Extension: BetterPrivacy - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-11]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]

Chrome: 
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP",
			"hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]

==================== Services (Whitelisted) =================

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-10-28] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-28] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
S3 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [75384 2012-08-23] (Bitdefender)
S3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2012-06-06] (BitDefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [67904 2012-08-23] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe [1957912 2012-12-25] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 AKSIM; C:\Windows\System32\drivers\aksim.sys [35528 2013-06-24] (ActivIdentity)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-05-25] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [705552 2012-12-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-12-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [587024 2012-12-25] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-08-23] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2012-06-06] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2012-06-06] (BitDefender LLC)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2012-06-06] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [103944 2010-01-19] (BitDefender)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-10-28] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-12-23] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2012-06-06] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\Eva\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-13 08:10 - 2014-06-13 08:10 - 00854367 _____ () C:\Users\Eva\Downloads\SecurityCheck.exe
2014-06-11 08:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 08:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 08:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 08:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 08:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 08:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 08:45 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 08:45 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 08:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:45 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:45 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 08:45 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:45 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:45 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 08:45 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 08:45 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:45 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 08:45 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:45 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:45 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 08:45 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 08:45 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 08:45 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:45 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:45 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:45 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 08:45 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 08:45 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:45 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:45 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:45 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 08:45 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 08:45 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:45 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 08:45 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:45 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 08:45 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:45 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:45 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:45 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 08:45 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 08:45 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:45 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:45 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 08:45 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 08:45 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:45 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:45 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:45 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:45 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:45 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 08:45 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:45 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:45 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:45 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:45 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:45 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:45 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 08:45 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-09 17:32 - 2014-06-12 08:52 - 02347384 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe
2014-06-08 16:05 - 2014-06-13 08:17 - 00000000 ____D () C:\Users\Eva\Downloads\FRST-OlderVersion
2014-06-08 13:45 - 2014-06-08 13:45 - 00001598 _____ () C:\Users\Eva\Desktop\JRT.txt
2014-06-08 13:26 - 2014-06-08 13:26 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 13:24 - 2014-06-08 13:24 - 01016261 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe
2014-06-08 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-08 13:05 - 2014-06-08 13:11 - 00000000 ____D () C:\AdwCleaner
2014-06-08 13:04 - 2014-06-08 13:03 - 01333465 _____ () C:\Users\Eva\Desktop\adwcleaner_3.212.exe
2014-06-08 13:03 - 2014-06-08 13:03 - 01333465 _____ () C:\Users\Eva\Downloads\adwcleaner_3.212.exe
2014-06-08 13:01 - 2014-06-08 13:01 - 00022251 _____ () C:\Users\Eva\Desktop\mbam.txt
2014-06-08 08:17 - 2014-06-12 08:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-08 08:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-08 08:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-08 08:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-08 08:13 - 2014-06-08 08:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Dave\AppData\Local\temp
2014-06-06 16:38 - 2014-06-06 16:38 - 00024833 _____ () C:\ComboFix.txt
2014-06-06 16:05 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-06 16:05 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-06 16:05 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-06 16:05 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-06 16:03 - 2014-06-06 16:39 - 00000000 ____D () C:\Qoobox
2014-06-06 16:02 - 2014-06-06 16:35 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 16:01 - 2014-06-06 16:01 - 05205146 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe
2014-06-06 16:00 - 2014-06-06 16:01 - 05205146 _____ (Swearware) C:\Users\Eva\Downloads\ComboFix.exe
2014-06-05 08:41 - 2014-06-05 08:41 - 00030200 _____ () C:\Users\Eva\Downloads\Gmer.7z
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieUserList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieSiteList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\SmileysWeLove
2014-06-05 00:07 - 2014-06-05 00:07 - 02478588 _____ () C:\Users\Eva\Downloads\Gmer.log
2014-06-04 23:49 - 2014-06-04 23:50 - 00049950 _____ () C:\Users\Eva\Downloads\Addition.txt
2014-06-04 23:48 - 2014-06-13 08:17 - 00023629 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-04 23:46 - 2014-06-13 08:17 - 00000000 ____D () C:\FRST
2014-06-04 23:45 - 2014-06-04 23:45 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log
2014-06-04 23:45 - 2014-06-04 23:45 - 00000000 _____ () C:\Users\Eva\defogger_reenable
2014-06-04 22:34 - 2014-06-04 22:34 - 01110476 _____ () C:\Users\Eva\Downloads\7z920.exe
2014-06-04 22:33 - 2014-06-04 22:33 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe
2014-06-04 22:32 - 2014-06-13 08:17 - 02081792 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-04 22:28 - 2014-06-04 22:28 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-24 23:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-24 23:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-24 23:18 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-24 23:18 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-24 23:18 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-24 23:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-24 23:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-24 23:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-24 23:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx

==================== One Month Modified Files and Folders =======

2014-06-13 08:18 - 2014-06-04 23:48 - 00023629 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-13 08:18 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva\AppData\Local\Temp
2014-06-13 08:17 - 2014-06-08 16:05 - 00000000 ____D () C:\Users\Eva\Downloads\FRST-OlderVersion
2014-06-13 08:17 - 2014-06-04 23:46 - 00000000 ____D () C:\FRST
2014-06-13 08:17 - 2014-06-04 22:32 - 02081792 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-13 08:12 - 2012-12-08 21:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 08:10 - 2014-06-13 08:10 - 00854367 _____ () C:\Users\Eva\Downloads\SecurityCheck.exe
2014-06-13 07:30 - 2012-12-08 21:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-12 23:12 - 2012-12-08 21:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-12 19:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 08:52 - 2014-06-09 17:32 - 02347384 _____ (ESET) C:\Users\Eva\Downloads\esetsmartinstaller_deu.exe
2014-06-12 08:45 - 2014-06-08 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 08:41 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 08:41 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 08:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 08:36 - 2009-07-14 06:51 - 00095400 _____ () C:\Windows\setupact.log
2014-06-12 08:35 - 2010-11-21 05:47 - 00535050 _____ () C:\Windows\PFRO.log
2014-06-12 08:32 - 2012-06-06 17:43 - 01233821 _____ () C:\Windows\WindowsUpdate.log
2014-06-12 08:16 - 2013-09-03 17:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 08:13 - 2012-09-18 20:42 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 08:13 - 2012-06-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 08:10 - 2014-05-01 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 21:05 - 2013-12-27 09:27 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEva
2014-06-11 21:05 - 2013-12-27 09:27 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForEva.job
2014-06-09 21:14 - 2009-07-14 07:13 - 00788414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 13:45 - 2014-06-08 13:45 - 00001598 _____ () C:\Users\Eva\Desktop\JRT.txt
2014-06-08 13:26 - 2014-06-08 13:26 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 13:24 - 2014-06-08 13:24 - 01016261 _____ (Thisisu) C:\Users\Eva\Downloads\JRT.exe
2014-06-08 13:21 - 2012-06-07 12:19 - 00000376 _____ () C:\Users\Eva\AppData\Roamingprivacy.xml
2014-06-08 13:11 - 2014-06-08 13:05 - 00000000 ____D () C:\AdwCleaner
2014-06-08 13:03 - 2014-06-08 13:04 - 01333465 _____ () C:\Users\Eva\Desktop\adwcleaner_3.212.exe
2014-06-08 13:03 - 2014-06-08 13:03 - 01333465 _____ () C:\Users\Eva\Downloads\adwcleaner_3.212.exe
2014-06-08 13:01 - 2014-06-08 13:01 - 00022251 _____ () C:\Users\Eva\Desktop\mbam.txt
2014-06-08 12:59 - 2012-06-06 19:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A494FF5-41D7-40BA-9BEE-750CCBC366EE}
2014-06-08 12:55 - 2013-10-12 22:56 - 00000000 ____D () C:\Program Files (x86)\SqueakyChocolate
2014-06-08 11:13 - 2014-06-11 08:45 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 08:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 08:19 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\Rezepte
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-08 08:13 - 2014-06-08 08:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Eva\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-06 21:53 - 2012-10-29 11:26 - 00793608 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Dave\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:03 - 00000000 ____D () C:\Qoobox
2014-06-06 16:39 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-06 16:38 - 2014-06-06 16:38 - 00024833 _____ () C:\ComboFix.txt
2014-06-06 16:35 - 2014-06-06 16:02 - 00000000 ____D () C:\Windows\erdnt
2014-06-06 16:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-06 16:01 - 2014-06-06 16:01 - 05205146 ____R (Swearware) C:\Users\Eva\Desktop\ComboFix.exe
2014-06-06 16:01 - 2014-06-06 16:00 - 05205146 _____ (Swearware) C:\Users\Eva\Downloads\ComboFix.exe
2014-06-05 08:41 - 2014-06-05 08:41 - 00030200 _____ () C:\Users\Eva\Downloads\Gmer.7z
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-05 08:40 - 2014-06-05 08:40 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieUserList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieSiteList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\SmileysWeLove
2014-06-05 00:07 - 2014-06-05 00:07 - 02478588 _____ () C:\Users\Eva\Downloads\Gmer.log
2014-06-04 23:50 - 2014-06-04 23:49 - 00049950 _____ () C:\Users\Eva\Downloads\Addition.txt
2014-06-04 23:45 - 2014-06-04 23:45 - 00000468 _____ () C:\Users\Eva\Downloads\defogger_disable.log
2014-06-04 23:45 - 2014-06-04 23:45 - 00000000 _____ () C:\Users\Eva\defogger_reenable
2014-06-04 23:45 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva
2014-06-04 22:34 - 2014-06-04 22:34 - 01110476 _____ () C:\Users\Eva\Downloads\7z920.exe
2014-06-04 22:33 - 2014-06-04 22:33 - 00380416 _____ () C:\Users\Eva\Downloads\Gmer-19357.exe
2014-06-04 22:28 - 2014-06-04 22:28 - 00050477 _____ () C:\Users\Eva\Downloads\Defogger.exe
2014-06-02 21:02 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\pw safe
2014-06-02 20:50 - 2013-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-01 21:32 - 2012-06-07 12:54 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\HpUpdate
2014-05-30 12:21 - 2014-06-11 08:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 08:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 08:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 08:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 08:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 08:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 08:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 08:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 08:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 08:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 08:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 08:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 08:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 08:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 08:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 08:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 08:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 08:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 08:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 08:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 08:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 08:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 08:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 08:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 08:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 08:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 08:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 08:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 08:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 08:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 08:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 08:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 08:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 08:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 08:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 08:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 08:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 08:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 08:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 08:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 08:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 08:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 08:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 08:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 08:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 08:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 08:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-26 11:30 - 2012-12-08 21:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-26 11:30 - 2012-02-04 16:09 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-26 11:30 - 2012-02-04 16:09 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-26 10:33 - 2012-12-08 21:09 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-26 10:19 - 2013-09-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpunkt-Sicherheit
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx
2014-05-24 23:07 - 2012-12-08 21:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 23:07 - 2012-12-08 21:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 23:05 - 2013-04-11 21:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 08:49

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Probleme hatte ich bisher keine, nur die Angst, dass da im Hintergrund irgendwas mitläuft, von dem ich nichts weiß! Und das alle meine Aktionen/Passwörter/Informationen heimlich an eine Dritte Person überliefert...

Hoffe, dass jetzt alles sauber ist!

Viele Grüße,
Eva

schrauber · 13.06.2014, 21:20

Passwörter ändern, dann is alles gut

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Sunflower_e1 · 13.06.2014, 22:46

Hallo Schrauber,

vielen Dank noch für Deine abschließenden Tipps. Die werde ich mir zu Herzen nehmen und natürlich einsetzen. Ich bin eigentlich ein sehr sicherheitsbewußter Mensch... da hat es mich eh selber irritiert, dass ich auf den Link geklickt habe. Normalerweise tue ich das nie!

So, hier noch einige abschließende Fragen:
Der ESET Online Scanner hatte ja 5 Dinge gefunden, die aber nicht bereinigt wurden:

Code:

ATTFilter

# found=5
# cleaned=0
# scan_time=35520
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_6_2_setup (1).exe"
sh=BCF43267B4416C6DDEFAAD5AE0A63E3F682C5BB0 ft=1 fh=905be375e5c80006 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_6_2_setup.exe"
sh=9434866971DD357600C9F2B1E31B7893C3A070F0 ft=1 fh=4f14aeb246e47811 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_7_1_setup.exe"
sh=FBBE31F08E493A8B0702FE72F3ABA6DF996E20C6 ft=1 fh=1055b3d0ea15ac02 vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Eva\Downloads\PDFCreator-1_7_2_setup.exe"
sh=AD108EE737309C62464BC84FEAC0A3791CF9B22F ft=0 fh=0000000000000000 vn="Variante von MSIL/Toolbar.SmileysLove.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\7e50c8c.msi"

Muss ich da noch etwas tun??

Ich habe in der Systemsteuerung das Programm zu den Smileys entdeckt:
Smileys We Love Toolbar for IE von SqueekyChocolate LLC

Ich habe versucht, es zu deinstallieren, aber das Programm lässt mich nicht.
Fehlermeldung ist:
There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor.

Gerne werde ich Feedback hinterlassen und auch etwas Spenden!

Vielen vielen Dank für Deine Hilfe!

Viele Grüße,
Eva

schrauber · 14.06.2014, 15:31

Deinstallier das mit Revo. Die FUnde von ESET sind Downloads, einfach löschen

Sunflower_e1 · 15.06.2014, 11:35

Hallo Schrauber,

hat nicht funktioniert mit Revo. Leider! Der "Smileys we Love Toolbar for IE" ist immer noch da. Revo started das Tooleigene Installationsprogramm und das führte dann zum gleichen Fehler: "There is a Problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your ..."

Hast Du sonst noch irgendwelche Tips wie ich das wieder wegbekomme? Nochmal drüber installieren?

Auf jeden Fall Danke ich Dir für Deine Hilfe!

Du kannst Dann auch diesen Trail aus Deinen Abo´s löschen..

Viele Grüße,
Eva

schrauber · 15.06.2014, 19:21

Poste mal bitte ein frisches FRST log.

Sunflower_e1 · 15.06.2014, 22:18

Hier das frische FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Eva (administrator) on EVA-LAPTOP on 15-06-2014 22:10:22
Running from C:\Users\Eva\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(1und1 Mail und Media GmbH) C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SourceForge.net) C:\Users\Eva\Documents\pw safe\pwsafe.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-12-23] (Synaptics Incorporated)
HKLM\...\Run: [BDAgent] => C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe [1091200 2012-12-25] (Bitdefender)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IntelliType Pro] => c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-06-16] (IDT, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-09-15] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-03-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.2.2\bin\EpmNews.exe [2081792 2013-03-29] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [MailCheck IE Broker] => C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck_Broker.exe [1772096 2014-04-24] (1und1 Mail und Media GmbH)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [1128000 2014-06-03] (BillP Studios)
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-90339688-1947325759-2833218809-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {3BC120E5-EBC2-4F55-A293-38CF53293866} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {03890185-559A-49FB-B03D-BBA4B7CFBF49} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {50C2C9D4-D2DA-46DC-A2C3-4CD2E20F545A} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {BCACBEEE-2659-42BA-80B4-A7D4DDF59842} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {CAF40F1D-E56A-4980-B56A-751F6C503523} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: GMX MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: gmx - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX MailCheck\IE\GMX_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-30] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default
FF Homepage: www.benefinde.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rooms.hp.com - C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\elemhidehelper@adblockplus.org.xpi [2014-06-14]
FF Extension: Adblock Plus - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-14]
FF Extension: BetterPrivacy - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\okop6zmg.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2013-04-11]
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-04]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-09-08]

Chrome: 
=======
CHR HomePage: hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP
CHR RestoreOnStartup: "hxxp://de.msn.com/?pc=UP97&ocid=UP97DHP",
			"hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (IntelÂ® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows LiveÂ™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-12]

==================== Services (Whitelisted) =================

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-10-28] (Intel Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-10-28] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-10-28] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1882392 2014-05-03] (Trusteer Ltd.)
S3 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [75384 2012-08-23] (Bitdefender)
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
S3 Update Server; C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe [466736 2012-06-06] (BitDefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe [67904 2012-08-23] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe [1957912 2012-12-25] (Bitdefender)

==================== Drivers (Whitelisted) ====================

S3 AKSIM; C:\Windows\System32\drivers\aksim.sys [35528 2013-06-24] (ActivIdentity)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-05-25] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [705552 2012-12-25] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-12-25] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [587024 2012-12-25] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93160 2012-08-23] (BitDefender LLC)
R0 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [442088 2012-06-06] (BitDefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2012-06-06] (BitDefender LLC)
S3 bdsandbox; C:\Windows\system32\drivers\bdsandbox.sys [79952 2012-06-06] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [103944 2010-01-19] (BitDefender)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [27456 2012-10-28] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
R1 RapportCerberus_68261; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_68261.sys [631096 2014-05-26] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299512 2014-05-03] (Trusteer Ltd.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358552 2014-05-03] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414232 2014-05-03] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [258664 2011-09-22] (Realtek Semiconductor Corp.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2012-12-23] (Synaptics Incorporated)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [329800 2012-06-06] (BitDefender S.R.L.)
S3 ALSysIO; \??\C:\Users\Eva\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-15 22:10 - 2014-06-15 22:13 - 00025678 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-15 22:10 - 2014-06-15 22:10 - 00000000 ____D () C:\FRST
2014-06-15 22:09 - 2014-06-15 22:09 - 02081280 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\WinPatrol
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-15 06:15 - 2014-06-15 06:15 - 00001264 _____ () C:\Users\Eva\Desktop\Revo Uninstaller.lnk
2014-06-15 06:15 - 2014-06-15 06:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-15 06:12 - 2014-06-15 06:13 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Eva\Downloads\revosetup95.exe
2014-06-14 15:20 - 2014-06-14 15:21 - 00262572 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-06-14 13:48 - 2014-06-14 13:48 - 00700980 _____ () C:\Users\Eva\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2014-06-14 12:25 - 2014-06-15 06:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 12:25 - 2014-06-14 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-14 12:25 - 2014-06-14 12:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-14 12:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 12:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 12:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-13 23:48 - 2014-06-13 23:54 - 00001227 _____ () C:\Windows\SecuniaPackage.log
2014-06-13 23:31 - 2014-06-13 23:31 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-13 23:31 - 2014-06-13 23:31 - 00000000 ____D () C:\Users\Eva\AppData\Local\Secunia PSI
2014-06-13 23:31 - 2014-06-13 23:31 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-06-13 23:00 - 2014-06-13 23:00 - 00001459 _____ () C:\Users\Eva\Desktop\DelFix.txt
2014-06-13 22:58 - 2014-06-13 22:59 - 00001459 _____ () C:\DelFix.txt
2014-06-13 22:57 - 2014-06-13 22:56 - 00709260 _____ () C:\Users\Eva\Desktop\delfix_10.7.exe
2014-06-13 22:55 - 2014-06-13 22:55 - 00000000 ___SD () C:\Uninstall
2014-06-11 08:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 08:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 08:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 08:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 08:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 08:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 08:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 08:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 08:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 08:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 08:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 08:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 08:45 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 08:45 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 08:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 08:45 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 08:45 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 08:45 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 08:45 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 08:45 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 08:45 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 08:45 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 08:45 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 08:45 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 08:45 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 08:45 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 08:45 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 08:45 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 08:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 08:45 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 08:45 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 08:45 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 08:45 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 08:45 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 08:45 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 08:45 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 08:45 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 08:45 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 08:45 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 08:45 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 08:45 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 08:45 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 08:45 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 08:45 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 08:45 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 08:45 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 08:45 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 08:45 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 08:45 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 08:45 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 08:45 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 08:45 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 08:45 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 08:45 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 08:45 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 08:45 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 08:45 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 08:45 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 08:45 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 08:45 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 08:45 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 08:45 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 08:45 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 08:45 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 08:45 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 08:45 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-08 13:26 - 2014-06-13 22:58 - 00000000 ____D () C:\Windows\ERUNT
2014-06-08 13:06 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Dave\AppData\Local\temp
2014-06-06 16:02 - 2014-06-13 22:55 - 00000000 ____D () C:\Windows\erdnt
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieUserList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieSiteList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\SmileysWeLove
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 21:22 - 2014-06-13 23:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-24 23:19 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-24 23:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-24 23:18 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-24 23:18 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-24 23:18 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-24 23:18 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-24 23:18 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-24 23:18 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-24 23:18 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-24 23:17 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-24 23:17 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-24 23:17 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-24 23:17 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-24 23:17 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-24 23:17 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-24 23:17 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-24 23:17 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx

==================== One Month Modified Files and Folders =======

2014-06-15 22:13 - 2014-06-15 22:10 - 00025678 _____ () C:\Users\Eva\Downloads\FRST.txt
2014-06-15 22:13 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva\AppData\Local\Temp
2014-06-15 22:12 - 2012-12-08 21:09 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-15 22:10 - 2014-06-15 22:10 - 00000000 ____D () C:\FRST
2014-06-15 22:09 - 2014-06-15 22:09 - 02081280 _____ (Farbar) C:\Users\Eva\Downloads\FRST64.exe
2014-06-15 21:30 - 2012-12-08 21:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-15 21:05 - 2013-12-27 09:27 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForEva
2014-06-15 21:05 - 2013-12-27 09:27 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForEva.job
2014-06-15 13:16 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\pw safe
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\WinPatrol
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\ProgramData\InstallMate
2014-06-15 12:44 - 2014-06-15 12:44 - 00000000 ____D () C:\Program Files (x86)\BillP Studios
2014-06-15 12:38 - 2012-12-27 22:24 - 00000000 ____D () C:\Users\Eva\Documents\Finanzen
2014-06-15 06:53 - 2014-06-14 12:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-15 06:17 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-15 06:17 - 2009-07-14 06:45 - 00031248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-15 06:15 - 2014-06-15 06:15 - 00001264 _____ () C:\Users\Eva\Desktop\Revo Uninstaller.lnk
2014-06-15 06:15 - 2014-06-15 06:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-15 06:15 - 2012-12-08 21:08 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-15 06:13 - 2014-06-15 06:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Eva\Downloads\revosetup95.exe
2014-06-15 06:13 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\Software
2014-06-15 06:11 - 2012-06-06 19:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7A494FF5-41D7-40BA-9BEE-750CCBC366EE}
2014-06-15 06:08 - 2012-06-06 17:43 - 01391711 _____ () C:\Windows\WindowsUpdate.log
2014-06-15 06:03 - 2012-06-07 12:19 - 00000376 _____ () C:\Users\Eva\AppData\Roamingprivacy.xml
2014-06-15 06:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-15 06:02 - 2009-07-14 06:51 - 00095568 _____ () C:\Windows\setupact.log
2014-06-14 15:21 - 2014-06-14 15:20 - 00262572 _____ () C:\Windows\msxml4-KB2758694-enu.LOG
2014-06-14 13:48 - 2014-06-14 13:48 - 00700980 _____ () C:\Users\Eva\Downloads\adblock_edge-2.0.7-sm+an+tb+fx-windows.xpi
2014-06-14 12:25 - 2014-06-14 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-06-14 12:25 - 2014-06-14 12:25 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-06-14 10:51 - 2013-04-10 19:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-13 23:56 - 2012-06-10 23:44 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-06-13 23:54 - 2014-06-13 23:48 - 00001227 _____ () C:\Windows\SecuniaPackage.log
2014-06-13 23:54 - 2014-05-26 21:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-13 23:54 - 2013-04-10 19:51 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-06-13 23:54 - 2013-04-10 19:51 - 00001075 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-06-13 23:53 - 2013-01-29 20:54 - 00001899 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-06-13 23:53 - 2013-01-29 20:54 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-06-13 23:53 - 2009-07-14 07:13 - 00788414 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-13 23:50 - 2012-12-08 21:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-13 23:50 - 2012-02-04 16:09 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-13 23:50 - 2012-02-04 16:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-13 23:31 - 2014-06-13 23:31 - 00001069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-06-13 23:31 - 2014-06-13 23:31 - 00000000 ____D () C:\Users\Eva\AppData\Local\Secunia PSI
2014-06-13 23:31 - 2014-06-13 23:31 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-06-13 23:31 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-13 23:03 - 2010-11-21 05:47 - 00536584 _____ () C:\Windows\PFRO.log
2014-06-13 23:00 - 2014-06-13 23:00 - 00001459 _____ () C:\Users\Eva\Desktop\DelFix.txt
2014-06-13 22:59 - 2014-06-13 22:58 - 00001459 _____ () C:\DelFix.txt
2014-06-13 22:58 - 2014-06-08 13:26 - 00000000 ____D () C:\Windows\ERUNT
2014-06-13 22:56 - 2014-06-13 22:57 - 00709260 _____ () C:\Users\Eva\Desktop\delfix_10.7.exe
2014-06-13 22:55 - 2014-06-13 22:55 - 00000000 ___SD () C:\Uninstall
2014-06-13 22:55 - 2014-06-06 16:02 - 00000000 ____D () C:\Windows\erdnt
2014-06-13 22:52 - 2012-06-06 19:47 - 00000000 ____D () C:\Users\Eva
2014-06-13 14:16 - 2012-12-08 21:09 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 19:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 08:16 - 2013-09-03 17:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 08:13 - 2012-09-18 20:42 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 08:13 - 2012-06-06 22:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 08:10 - 2014-05-01 13:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-08 12:55 - 2013-10-12 22:56 - 00000000 ____D () C:\Program Files (x86)\SqueakyChocolate
2014-06-08 11:13 - 2014-06-11 08:45 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-11 08:45 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-08 08:19 - 2012-11-13 12:02 - 00000000 ____D () C:\Users\Eva\Documents\Rezepte
2014-06-08 08:17 - 2014-06-08 08:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 21:53 - 2012-10-29 11:26 - 00793608 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-06 16:39 - 2014-06-06 16:39 - 00000000 ____D () C:\Users\Dave\AppData\Local\temp
2014-06-06 16:39 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-06 16:34 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieUserList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 __SHD () C:\Users\Eva\AppData\Local\EmieSiteList
2014-06-05 08:28 - 2014-06-05 08:28 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\SmileysWeLove
2014-06-01 21:32 - 2012-06-07 12:54 - 00000000 ____D () C:\Users\Eva\AppData\Roaming\HpUpdate
2014-05-30 12:21 - 2014-06-11 08:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 08:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 08:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 08:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 08:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 08:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 08:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 08:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 08:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 08:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 08:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 08:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 08:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 08:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 08:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 08:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 08:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 08:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 08:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 08:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 08:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 08:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 08:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 08:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 08:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 08:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 08:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 08:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 08:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 08:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 08:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 08:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 08:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 08:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 08:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 08:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 08:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 08:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 08:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 08:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 08:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 08:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 08:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 08:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 08:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 08:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 08:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 08:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 08:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 08:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-26 21:25 - 2014-05-26 21:25 - 00013298 _____ () C:\Users\Eva\Desktop\Vorschlag Spielplatz Am Spratzer - 2014.xlsx
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-26 17:20 - 2012-06-06 19:53 - 00000000 ___RD () C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-26 10:19 - 2013-09-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpunkt-Sicherheit
2014-05-24 23:13 - 2014-05-24 23:13 - 00010733 _____ () C:\Users\Eva\Desktop\Spielplatz Beispiele Kosten.xlsx
2014-05-24 23:07 - 2012-12-08 21:09 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-24 23:07 - 2012-12-08 21:08 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-24 23:05 - 2013-04-11 21:40 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

Some content of TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\ERUNT.exe
C:\Users\Eva\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-08 08:49

==================== End Of Log ============================

--- --- ---

--- --- ---

Viele Grüße,
Eva

14.06.2014, 15:31	#12
schrauber /// the machine /// TB-Ausbilder	Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet! Deinstallier das mit Revo. Die FUnde von ESET sind Downloads, einfach löschen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

15.06.2014, 19:21	#14
schrauber /// the machine /// TB-Ausbilder	Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet! Poste mal bitte ein frisches FRST log. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet!

Log-Analyse und Auswertung: Email von Vodafone mit pdf, die auf russische Seite verzweigt leider geöffnet!