Trojaner-Board - Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen (https://www.trojaner-board.de/153860-windows-8-mozilla-firefox-staendig-oeffnen-neue-fenster-tabs-werbung-warnhinweisen.html)

Windows 8 / Mozilla Firefox : Ständig öffnen sich neue Fenster und Tabs mit Werbung und Warnhinweisen

Hallo,

ich habe ein Problem mit meinem Laptop. Wenn ich im Internet unterwegs bin und Seiten öffne, öffnen sich gleichzeitig oder kurz danach mehrere Fenster mit Werbung. Entweder erscheint das Fenster "Neuer Tab" mit einer Übersicht über verschiedene Seiten wie google usw. oder es ist Werbung für Browserspiele, Casinos usw.. Diese überlagern meine eigentlich geöffnete Seite, was es sehr schwierig macht Passwörter einzugeben oder in Ruhe im Internet zu surfen. Wenn ich diese Fenster schließe, erscheinen sie spätestens beim nächsten Websitewechsel erneut.

Außerdem öffnet sich auch auf den Websites selbst Werbung von unten, rechts und links.

Ich habe die Schritte zum Logerstellen befolgt hier die Ergebnisse:

1. Defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:48 on 14/05/2014 (Sonja)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

2. FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Sonja (administrator) on LAPTOP on 14-05-2014 12:53:37
Running from C:\Users\Sonja\Desktop
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe
() C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014
Ran by Sonja at 2014-05-14 12:54:12
Running from C:\Users\Sonja\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Aff Packages (HKCU\...\Aff Packages) (Version: - ) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bueno Chrome Toolbar (HKLM-x32\...\Bueno Chrome Toolbar) (Version: - BuenoSearch) <==== ATTENTION
buenosearch toolbar (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3202 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{AC53C6A4-1CC4-48A5-91F3-565BB7978B22}) (Version: - Microsoft)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

3. Gmer:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-14 13:06:35
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000037 HGST_HTS545050A7E380 rev.GG2OACA0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\uwloapow.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000073e00 7 bytes [00, 77, 82, 01, 00, 57, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000073e08 7 bytes [01, 42, C0, FF, 00, 17, DB]

---- User code sections - GMER 2.1 ----

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[9804] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8d2c41532 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[9804] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8d2c4153a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[9804] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8d2c4165a 4 bytes [C4, D2, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007f8d2c41532 4 bytes [C4, D2, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007f8d2c4153a 4 bytes [C4, D2, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007f8d2c4165a 4 bytes [C4, D2, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8d731177a 4 bytes [31, D7, F8, 07]
.text C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8d7311782 4 bytes [31, D7, F8, 07]
.text C:\Windows\Explorer.EXE[10476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8d731177a 4 bytes [31, D7, F8, 07]
.text C:\Windows\Explorer.EXE[10476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8d7311782 4 bytes [31, D7, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[10028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8d2c41532 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[10028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8d2c4153a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[10028] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8d2c4165a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8d2c41532 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8d2c4153a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8d2c4165a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[12196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8d2c41532 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[12196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8d2c4153a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[12196] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8d2c4165a 4 bytes [C4, D2, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8d731177a 4 bytes [31, D7, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8d7311782 4 bytes [31, D7, F8, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8d731177a 4 bytes [31, D7, F8, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8d7311782 4 bytes [31, D7, F8, 07]

---- Threads - GMER 2.1 ----

Thread C:\Windows\SYSTEM32\ntdll.dll [3860:1704] 0000000001101c24
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:456] 000000006526e54e
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4204] 0000000063590eb8
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4208] 0000000063590eb8
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4212] 0000000063590eb8
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4304] 000000006396319b
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4308] 0000000062b78e19
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4400] 0000000062af4b0d
Thread C:\Windows\SYSTEM32\ntdll.dll [3860:4736] 00000000643016dc
Thread C:\Windows\system32\csrss.exe [3720:11220] fffff960007505e8
---- Processes - GMER 2.1 ----

Library C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\fb3c48d0b572fe532f915951406516f7\System.Numerics.ni.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3772] 0000000065f10000

Als ich die ganzen Scans gemacht hatte und den Eintrag hier das erste Mal erstellen wollte, ist mein Laptop abgestürzt. Er ist dann neu gestartet und wieder hochgefahren als wenn nichts gewesen wäre. Das hat er vorher aber noch nie gemacht.
Ich habe leider gar keine Ahnung von Computern usw. deswegen hoffe ich, dass ihr mir helfen könnt.

Mit freundlichen Grüßen

Sonja

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://www.trojaner-board.de/picture...&pictureid=307

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 12:48 on 14/05/2014 (Sonja)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014

Ran by Sonja (administrator) on LAPTOP on 14-05-2014 12:53:37

Running from C:\Users\Sonja\Desktop

Platform: Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

() C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe

() C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [lollipop_02181301] => "c:\users\sonja\appdata\local\lollipop\lollipop_02181301.exe" lollipop_02181301

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-25] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-25] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_18_erinnerung.lnk

ShortcutTarget: phase6_18_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_18\WinStart\WinStart.exe (phase6)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: SaveClicker - {B13EE62C-29A6-3BF3-3FB7-0E1352BF76B2} - C:\Program Files (x86)\SaveClicker\T63WEBYk_m.dll ()

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: ResultsAlpha - {cbab673a-a480-4050-bd2b-5de24a7a0282} - C:\Program Files (x86)\ResultsAlpha\ResultsAlphabho.dll (ResultsAlpha)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default

FF user.js: detected! => C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js

FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174

FF Homepage: hxxp://www.web.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\searchplugins\buenosearch.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Widget context - C:\Users\Sonja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-02-18]

FF Extension: SaveClicker - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\3g9.j@siek-okewg.net [2014-02-13]

FF Extension: vis - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-02-13]

FF Extension: BuenoSearch - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\ffxtlbr@buenosearch.com [2014-03-02]

FF Extension: Foxtab Speed Dial - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]

FF Extension: ResultsAlpha - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi [2014-02-13]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-11]
 

Chrome: 

=======

CHR Extension: (SaveClicker) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib [2014-02-13]

CHR Extension: (SaveClicker) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon [2014-02-13]

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2014-02-13]

CHR Extension: (Widget context) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-02-17]

CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Sonja\AppData\Roaming\BabSolution\CR\bueno.crx [2014-02-17]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-12]
 

==================== Services (Whitelisted) =================
 

R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] ()

R2 Update ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe [317728 2014-05-13] ()

R2 Util ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe [317728 2014-05-13] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

S2 VOsrv; C:\Users\Sonja\AppData\Roaming\VOPackage\VOsrv.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)

R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-10] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140311.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2014-04-10] (Realtek Semiconductor Corporation                           )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-11] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

R1 {f727685b-ed90-4adc-8eec-8234574a91e6}Gw64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys [61120 2014-04-24] (StdLib)

R4 wStLibG64; system32\drivers\wStLibG64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-14 12:53 - 2014-05-14 12:53 - 00022886 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-14 12:53 - 2014-05-14 12:53 - 00000000 ____D () C:\FRST

2014-05-14 12:51 - 2014-05-14 12:51 - 02066944 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-07 10:48 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-05-07 10:48 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-05-07 10:48 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-05 15:28 - 2014-04-24 12:30 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-05-05 14:55 - 2014-04-29 16:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-05 14:55 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-05 14:55 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-05 14:54 - 2014-04-29 14:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-28 11:41 - 2014-04-28 11:42 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:39 - 2014-04-28 11:43 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung

2014-04-14 20:57 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-14 20:57 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-14 20:57 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-14 20:57 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-14 20:57 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-14 20:57 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-14 20:57 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-14 20:57 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-14 20:57 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-14 20:57 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-14 20:57 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-14 20:57 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-14 20:57 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-14 20:57 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-14 20:57 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-14 20:57 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-14 20:57 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-14 20:57 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-14 20:57 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-14 20:57 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-14 20:57 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
 

==================== One Month Modified Files and Folders =======
 

2014-05-14 12:53 - 2014-05-14 12:53 - 00022886 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-14 12:53 - 2014-05-14 12:53 - 00000000 ____D () C:\FRST

2014-05-14 12:51 - 2014-05-14 12:51 - 02066944 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-14 12:50 - 2014-01-11 21:20 - 01575198 _____ () C:\Windows\WindowsUpdate.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:48 - 2014-01-11 21:20 - 00000000 ____D () C:\Users\Sonja

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-14 12:27 - 2014-02-02 23:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-14 12:27 - 2014-02-02 23:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-14 12:09 - 2014-02-13 16:09 - 00000302 _____ () C:\Windows\Tasks\FoxTab.job

2014-05-14 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-05-14 11:56 - 2014-02-13 16:19 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater

2014-05-14 11:54 - 2014-01-11 21:25 - 00000000 ____D () C:\Users\Sonja\Documents\Youcam

2014-05-14 11:53 - 2014-01-22 21:51 - 00000000 ____D () C:\Users\Public\Documents\phase6_18_Daten

2014-05-12 15:01 - 2014-02-13 16:09 - 00000290 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2014-05-12 14:40 - 2014-01-13 18:24 - 00003160 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSonja

2014-05-12 14:40 - 2014-01-13 18:24 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForSonja.job

2014-05-12 13:54 - 2014-01-11 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-12 13:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-05-12 11:55 - 2014-01-20 22:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-05-12 11:55 - 2014-01-20 22:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-08 22:01 - 2013-07-22 19:32 - 00831158 _____ () C:\Windows\system32\perfh007.dat

2014-05-08 22:01 - 2013-07-22 19:32 - 00188760 _____ () C:\Windows\system32\perfc007.dat

2014-05-08 22:01 - 2012-07-26 09:28 - 01952918 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-07 15:09 - 2014-02-13 16:09 - 00000298 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job

2014-05-07 11:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-05-05 14:48 - 2013-12-04 19:30 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-04-29 16:14 - 2014-05-05 14:55 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-29 14:47 - 2014-05-05 14:55 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-29 14:36 - 2014-05-05 14:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-29 14:25 - 2014-05-05 14:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-28 11:43 - 2014-04-28 11:39 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung

2014-04-28 11:42 - 2014-04-28 11:41 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:33 - 2014-02-05 09:28 - 00055808 ___SH () C:\Users\Sonja\Desktop\Thumbs.db

2014-04-24 12:30 - 2014-05-05 15:28 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-04-23 01:47 - 2014-01-14 20:36 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-23 01:47 - 2014-01-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-19 12:07 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-04-19 11:39 - 2014-05-07 10:48 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-19 10:45 - 2014-05-07 10:48 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-19 10:45 - 2014-05-07 10:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-19 08:57 - 2014-05-07 10:48 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-19 08:57 - 2014-05-07 10:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-17 21:20 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-04-17 21:18 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-17 11:54 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-17 11:54 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-04-17 11:51 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-17 11:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-15 15:17 - 2014-01-12 23:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-15 15:13 - 2014-01-12 23:07 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\COMAP.EXE

C:\Users\Sonja\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7260005.dll

C:\Users\Sonja\AppData\Local\Temp\Extract.exe

C:\Users\Sonja\AppData\Local\Temp\htmlayout.dll

C:\Users\Sonja\AppData\Local\Temp\install559389062.exe

C:\Users\Sonja\AppData\Local\Temp\SP64996.exe

C:\Users\Sonja\AppData\Local\Temp\SP64999.exe

C:\Users\Sonja\AppData\Local\Temp\SP65792.exe

C:\Users\Sonja\AppData\Local\Temp\SP65823.exe

C:\Users\Sonja\AppData\Local\Temp\toolbar559329656.exe

C:\Users\Sonja\AppData\Local\Temp\toolbar559649656.exe

C:\Users\Sonja\AppData\Local\Temp\toolbar559650156.exe

C:\Users\Sonja\AppData\Local\Temp\VuuPC.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-07 11:36
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-05-2014

Ran by Sonja at 2014-05-14 12:54:12

Running from C:\Users\Sonja\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 

==================== Installed Programs ======================
 

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)

Aff Packages (HKCU\...\Aff Packages) (Version:  - ) <==== ATTENTION

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bueno Chrome Toolbar (HKLM-x32\...\Bueno Chrome Toolbar) (Version:  - BuenoSearch) <==== ATTENTION

buenosearch toolbar   (HKLM-x32\...\buenosearch) (Version: 1.8.28.7 - Montiera technologies LTD) <==== ATTENTION

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)

CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.5.3606 - CyberLink Corp.)

CyberLink Media Suite 10 (x32 Version: 10.0.5.3606 - CyberLink Corp.) Hidden

Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)

Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3202 - CyberLink Corp.)

CyberLink Power2Go 8 (x32 Version: 8.0.4.3202 - CyberLink Corp.) Hidden

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)

CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)

CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)

CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{AC53C6A4-1CC4-48A5-91F3-565BB7978B22}) (Version:  - Microsoft)

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)

Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Foxtab (HKLM-x32\...\foxtab) (Version:  - FoxTab) <==== ATTENTION

German Truck Simulator 1.32 (HKLM-x32\...\German Truck Simulator) (Version: 1.32 - SCS Software)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)

HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)

HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 106) hp - Meridian Audio Ltd)

HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)

HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden

HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)

HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)

HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3224 - Intel Corporation)

Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)

Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden

Lollipop (HKCU\...\lollipop_02181301) (Version:  - Lollipop Network, S.L.) <==== ATTENTION

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden

Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)

NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)

NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden

NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

phase6_18 (HKLM-x32\...\{20C3DEAF-801D-4C3E-9826-E62EE16DB7AB}) (Version: 1.80.0000 - phase6)

Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)

REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)

ResultsAlpha (HKLM\...\ResultsAlpha) (Version: 2014.02.13.012613 - ResultsAlpha)

SaveClicker (HKLM-x32\...\{E96338DC-1468-4918-8EC2-8454BFFC5025}) (Version: 4.0.0.1893 - SaveClicker) <==== ATTENTION

Schiff-Simulator 2008 (HKLM-x32\...\ShipSim2008) (Version:  - )

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)

Sweet Home 3D version 4.3 (HKLM\...\Sweet Home 3D_is1) (Version:  - eTeks)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)

TubeBox (HKLM-x32\...\{f4bae24f-62cf-49b2-9648-a3a3065611ca}) (Version: 4.4.0.0 - Freetec)

TubeBox (x32 Version: 4.4.0.0 - Freetec) Hidden

Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{B2508D75-61CF-4CC0-84C0-CF257219201D}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)

Update for Microsoft Visio 2010 (KB2553444) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{8E076AE6-4E29-4056-A13F-70CC8F433FB5}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)

VideoConverter (HKLM-x32\...\VideoConverter) (Version: ${VERSION} - )

VIS (HKLM-x32\...\VIS) (Version:  - ) <==== ATTENTION

Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 

==================== Restore Points  =========================
 

28-04-2014 11:05:21 Geplanter Prüfpunkt

05-05-2014 14:03:44 Windows Update
 

==================== Hosts content: ==========================
 

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {057A6726-0280-446C-90D1-3089748A5C46} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: {09217F1F-A50B-4F40-8193-2CA1AEAE3AF2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {12974D1B-6C16-4532-9E43-0EC8DAE38647} - System32\Tasks\HPCeeScheduleForSonja => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2077EE25-8F4D-49F5-B5BB-0B0FFAC03E2A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {29C19F77-4008-4E53-8D01-F8628DCFBA46} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)

Task: {29E8E0CF-0F0F-4EA9-89BF-3D0F3431D1FC} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION

Task: {48A3EE5B-FE70-4A4B-AF20-BA8B1789A050} - System32\Tasks\EPUpdater => C:\Users\Sonja\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION

Task: {500BEBCA-89E9-4CAD-8323-E85A673EB6AF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: {643D04D9-0FE6-4B84-9410-468F6142250C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {675F284F-4009-47C5-BD65-565E1B6196D8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {74093269-1192-4641-B1C5-3B20052825EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe

Task: {7BD23CCC-488B-4932-8218-4C76876E8679} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {819F8E40-9443-4BC3-81B1-0899AF3576F5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)

Task: {88785FFE-DDC4-45D6-86A7-E44A8D471B63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {8DAE0EEF-CD50-4C69-9ED3-DCF23A19AD8E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)

Task: {8F5F6CE4-E7E1-4447-9930-A1B79A1E3AE4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)

Task: {92DB11B0-920D-48D5-A001-E88FD5F0CF38} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {B21A7586-F1BE-40DB-B01F-5336C1F49A24} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Ui.exe [2014-02-13] ()

Task: {BD8EE977-30CB-4216-9473-8E39EB75FF85} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)

Task: {C41E41DF-21E5-4F46-B206-B450CB29A152} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D03E8A89-9E7F-40B3-AFBA-36A64A500C69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {D14BB700-8C04-46BB-A929-F2083B18EAA0} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: {D4CB4F99-CB77-4764-9FE7-66D27778905B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)

Task: {D4DDEE10-006D-487D-9650-520BF77981B5} - System32\Tasks\FoxTab => C:\Users\Sonja\AppData\Roaming\FoxTab\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION

Task: {DB0BADD6-D434-4FB2-8226-99E59001DF47} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {F65A50EA-E0A8-4E90-8CE7-EE7D25A57CF8} - System32\Tasks\Software Updater => C:\Program Files (x86)\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-11-29] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Sonja\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

Task: C:\Windows\Tasks\HPCeeScheduleForSonja.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION

Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
 

==================== Loaded Modules (whitelisted) =============
 

2014-02-13 03:33 - 2014-05-13 13:15 - 00317728 _____ () C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe

2014-02-13 18:12 - 2014-05-13 13:18 - 00317728 _____ () C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe

2014-02-21 21:30 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-02-21 21:30 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-02-21 21:30 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-02-21 21:30 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-02-21 21:30 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2013-12-04 18:52 - 2013-05-08 23:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2014-01-11 22:01 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll

2014-05-12 13:07 - 2014-05-12 13:07 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-02-21 20:37 - 2013-08-05 10:51 - 00806664 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll

2014-02-21 20:37 - 2013-03-06 05:04 - 01353688 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\Language\DEU\P2GRC.dll

2014-02-21 20:37 - 2013-08-05 10:51 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll

2014-02-21 20:37 - 2013-08-05 09:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-08-05 16:48 - 2013-08-05 16:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 

Name: Teredo Tunneling Pseudo-Interface

Description: Microsoft-Teredo-Tunneling-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/13/2014 02:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2603422
 

Error: (05/13/2014 02:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2603422
 

Error: (05/13/2014 02:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/13/2014 02:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2602203
 

Error: (05/13/2014 02:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2602203
 

Error: (05/13/2014 02:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/13/2014 02:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2601000
 

Error: (05/13/2014 02:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2601000
 

Error: (05/13/2014 02:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/13/2014 02:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2599844
 
 

System errors:

=============

Error: (05/13/2014 03:47:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 33 Mal passiert.
 

Error: (05/13/2014 02:52:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 32 Mal passiert.
 

Error: (05/13/2014 01:34:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 31 Mal passiert.
 

Error: (05/12/2014 03:48:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 30 Mal passiert.
 

Error: (05/12/2014 01:29:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 29 Mal passiert.
 

Error: (05/08/2014 10:05:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 28 Mal passiert.
 

Error: (05/08/2014 03:16:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 27 Mal passiert.
 

Error: (05/08/2014 01:21:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 26 Mal passiert.
 

Error: (05/08/2014 00:33:07 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 25 Mal passiert.
 

Error: (05/07/2014 04:31:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 24 Mal passiert.
 
 

Microsoft Office Sessions:

=========================

Error: (05/13/2014 02:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2603422
 

Error: (05/13/2014 02:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2603422
 

Error: (05/13/2014 02:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/13/2014 02:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2602203
 

Error: (05/13/2014 02:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2602203
 

Error: (05/13/2014 02:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/13/2014 02:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2601000
 

Error: (05/13/2014 02:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2601000
 

Error: (05/13/2014 02:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (05/13/2014 02:17:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2599844
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 5914.14 MB

Available physical RAM: 3554.31 MB

Total Pagefile: 6874.14 MB

Available Pagefile: 4289.28 MB

Total Virtual: 8192 MB

Available Virtual: 8191.76 MB
 

==================== Drives ================================
 

Drive c: (Windows) (Fixed) (Total:444.38 GB) (Free:391.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive e: (HARRY_POTTER_HALF_BLOOD_PRINCE) (CDROM) (Total:7.47 GB) (Free:0 GB) UDF
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 298DD091)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-05-14 13:06:35

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000037 HGST_HTS545050A7E380 rev.GG2OACA0 465,76GB

Running: Gmer-19357.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\uwloapow.sys
 
 

---- Kernel code sections - GMER 2.1 ----
 

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                                     fffff96000073e00 7 bytes [00, 77, 82, 01, 00, 57, F2]

.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                                                 fffff96000073e08 7 bytes [01, 42, C0, FF, 00, 17, DB]
 

---- User code sections - GMER 2.1 ----
 

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[9804] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                   000007f8d2c41532 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[9804] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                   000007f8d2c4153a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[9804] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                 000007f8d2c4165a 4 bytes [C4, D2, F8, 07]

.text    C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                                                                                            000007f8d2c41532 4 bytes [C4, D2, F8, 07]

.text    C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                                                                                            000007f8d2c4153a 4 bytes [C4, D2, F8, 07]

.text    C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                                                                                          000007f8d2c4165a 4 bytes [C4, D2, F8, 07]

.text    C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                  000007f8d731177a 4 bytes [31, D7, F8, 07]

.text    C:\Windows\system32\nvvsvc.exe[11968] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                  000007f8d7311782 4 bytes [31, D7, F8, 07]

.text    C:\Windows\Explorer.EXE[10476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                                         000007f8d731177a 4 bytes [31, D7, F8, 07]

.text    C:\Windows\Explorer.EXE[10476] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                                         000007f8d7311782 4 bytes [31, D7, F8, 07]

.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[10028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                            000007f8d2c41532 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[10028] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                            000007f8d2c4153a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[10028] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                          000007f8d2c4165a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                     000007f8d2c41532 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                     000007f8d2c4153a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3464] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                   000007f8d2c4165a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[12196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                                                                          000007f8d2c41532 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[12196] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                                                                          000007f8d2c4153a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[12196] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                                                                        000007f8d2c4165a 4 bytes [C4, D2, F8, 07]

.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                    000007f8d731177a 4 bytes [31, D7, F8, 07]

.text    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1344] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                    000007f8d7311782 4 bytes [31, D7, F8, 07]

.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                                                                 000007f8d731177a 4 bytes [31, D7, F8, 07]

.text    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[7908] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                                                                 000007f8d7311782 4 bytes [31, D7, F8, 07]
 

---- Threads - GMER 2.1 ----
 

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:1704]                                                                                                                                                                                           0000000001101c24

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:456]                                                                                                                                                                                            000000006526e54e

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4204]                                                                                                                                                                                           0000000063590eb8

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4208]                                                                                                                                                                                           0000000063590eb8

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4212]                                                                                                                                                                                           0000000063590eb8

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4304]                                                                                                                                                                                           000000006396319b

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4308]                                                                                                                                                                                           0000000062b78e19

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4400]                                                                                                                                                                                           0000000062af4b0d

Thread   C:\Windows\SYSTEM32\ntdll.dll [3860:4736]                                                                                                                                                                                           00000000643016dc

Thread   C:\Windows\system32\csrss.exe [3720:11220]                                                                                                                                                                                          fffff960007505e8

---- Processes - GMER 2.1 ----
 

Library  C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\fb3c48d0b572fe532f915951406516f7\System.Numerics.ni.dll (*** suspicious ***) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [3772]  0000000065f10000
 

---- Disk sectors - GMER 2.1 ----
 

Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                               unknown MBR code
 

---- EOF - GMER 2.1 ----

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014

Ran by Sonja (administrator) on LAPTOP on 15-05-2014 12:12:22

Running from C:\Users\Sonja\Desktop

Platform: Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

() C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe

() C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [lollipop_02181301] => "c:\users\sonja\appdata\local\lollipop\lollipop_02181301.exe" lollipop_02181301

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-25] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-25] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_18_erinnerung.lnk

ShortcutTarget: phase6_18_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_18\WinStart\WinStart.exe (phase6)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM-x32 - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: SaveClicker - {B13EE62C-29A6-3BF3-3FB7-0E1352BF76B2} - C:\Program Files (x86)\SaveClicker\T63WEBYk_m.dll ()

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: ResultsAlpha - {cbab673a-a480-4050-bd2b-5de24a7a0282} - C:\Program Files (x86)\ResultsAlpha\ResultsAlphabho.dll (ResultsAlpha)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: buenosearch Helper Object - {F1C81E40-2485-4DB6-8C9D-04BD596B281E} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\bh\buenosearch.dll (Montiera Technologies LTD)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - buenosearch Toolbar - {828DC97A-2277-4E10-92A9-4907FA0922A9} - C:\Program Files (x86)\buenosearch LTD\buenosearch\1.8.28.7\buenosearchTlbr.dll (Montiera Technologies LTD)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default

FF user.js: detected! => C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js

FF NewTab: hxxp://www.buenosearch.com/?babsrc=NT_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174

FF Homepage: hxxp://www.web.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF SearchPlugin: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\searchplugins\buenosearch.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Widget context - C:\Users\Sonja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-02-18]

FF Extension: SaveClicker - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\3g9.j@siek-okewg.net [2014-02-13]

FF Extension: vis - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-02-13]

FF Extension: BuenoSearch - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\ffxtlbr@buenosearch.com [2014-03-02]

FF Extension: Foxtab Speed Dial - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi [2014-03-25]

FF Extension: ResultsAlpha - C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi [2014-02-13]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-11]
 

Chrome: 

=======

CHR Extension: (SaveClicker) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib [2014-02-13]

CHR Extension: (SaveClicker) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon [2014-02-13]

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2014-02-13]

CHR Extension: (Widget context) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-02-17]

CHR HKLM-x32\...\Chrome\Extension: [acfoobbgoakpihljnfedbcfaipcdlfhk] - C:\Users\Sonja\AppData\Roaming\BabSolution\CR\bueno.crx [2014-02-17]

CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-05]
 

==================== Services (Whitelisted) =================
 

R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S2 SystemStoreService; C:\Program Files (x86)\SoftwareUpdater\SystemStore.exe [297984 2014-04-09] ()

R2 Update ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe [317728 2014-05-13] ()

R2 Util ResultsAlpha; C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe [317728 2014-05-13] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

S2 VOsrv; C:\Users\Sonja\AppData\Roaming\VOPackage\VOsrv.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-10] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140311.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2014-04-10] (Realtek Semiconductor Corporation                           )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-11] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

R1 {f727685b-ed90-4adc-8eec-8234574a91e6}Gw64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys [61120 2014-04-24] (StdLib)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-14 14:59 - 2014-05-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 13:21 - 2014-05-14 13:22 - 00297224 _____ () C:\Windows\Minidump\051414-63125-01.dmp

2014-05-14 13:06 - 2014-05-14 13:06 - 00010574 _____ () C:\Users\Sonja\Desktop\Gmer.txt

2014-05-14 12:59 - 2014-05-14 12:59 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-05-14 12:54 - 2014-05-14 12:54 - 00036535 _____ () C:\Users\Sonja\Desktop\Addition.txt

2014-05-14 12:53 - 2014-05-15 12:12 - 00022537 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-14 12:53 - 2014-05-15 12:12 - 00000000 ____D () C:\FRST

2014-05-14 12:51 - 2014-05-14 12:51 - 02066944 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-07 10:48 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-05-07 10:48 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-05-07 10:48 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-05 15:28 - 2014-04-24 12:30 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-05-05 14:55 - 2014-04-29 16:14 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-05 14:55 - 2014-04-29 14:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-05 14:55 - 2014-04-29 14:25 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-05 14:54 - 2014-04-29 14:36 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-28 11:41 - 2014-04-28 11:42 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:39 - 2014-04-28 11:43 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung
 

==================== One Month Modified Files and Folders =======
 

2014-05-15 12:12 - 2014-05-14 12:53 - 00022537 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-15 12:12 - 2014-05-14 12:53 - 00000000 ____D () C:\FRST

2014-05-15 12:09 - 2014-02-13 16:09 - 00000302 _____ () C:\Windows\Tasks\FoxTab.job

2014-05-15 12:09 - 2014-01-11 21:20 - 01767144 _____ () C:\Windows\WindowsUpdate.log

2014-05-15 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-05-15 11:53 - 2014-02-13 16:19 - 00004208 _____ () C:\Windows\System32\Tasks\Software Updater

2014-05-15 11:50 - 2014-01-11 21:25 - 00000000 ____D () C:\Users\Sonja\Documents\Youcam

2014-05-15 11:49 - 2014-01-22 21:51 - 00000000 ____D () C:\Users\Public\Documents\phase6_18_Daten

2014-05-14 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-05-14 16:25 - 2014-02-02 23:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-14 15:09 - 2014-02-13 16:09 - 00000298 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job

2014-05-14 15:01 - 2014-02-13 16:09 - 00000290 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job

2014-05-14 15:00 - 2014-02-21 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-14 14:59 - 2014-05-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-14 14:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-05-14 14:56 - 2014-01-12 23:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 14:56 - 2014-01-12 23:07 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-14 14:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 13:28 - 2013-07-22 19:32 - 00831158 _____ () C:\Windows\system32\perfh007.dat

2014-05-14 13:28 - 2013-07-22 19:32 - 00188760 _____ () C:\Windows\system32\perfc007.dat

2014-05-14 13:28 - 2012-07-26 09:28 - 01952918 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-14 13:25 - 2013-12-04 19:30 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-05-14 13:25 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-05-14 13:24 - 2013-12-04 19:31 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-14 13:24 - 2013-12-04 19:31 - 00002508 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-05-14 13:24 - 2013-12-04 19:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-05-14 13:22 - 2014-05-14 13:21 - 00297224 _____ () C:\Windows\Minidump\051414-63125-01.dmp

2014-05-14 13:21 - 2014-02-01 23:37 - 00000000 ____D () C:\Windows\Minidump

2014-05-14 13:21 - 2014-01-13 18:24 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForSonja.job

2014-05-14 13:21 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-14 13:20 - 2014-02-01 23:36 - 665766305 _____ () C:\Windows\MEMORY.DMP

2014-05-14 13:20 - 2014-01-11 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-14 13:06 - 2014-05-14 13:06 - 00010574 _____ () C:\Users\Sonja\Desktop\Gmer.txt

2014-05-14 12:59 - 2014-05-14 12:59 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-05-14 12:54 - 2014-05-14 12:54 - 00036535 _____ () C:\Users\Sonja\Desktop\Addition.txt

2014-05-14 12:51 - 2014-05-14 12:51 - 02066944 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:48 - 2014-01-11 21:20 - 00000000 ____D () C:\Users\Sonja

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-14 12:27 - 2014-02-02 23:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 14:40 - 2014-01-13 18:24 - 00003160 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSonja

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-12 11:55 - 2014-01-20 22:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-05-12 11:55 - 2014-01-20 22:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-07 11:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-29 16:14 - 2014-05-05 14:55 - 19275264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-29 14:47 - 2014-05-05 14:55 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-29 14:36 - 2014-05-05 14:54 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-29 14:25 - 2014-05-05 14:55 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-28 11:43 - 2014-04-28 11:39 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung

2014-04-28 11:42 - 2014-04-28 11:41 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:33 - 2014-02-05 09:28 - 00055808 ___SH () C:\Users\Sonja\Desktop\Thumbs.db

2014-04-24 12:30 - 2014-05-05 15:28 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-04-23 01:47 - 2014-01-14 20:36 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-04-23 01:47 - 2014-01-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-19 11:39 - 2014-05-07 10:48 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-19 10:45 - 2014-05-07 10:48 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-19 10:45 - 2014-05-07 10:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-19 08:57 - 2014-05-07 10:48 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-19 08:57 - 2014-05-07 10:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-17 11:54 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-17 11:54 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-04-17 11:51 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-17 11:49 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\COMAP.EXE

C:\Users\Sonja\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7260005.dll

C:\Users\Sonja\AppData\Local\Temp\Extract.exe

C:\Users\Sonja\AppData\Local\Temp\htmlayout.dll

C:\Users\Sonja\AppData\Local\Temp\install559389062.exe

C:\Users\Sonja\AppData\Local\Temp\SP64996.exe

C:\Users\Sonja\AppData\Local\Temp\SP64999.exe

C:\Users\Sonja\AppData\Local\Temp\SP65792.exe

C:\Users\Sonja\AppData\Local\Temp\SP65823.exe

C:\Users\Sonja\AppData\Local\Temp\toolbar559329656.exe

C:\Users\Sonja\AppData\Local\Temp\toolbar559649656.exe

C:\Users\Sonja\AppData\Local\Temp\toolbar559650156.exe

C:\Users\Sonja\AppData\Local\Temp\VuuPC.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-07 11:36
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Danke für die schnelle Antwort:)

habe alle Schritte ausgeführt, hier nun die logs die du wolltest.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 16.05.2014

Suchlauf-Zeit: 15:39:22

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.05.16.08

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 8

CPU: x64

Dateisystem: NTFS

Benutzer: Sonja
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 307011

Verstrichene Zeit: 19 Min, 0 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 2

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe, 2124, Löschen bei Neustart, [ef29e36fe398e0569c12242ee71a39c7]

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe, 2208, Löschen bei Neustart, [2aee3a18e6957eb8e2cc0b47847dc838]
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 23

PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update ResultsAlpha, In Quarantäne, [ef29e36fe398e0569c12242ee71a39c7], 

PUP.Optional.ResultsAlpha.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util ResultsAlpha, In Quarantäne, [2aee3a18e6957eb8e2cc0b47847dc838], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [f52363efe99252e44f765ffe41c120e0], 

PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [f52363efe99252e44f765ffe41c120e0], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{cbab673a-a480-4050-bd2b-5de24a7a0282}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F631E34D-23D3-4ED2-8942-631B8AAF9EA4}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, In Quarantäne, [68b0b89ae794290d411e342c11f114ec], 

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{828DC97A-2277-4E10-92A9-4907FA0922A9}, In Quarantäne, [68b0b89ae794290d411e342c11f114ec], 

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, In Quarantäne, [ea2e074b18638babd688d9873dc5c23e], 

PUP.Optional.BuenoSearch.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F1C81E40-2485-4DB6-8C9D-04BD596B281E}, In Quarantäne, [ea2e074b18638babd688d9873dc5c23e], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\ResultsAlpha, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, HKLM\SOFTWARE\WOW6432NODE\ResultsAlpha, In Quarantäne, [a7718ac8d0ab95a16d51fec2c53e45bb], 

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\acfoobbgoakpihljnfedbcfaipcdlfhk, In Quarantäne, [c454a2b00576c571ed142c8f5fa44bb5], 

PUP.Optional.BuenoSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Bueno Chrome Toolbar, In Quarantäne, [d048361c4f2c44f238bbe49d0ef4d32d], 

PUP.Optional.ResultsAlpha.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ResultsAlpha, In Quarantäne, [5eba480ae7941a1c03bc7848df24ac54], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [c454a5ad3c3fa98d6a20504bb151936d], 

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [f6221b37047785b14c4e09a88a79d52b], 
 

Registrierungswerte: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0X2O1C0R2R1R, In Quarantäne, [f6221b37047785b14c4e09a88a79d52b]
 

Registrierungsdaten: 1

Hijack.StartPage, HKU\S-1-5-21-3822750039-1062396405-2383090701-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174),Ersetzt,[ee2a89c9ccaf9f97b4c9d278d92b40c0]
 

Ordner: 4

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha, Löschen bei Neustart, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin, Löschen bei Neustart, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.BundleInstaller.A, C:\Users\Sonja\AppData\Roaming\1H1Q\Aff Packages, In Quarantäne, [0f0989c949326ec8a65d7cf7fc068878], 
 

Dateien: 86

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe, Löschen bei Neustart, [ef29e36fe398e0569c12242ee71a39c7], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe, Löschen bei Neustart, [2aee3a18e6957eb8e2cc0b47847dc838], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\ResultsAlphaBHO.dll, In Quarantäne, [23f54210abd0bc7aa29ad159d42ecf31], 

PUP.Optional.MultiPlug.A, C:\ProgramData\SaveClicker\ZXI1BWbYXJs.exe, In Quarantäne, [1afefa58b5c65adc73436ddcb74acb35], 

PUP.Optional.InstallCore.A, C:\Users\Sonja\AppData\Local\Temp\ICReinstall_nssF58A.tmp, In Quarantäne, [1cfcbd954e2d79bde9c720042dd703fd], 

PUP.Optional.InstallCore.A, C:\Users\Sonja\AppData\Local\Temp\ICReinstall_nsxBA2C.tmp, In Quarantäne, [5cbcc191304bd264c9e7889cb252857b], 

PUP.Optional.YourFileDownloader, C:\Users\Sonja\AppData\Local\Temp\install559389062.exe, In Quarantäne, [0a0e470b80fb0d29de2cfc2216eae61a], 

PUP.Optional.Amonetize, C:\Users\Sonja\AppData\Local\Temp\toolbar559329656.exe, In Quarantäne, [33e5b59d413a3600a035270dfd03f30d], 

PUP.Optional.ToolBarInstaller.A, C:\Users\Sonja\AppData\Local\Temp\toolbar559649656.exe, In Quarantäne, [a771aba7b1ca5cdae78ae935887cf907], 

PUP.Optional.BuenoSearch.A, C:\Users\Sonja\AppData\Local\Temp\~nsu.tmp\Au_.exe, In Quarantäne, [d8402c261b6093a3863fde9835ccff01], 

PUP.Optional.YourFileDownloader, C:\Users\Sonja\Downloads\Die-VÃ¶lker-1_downloader.exe, In Quarantäne, [011740120279d75f927818068a7605fb], 

PUP.Optional.BundleInstaller.A, C:\Users\Sonja\Downloads\VideoConverterSetup(1).exe, In Quarantäne, [28f03f132952999d5d63938e689c4db3], 

PUP.Optional.BundleInstaller.A, C:\Users\Sonja\Downloads\VideoConverterSetup.exe, In Quarantäne, [2deb9fb380fb8fa702beb1706e9652ae], 

PUP.Optional.BuenoSearch.A, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\searchplugins\buenosearch.xml, In Quarantäne, [fa1ea5adee8d2d0974225d33e61c7d83], 

PUP.Optional.ResultsAlpha.A, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\extensions\{f727685b-ed90-4adc-8eec-8234574a91e6}.xpi, In Quarantäne, [2deb0b475724072fce72d1c0748ebf41], 

PUP.Optional.PCPerformer.A, C:\Windows\System32\roboot64.exe, In Quarantäne, [c850a8aa710acc6a2e41ccc9f60c01ff], 

PUP.Optional.RegCleanerPro.J, C:\Windows\Tasks\RegClean Pro_UPDATES.job, In Quarantäne, [56c2da78097287af8e57f3aaef138779], 

PUP.Optional.RegCleanPro.A, C:\Windows\Tasks\RegClean Pro_DEFAULT.job, In Quarantäne, [eb2d4e04bac1181e92a5b0000df65ca4], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\ResultsAlpha.ico, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\0, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\7za.exe, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\ResultsAlphaUninstall.exe, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.InstallState, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\ResultsAlpha.BrowserFilter.Helper.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\ResultsAlpha.BrowserFilter.Helper.dll.old.72937ef6-c7ce-47ef-bf01-40d307eadc13, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\ResultsAlpha.PurBrowse64.exe, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\ResultsAlpha.PurBrowseG.zip, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\ResultsAlphaBrowserFilter.exe, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\sqlite3.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.InstallState, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.Bromon.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.BrowserAdapterS.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.BrowserFilterG.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.CompatibilityChecker.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.FFUpdate.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.IEUpdate.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.ResultsAlpha.A, C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.PurBrowseG.dll, In Quarantäne, [021676dcc2b90e28427b47790201c63a], 

PUP.Optional.BundleInstaller.A, C:\Users\Sonja\AppData\Roaming\1H1Q\Aff Packages\uninstaller.exe, In Quarantäne, [0f0989c949326ec8a65d7cf7fc068878], 

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.admin", false);), Ersetzt,[8395a9a9c9b254e24db3e791877dc53b]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.aflt", "babsst");), Ersetzt,[c8503e1490eb70c619e760180202fd03]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), Ersetzt,[ab6daaa82c4f1e18e11fbfb9a06418e8]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.autoRvrt", "false");), Ersetzt,[1cfc6ce680fb1521a45cfe7a768ede22]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.bbDpng", "16");), Ersetzt,[4eca450de79490a624dc60182fd5629e]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.cntry", "DE");), Ersetzt,[cf49ada51a61ea4cea16fd7b55afd42c]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.dfltLng", "en");), Ersetzt,[f72172e06417e353cd33cbad1aea4fb1]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.excTlbr", false);), Ersetzt,[a96fd979314ae2541be5c7b1d72df60a]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), Ersetzt,[b4641e3487f4c86e9c645c1cfb092ed2]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.hdrMd5", "6BFBE4B517883C4FD56AB2DCADA36836");), Ersetzt,[1bfd0a482952cb6bfd030a6ec0446b95]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.id", "d46af3a20000000000008056f2a9c687");), Ersetzt,[b3650b47324972c4fe0274046a9a17e9]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.instlDay", "16131");), Ersetzt,[cb4d4e04c8b3053135cb215749bb3ac6]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.instlRef", "sst");), Ersetzt,[26f2e76ba4d7d75ffa064b2de81c7f81]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");), Ersetzt,[0414e86a314ae1556d93eb8dda2a57a9]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.720:25:20");), Ersetzt,[5bbdcc86176477bfba461167bb49b34d]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.newTab", false);), Ersetzt,[e731450d4e2dfa3c18e85c1c2ed6e21e]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.prdct", "buenosearch");), Ersetzt,[42d6f260007bf343eb15e0985aaa7090]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), Ersetzt,[0e0a9db599e2e25402feb1c761a3d828]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.rvrt", "false");), Ersetzt,[50c84f031c5fc37344bc5f19df258c74]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.sg", "azb");), Ersetzt,[a5738dc598e374c214ecbabe838149b7]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.smplGrp", "none");), Ersetzt,[70a8470b0b70f34304fc403860a47b85]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");), Ersetzt,[ba5e351d02796fc74ab68bed10f4cc34]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tlbrId", "base");), Ersetzt,[7b9dc9897cff9c9a59a70d6bce369868]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");), Ersetzt,[c85075ddc3b8f145ab55572148bcce32]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), Ersetzt,[b2660a482d4ebc7ae7190e6ad33153ad]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:25:20");), Ersetzt,[28f05ef47407231323dd88f01aea57a9]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), Ersetzt,[a6724909b0cbf2444eb2e29653b18779]

PUP.Optional.BuenoSearch.A, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");), Ersetzt,[799f99b91a616dc9b849b3c4bf456c94]

PUP.Optional.BuenoSearch.A, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");), Ersetzt,[27f192c0413a3df9c140185fb351d22e]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.id", "d46af3a20000000000008056f2a9c687");), Ersetzt,[66b2272beb908fa7847b651220e4bb45]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");), Ersetzt,[04145af8b6c52e0803fce6919e663bc5]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.instlDay", "16131");), Ersetzt,[1206b0a2e7944fe76a9575020bf923dd]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsn", "1.8.28.7");), Ersetzt,[0018252d93e8ce68a6594b2cb94b12ee]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsni", "1.8.28.7");), Ersetzt,[1ff91d355e1dea4ca45b126557adcd33]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:25:20");), Ersetzt,[f226ed651665999d6f905027ac58ee12]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.prtnrId", "buenosearch");), Ersetzt,[37e1a6acbcbffc3a728d1e59fe0616ea]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.prdct", "buenosearch");), Ersetzt,[fe1a0052b0cbbd79dc23c0b75da72ad6]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.aflt", "babsst");), Ersetzt,[7a9e351da0dba88e9a653542c242857b]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.smplGrp", "none");), Ersetzt,[1107133f0576b87e22dd6a0d976def11]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.tlbrId", "base");), Ersetzt,[47d11a38017abe784db2fe79b74d728e]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.instlRef", "sst");), Ersetzt,[25f3e46eb1ca2d0952ad36411ce811ef]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.dfltLng", "en");), Ersetzt,[20f882d092e93afc659a4f2807fd4cb4]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.excTlbr", false);), Ersetzt,[5dbbf161c7b4fe38d02f473018ecb54b]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.ffxUnstlRst", true);), Ersetzt,[4bcd2b2799e2b581b04fd5a2ea1a24dc]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.admin", false);), Ersetzt,[a1779eb4e19a6bcbe916a6d18f75ea16]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.autoRvrt", "false");), Ersetzt,[50c821311c5ffc3a68972b4cc53f9e62]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.rvrt", "false");), Ersetzt,[e63284cefa8183b31ae53047c044748c]

PUP.Optional.BuenoSearch, C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js, Gut: (), Schlecht: (user_pref("extensions.buenosearch.newTab", false);), Ersetzt,[a1778ec47a01f93d6c93294e39cb8f71]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

# AdwCleaner v3.208 - Bericht erstellt am 16/05/2014 um 15:54:35

# Aktualisiert 11/05/2014 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzername : Sonja - LAPTOP

# Gestartet von : C:\Users\Sonja\Desktop\adwcleaner_3.208.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

[#] Dienst Gelöscht : SystemStoreService

[#] Dienst Gelöscht : VOsrv
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Systweak

Ordner Gelöscht : C:\ProgramData\SaveClicker

Ordner Gelöscht : C:\Program Files (x86)\SearchProtect

Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater

Ordner Gelöscht : C:\Program Files (x86)\SaveClicker

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch

Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\torch

Ordner Gelöscht : C:\Users\Sonja\AppData\Local\SoftwareUpdater

Ordner Gelöscht : C:\Users\Sonja\AppData\Local\torch

Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\1H1Q

Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\torch

Ordner Gelöscht : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\3g9.j@siek-okewg.net

Ordner Gelöscht : C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib

Ordner Gelöscht : C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib

Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon

Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon

Ordner Gelöscht : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon

Ordner Gelöscht : C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon

Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon

Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\Extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}.xpi

Datei Gelöscht : C:\END

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk

Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk

Datei Gelöscht : C:\Users\Sonja\Desktop\Continue VuuPC Installation.lnk

Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\invalidprefs.js

Datei Gelöscht : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\user.js

Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup

Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater

Datei Gelöscht : C:\Windows\Tasks\FoxTab.job

Datei Gelöscht : C:\Windows\System32\Tasks\FoxTab

Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro

Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater Ui

Datei Gelöscht : C:\Windows\System32\Tasks\Software Updater

Datei Gelöscht : C:\Windows\System32\Tasks\YourFile DownloaderUpdate
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKCU\Software\powerpack

Schlüssel Gelöscht : HKLM\Software\systweak
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ Datei : C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default\prefs.js ]
 

Zeile gelöscht : user_pref("extensions.YqRHwu7gcg6h.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sum[...]

Zeile gelöscht : user_pref("extensions.buenosearch.admin", false);

Zeile gelöscht : user_pref("extensions.buenosearch.aflt", "babsst");

Zeile gelöscht : user_pref("extensions.buenosearch.appId", "{37EB75F2-7392-4DBE-B5AD-147EC6D7BF5F}");

Zeile gelöscht : user_pref("extensions.buenosearch.autoRvrt", "false");

Zeile gelöscht : user_pref("extensions.buenosearch.bbDpng", "16");

Zeile gelöscht : user_pref("extensions.buenosearch.cntry", "DE");

Zeile gelöscht : user_pref("extensions.buenosearch.dfltLng", "en");

Zeile gelöscht : user_pref("extensions.buenosearch.excTlbr", false);

Zeile gelöscht : user_pref("extensions.buenosearch.ffxUnstlRst", true);

Zeile gelöscht : user_pref("extensions.buenosearch.hdrMd5", "6BFBE4B517883C4FD56AB2DCADA36836");

Zeile gelöscht : user_pref("extensions.buenosearch.id", "d46af3a20000000000008056f2a9c687");

Zeile gelöscht : user_pref("extensions.buenosearch.instlDay", "16131");

Zeile gelöscht : user_pref("extensions.buenosearch.instlRef", "sst");

Zeile gelöscht : user_pref("extensions.buenosearch.lastB", "hxxp://www.buenosearch.com/?babsrc=HP_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");

Zeile gelöscht : user_pref("extensions.buenosearch.lastVrsnTs", "1.8.28.720:25:20");

Zeile gelöscht : user_pref("extensions.buenosearch.newTab", false);

Zeile gelöscht : user_pref("extensions.buenosearch.prdct", "buenosearch");

Zeile gelöscht : user_pref("extensions.buenosearch.prtnrId", "buenosearch");

Zeile gelöscht : user_pref("extensions.buenosearch.rvrt", "false");

Zeile gelöscht : user_pref("extensions.buenosearch.sg", "azb");

Zeile gelöscht : user_pref("extensions.buenosearch.smplGrp", "none");

Zeile gelöscht : user_pref("extensions.buenosearch.tb_url", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");

Zeile gelöscht : user_pref("extensions.buenosearch.tlbrId", "base");

Zeile gelöscht : user_pref("extensions.buenosearch.tlbrSrchUrl", "hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=TB_ss&mntrId=D46A8056F2A9C687&affID=128235&tsp=5174");

Zeile gelöscht : user_pref("extensions.buenosearch.vrsn", "1.8.28.7");

Zeile gelöscht : user_pref("extensions.buenosearch.vrsnTs", "1.8.28.720:25:20");

Zeile gelöscht : user_pref("extensions.buenosearch.vrsni", "1.8.28.7");
 

-\\ Google Chrome v
 

[ Datei : C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 

*************************
 

AdwCleaner[R0].txt - [7324 octets] - [16/05/2014 15:53:36]

AdwCleaner[S0].txt - [7201 octets] - [16/05/2014 15:54:35]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7261 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by Sonja on 16.05.2014 at 16:02:40,96

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{995F4BA9-CC4A-41A0-B361-FA996141DF9F}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{995F4BA9-CC4A-41A0-B361-FA996141DF9F}
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Sonja\AppData\Roaming\mozilla\firefox\profiles\rl350ko8.default\minidumps [4 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 16.05.2014 at 16:10:58,00

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014

Ran by Sonja (administrator) on LAPTOP on 16-05-2014 16:16:50

Running from C:\Users\Sonja\Desktop

Platform: Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [lollipop_02181301] => "c:\users\sonja\appdata\local\lollipop\lollipop_02181301.exe" lollipop_02181301

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-25] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-25] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_18_erinnerung.lnk

ShortcutTarget: phase6_18_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_18\WinStart\WinStart.exe (phase6)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Widget context - C:\Users\Sonja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-02-18]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-11]
 

Chrome: 

=======

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib [2014-02-13]

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon [2014-02-13]

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-02-17]

CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-05]
 

==================== Services (Whitelisted) =================
 

R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-10] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140311.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2014-04-10] (Realtek Semiconductor Corporation                           )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-11] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

R1 {f727685b-ed90-4adc-8eec-8234574a91e6}Gw64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys [61120 2014-04-24] (StdLib)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-16 16:16 - 2014-05-16 16:16 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion

2014-05-16 16:10 - 2014-05-16 16:10 - 00001036 _____ () C:\Users\Sonja\Desktop\JRT.txt

2014-05-16 16:02 - 2014-05-16 16:02 - 00000000 ____D () C:\Windows\ERUNT

2014-05-16 16:00 - 2014-05-16 16:00 - 01016261 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe

2014-05-16 15:53 - 2014-05-16 15:54 - 00000000 ____D () C:\AdwCleaner

2014-05-16 15:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-16 15:49 - 2014-05-16 15:50 - 01325827 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.208.exe

2014-05-16 15:45 - 2014-05-16 15:45 - 00024037 _____ () C:\Users\Sonja\Desktop\mbam.txt

2014-05-16 15:18 - 2014-05-16 15:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 15:18 - 2014-05-16 15:18 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 15:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-16 15:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-16 15:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-16 15:14 - 2014-05-16 15:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-16 14:54 - 2014-05-16 14:54 - 00001275 _____ () C:\Users\Sonja\Desktop\Revo Uninstaller.lnk

2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-16 14:53 - 2014-05-16 14:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonja\Downloads\revosetup95.exe

2014-05-14 14:59 - 2014-05-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 13:21 - 2014-05-14 13:22 - 00297224 _____ () C:\Windows\Minidump\051414-63125-01.dmp

2014-05-14 13:06 - 2014-05-14 13:06 - 00010574 _____ () C:\Users\Sonja\Desktop\Gmer.txt

2014-05-14 12:59 - 2014-05-14 12:59 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-05-14 12:54 - 2014-05-14 12:54 - 00036535 _____ () C:\Users\Sonja\Desktop\Addition.txt

2014-05-14 12:53 - 2014-05-16 16:16 - 00018844 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-14 12:53 - 2014-05-16 16:16 - 00000000 ____D () C:\FRST

2014-05-14 12:51 - 2014-05-16 16:16 - 02067456 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-14 12:34 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 12:34 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-14 12:33 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 12:33 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 12:33 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll

2014-05-14 12:33 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-05-14 12:33 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 12:33 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 12:33 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-05-14 12:33 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-05-14 12:33 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-05-14 12:33 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll

2014-05-14 12:33 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-05-14 12:33 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-05-14 12:33 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 12:33 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 12:33 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-05-14 12:33 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-05-14 12:33 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-05-14 12:33 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 12:33 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 12:33 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-05-14 12:33 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-05-14 12:33 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-05-14 12:32 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 12:32 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 12:32 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-14 12:32 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 12:32 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-14 12:32 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-14 12:32 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2014-05-14 12:28 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-05-14 12:28 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll

2014-05-14 12:28 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll

2014-05-14 12:28 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-05-14 12:28 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-05-14 12:28 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2014-05-14 12:28 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2014-05-14 12:28 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2014-05-14 12:28 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-07 10:48 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-05-07 10:48 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-05-07 10:48 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-05 15:28 - 2014-04-24 12:30 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-04-28 11:41 - 2014-04-28 11:42 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:39 - 2014-04-28 11:43 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung
 

==================== One Month Modified Files and Folders =======
 

2014-05-16 16:17 - 2014-05-14 12:53 - 00018844 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-16 16:16 - 2014-05-16 16:16 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion

2014-05-16 16:16 - 2014-05-14 12:53 - 00000000 ____D () C:\FRST

2014-05-16 16:16 - 2014-05-14 12:51 - 02067456 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-16 16:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-05-16 16:10 - 2014-05-16 16:10 - 00001036 _____ () C:\Users\Sonja\Desktop\JRT.txt

2014-05-16 16:02 - 2014-05-16 16:02 - 00000000 ____D () C:\Windows\ERUNT

2014-05-16 16:02 - 2013-07-22 19:32 - 00831158 _____ () C:\Windows\system32\perfh007.dat

2014-05-16 16:02 - 2013-07-22 19:32 - 00188760 _____ () C:\Windows\system32\perfc007.dat

2014-05-16 16:02 - 2012-07-26 09:28 - 01952918 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-16 16:00 - 2014-05-16 16:00 - 01016261 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe

2014-05-16 15:57 - 2014-01-11 21:25 - 00000000 ____D () C:\Users\Sonja\Documents\Youcam

2014-05-16 15:56 - 2014-01-22 21:51 - 00000000 ____D () C:\Users\Public\Documents\phase6_18_Daten

2014-05-16 15:55 - 2012-08-04 00:23 - 00141518 _____ () C:\Windows\PFRO.log

2014-05-16 15:55 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-16 15:54 - 2014-05-16 15:53 - 00000000 ____D () C:\AdwCleaner

2014-05-16 15:50 - 2014-05-16 15:49 - 01325827 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.208.exe

2014-05-16 15:45 - 2014-05-16 15:45 - 00024037 _____ () C:\Users\Sonja\Desktop\mbam.txt

2014-05-16 15:42 - 2014-05-16 15:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 15:40 - 2014-01-13 18:24 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForSonja.job

2014-05-16 15:40 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-05-16 15:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\TAPI

2014-05-16 15:25 - 2014-02-02 23:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-16 15:18 - 2014-05-16 15:18 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 15:17 - 2014-05-16 15:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-16 15:09 - 2014-02-13 16:22 - 00000000 ____D () C:\ProgramData\6c4825cf40a8ac2e

2014-05-16 14:54 - 2014-05-16 14:54 - 00001275 _____ () C:\Users\Sonja\Desktop\Revo Uninstaller.lnk

2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-16 14:54 - 2014-05-16 14:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonja\Downloads\revosetup95.exe

2014-05-16 14:40 - 2014-01-13 18:24 - 00003160 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSonja

2014-05-16 14:40 - 2014-01-11 21:20 - 00000000 ____D () C:\Users\Sonja

2014-05-16 14:28 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-16 14:28 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-15 17:00 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-05-15 17:00 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-15 17:00 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-15 16:59 - 2014-01-11 21:20 - 01791925 _____ () C:\Windows\WindowsUpdate.log

2014-05-15 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates

2014-05-15 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-05-15 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-05-14 16:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-05-14 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-05-14 15:00 - 2014-02-21 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-14 14:59 - 2014-05-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-14 14:58 - 2014-01-12 23:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 14:56 - 2014-01-12 23:07 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-14 14:56 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 13:25 - 2013-12-04 19:30 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-05-14 13:25 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-05-14 13:24 - 2013-12-04 19:31 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-14 13:24 - 2013-12-04 19:31 - 00002508 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-05-14 13:24 - 2013-12-04 19:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-05-14 13:22 - 2014-05-14 13:21 - 00297224 _____ () C:\Windows\Minidump\051414-63125-01.dmp

2014-05-14 13:21 - 2014-02-01 23:37 - 00000000 ____D () C:\Windows\Minidump

2014-05-14 13:20 - 2014-02-01 23:36 - 665766305 _____ () C:\Windows\MEMORY.DMP

2014-05-14 13:20 - 2014-01-11 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-14 13:06 - 2014-05-14 13:06 - 00010574 _____ () C:\Users\Sonja\Desktop\Gmer.txt

2014-05-14 12:59 - 2014-05-14 12:59 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-05-14 12:54 - 2014-05-14 12:54 - 00036535 _____ () C:\Users\Sonja\Desktop\Addition.txt

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-14 12:27 - 2014-02-02 23:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-12 11:55 - 2014-01-20 22:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-05-12 11:55 - 2014-01-20 22:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-07 11:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-05-06 07:14 - 2014-05-14 12:32 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 07:14 - 2014-05-14 12:32 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-06 05:48 - 2014-05-14 12:32 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-06 05:48 - 2014-05-14 12:32 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-06 05:37 - 2014-05-14 12:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 05:26 - 2014-05-14 12:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-01 22:37 - 2014-01-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-01 22:37 - 2014-01-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-28 11:43 - 2014-04-28 11:39 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung

2014-04-28 11:42 - 2014-04-28 11:41 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:33 - 2014-02-05 09:28 - 00055808 ___SH () C:\Users\Sonja\Desktop\Thumbs.db

2014-04-24 12:30 - 2014-05-05 15:28 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-04-19 11:39 - 2014-05-07 10:48 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-19 10:45 - 2014-05-07 10:48 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-19 10:45 - 2014-05-07 10:48 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-19 08:57 - 2014-05-07 10:48 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-19 08:57 - 2014-05-07 10:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\38686uninstall.exe

C:\Users\Sonja\AppData\Local\Temp\77595uninstall.exe

C:\Users\Sonja\AppData\Local\Temp\COMAP.EXE

C:\Users\Sonja\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7260005.dll

C:\Users\Sonja\AppData\Local\Temp\Extract.exe

C:\Users\Sonja\AppData\Local\Temp\htmlayout.dll

C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe

C:\Users\Sonja\AppData\Local\Temp\SP64996.exe

C:\Users\Sonja\AppData\Local\Temp\SP64999.exe

C:\Users\Sonja\AppData\Local\Temp\SP65792.exe

C:\Users\Sonja\AppData\Local\Temp\SP65823.exe

C:\Users\Sonja\AppData\Local\Temp\Sqlite3.dll

C:\Users\Sonja\AppData\Local\Temp\toolbar559650156.exe

C:\Users\Sonja\AppData\Local\Temp\VuuPC.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe

[2014-05-14 12:33] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
 

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-07 11:36
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Hallo:)

tut mir Leid, dass ich erst so spät antworte.
Meine Probleme haben sich seit den letzten Aktionen so gut wie in Luft aufgelöst. Nur ganz selten öffnet sich noch ein Tab mit Werbung von Mozilla Firefox. Ich denke das ist ja normal.
Vielen Vielen Dank dafür schonmal:)

Ich habe trotzdem die Schritte aus der letzten Antwort befolgt. Hier die Logs.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=0e3baa0bfe247049a81ee74934857b0f

# engine=18417

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-05-26 06:17:19

# local_time=2014-05-26 08:17:19 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode=3591 16777213 100 91 1061531 163724824 0 0

# compatibility_mode=5893 16776574 100 94 962243 26612524 0 0

# scanned=203848

# found=7

# cleaned=0

# scan_time=18680

sh=6F3A3B433459E6773C9FBE8CFB154DB6534EFA86 ft=1 fh=60bff0ff01dbe663 vn="Variante von Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\VideoConverter\VideoConverter.exe"

sh=1D4584FC8449D410A5D7F54D38F204EF4AE43E49 ft=1 fh=ec6fac8a1d97060f vn="Win32/OutBrowse.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Temp\toolbar559650156.exe"

sh=44ED55CB1079D34027CB77CD62248064FF5A0A09 ft=1 fh=3916453e74289c7d vn="Win32/VOPackage.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Temp\VuuPC.exe"

sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Temp\1919562.Uninstall\uninstaller.exe"

sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Temp\1994187.Uninstall\uninstaller.exe"

sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\AppData\Local\Temp\is45637729\29567231_stp\wajam_validate.exe"

sh=D015F1450F673BC0472BC4086E132254FBF6215A ft=1 fh=af597ff293a5b84c vn="MSIL/DownloadGuide.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sonja\Downloads\tubebox_4.4_de-DE.exe"

Code:

 Results of screen317's Security Check version 0.99.83  

   x64 (UAC is enabled)  

 Internet Explorer 10 Out of date! 
 ``````````````Antivirus/Firewall Check:`````````````` 

Windows Defender           

Norton Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 Spybot - Search & Destroy 

 Adobe Flash Player         13.0.0.214  

 Mozilla Firefox (29.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Spybot Teatimer.exe is disabled! 
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02

Ran by Sonja (administrator) on LAPTOP on 27-05-2014 11:00:55

Running from C:\Users\Sonja\Desktop

Platform: Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)

HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-13] (Hewlett-Packard)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [lollipop_02181301] => "c:\users\sonja\appdata\local\lollipop\lollipop_02181301.exe" lollipop_02181301

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1713416 2013-08-05] (CyberLink Corp.)

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)

AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-25] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-05-25] (NVIDIA Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe (McAfee, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase6_18_erinnerung.lnk

ShortcutTarget: phase6_18_erinnerung.lnk -> C:\Program Files (x86)\phase6\phase6_18\WinStart\WinStart.exe (phase6)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/4

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/4

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS

SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\Sonja\AppData\Roaming\Mozilla\Firefox\Profiles\rl350ko8.default

FF Homepage: web.de

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Widget context - C:\Users\Sonja\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-02-18]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2014-01-11]
 

Chrome: 

=======

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\adlkedknnlogbhknnnaclbilhjpehhib [2014-02-13]

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\dblbmminjbfkkjjgcclnhejdhkajjjon [2014-02-13]

CHR Extension: (No Name) - C:\Users\Sonja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2014-02-17]

CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-05]
 

==================== Services (Whitelisted) =================
 

R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)

R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-08] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)

R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-10] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-10] (Symantec Corporation)

R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140311.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)

R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140312.001\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)

U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2014-04-10] (Realtek Semiconductor Corporation                           )

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)

R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)

R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)

R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)

S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-11] (Symantec Corporation)

R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)

R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)

R1 {f727685b-ed90-4adc-8eec-8234574a91e6}Gw64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys [61120 2014-04-24] (StdLib)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-27 11:00 - 2014-05-27 11:00 - 00018868 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-27 10:59 - 2014-05-27 10:59 - 00000857 _____ () C:\Users\Sonja\Desktop\checkup.txt

2014-05-27 10:55 - 2014-05-27 10:56 - 00854367 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe

2014-05-27 10:53 - 2014-05-27 10:53 - 00000000 ____D () C:\Users\Sonja\Desktop\collage

2014-05-26 23:03 - 2014-05-26 23:03 - 00000000 ____D () C:\Users\Sonja\Documents\Avatar

2014-05-26 14:55 - 2014-05-26 14:55 - 02347384 _____ (ESET) C:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe

2014-05-23 12:58 - 2014-05-23 12:58 - 00014336 ___SH () C:\Users\Sonja\Downloads\Thumbs.db

2014-05-23 12:57 - 2014-05-23 12:57 - 00275968 _____ () C:\Users\Sonja\Desktop\Wahlhelferbelehrung.ppt

2014-05-16 16:16 - 2014-05-27 11:00 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion

2014-05-16 16:10 - 2014-05-16 16:10 - 00001036 _____ () C:\Users\Sonja\Desktop\JRT.txt

2014-05-16 16:02 - 2014-05-16 16:02 - 00000000 ____D () C:\Windows\ERUNT

2014-05-16 16:00 - 2014-05-16 16:00 - 01016261 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe

2014-05-16 15:53 - 2014-05-16 15:54 - 00000000 ____D () C:\AdwCleaner

2014-05-16 15:53 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-05-16 15:49 - 2014-05-16 15:50 - 01325827 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.208.exe

2014-05-16 15:45 - 2014-05-16 15:45 - 00024037 _____ () C:\Users\Sonja\Desktop\mbam.txt

2014-05-16 15:18 - 2014-05-16 15:42 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 15:18 - 2014-05-16 15:18 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 15:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-16 15:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-16 15:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-16 15:14 - 2014-05-16 15:17 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-16 14:54 - 2014-05-16 14:54 - 00001275 _____ () C:\Users\Sonja\Desktop\Revo Uninstaller.lnk

2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-16 14:53 - 2014-05-16 14:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonja\Downloads\revosetup95.exe

2014-05-14 14:59 - 2014-05-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 13:21 - 2014-05-14 13:22 - 00297224 _____ () C:\Windows\Minidump\051414-63125-01.dmp

2014-05-14 13:06 - 2014-05-14 13:06 - 00010574 _____ () C:\Users\Sonja\Desktop\Gmer.txt

2014-05-14 12:59 - 2014-05-14 12:59 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-05-14 12:54 - 2014-05-14 12:54 - 00036535 _____ () C:\Users\Sonja\Desktop\Addition.txt

2014-05-14 12:53 - 2014-05-27 11:00 - 00000000 ____D () C:\FRST

2014-05-14 12:51 - 2014-05-27 11:00 - 02066944 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-14 12:34 - 2014-03-28 10:23 - 19759104 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-14 12:34 - 2014-03-28 08:18 - 17562112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-05-14 12:33 - 2014-04-12 11:27 - 00172888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-05-14 12:33 - 2014-04-12 11:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-05-14 12:33 - 2014-04-12 11:09 - 01043968 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll

2014-05-14 12:33 - 2014-04-12 11:09 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll

2014-05-14 12:33 - 2014-04-12 11:09 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2014-05-14 12:33 - 2014-04-12 11:09 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 00827904 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll

2014-05-14 12:33 - 2014-04-12 11:08 - 00318464 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2014-05-14 12:33 - 2014-04-12 11:07 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00961536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00178688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2014-05-14 12:33 - 2014-04-12 09:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-05-14 12:33 - 2014-04-12 09:22 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-05-14 12:33 - 2014-04-12 09:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-05-14 12:33 - 2014-04-12 08:58 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll

2014-05-14 12:33 - 2014-03-28 21:19 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-05-14 12:33 - 2014-03-24 00:11 - 00269592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-05-14 12:33 - 2014-03-11 05:32 - 06987096 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-05-14 12:33 - 2014-03-11 05:25 - 00100184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2014-05-14 12:33 - 2014-03-11 02:41 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll

2014-05-14 12:33 - 2014-03-11 02:41 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-05-14 12:33 - 2014-03-11 02:41 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll

2014-05-14 12:33 - 2014-03-11 02:39 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2014-05-14 12:33 - 2014-03-11 02:38 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00684032 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00179712 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll

2014-05-14 12:33 - 2014-03-11 02:38 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2014-05-14 12:33 - 2014-03-10 05:05 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-05-14 12:33 - 2014-03-10 03:27 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2014-05-14 12:33 - 2014-03-04 01:07 - 00570216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-05-14 12:32 - 2014-05-06 07:14 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-14 12:32 - 2014-05-06 07:14 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-14 12:32 - 2014-05-06 05:48 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-14 12:32 - 2014-05-06 05:48 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-14 12:32 - 2014-05-06 05:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-14 12:32 - 2014-05-06 05:26 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-14 12:32 - 2014-03-28 10:23 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll

2014-05-14 12:28 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-05-14 12:28 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll

2014-05-14 12:28 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll

2014-05-14 12:28 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-05-14 12:28 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2014-05-14 12:28 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2014-05-14 12:28 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2014-05-14 12:28 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2014-05-14 12:28 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-07 10:48 - 2014-04-19 11:39 - 00628024 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-05-07 10:48 - 2014-04-19 10:45 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-05-07 10:48 - 2014-04-19 10:45 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-05-07 10:48 - 2014-04-19 08:57 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-05-05 15:28 - 2014-04-24 12:30 - 00061120 _____ (StdLib) C:\Windows\system32\Drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

2014-04-28 11:41 - 2014-04-28 11:42 - 00000000 ____D () C:\Users\Sonja\Desktop\FH

2014-04-28 11:39 - 2014-04-28 11:43 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung
 

==================== One Month Modified Files and Folders =======
 

2014-05-27 11:01 - 2014-05-27 11:00 - 00018868 _____ () C:\Users\Sonja\Desktop\FRST.txt

2014-05-27 11:00 - 2014-05-16 16:16 - 00000000 ____D () C:\Users\Sonja\Desktop\FRST-OlderVersion

2014-05-27 11:00 - 2014-05-14 12:53 - 00000000 ____D () C:\FRST

2014-05-27 11:00 - 2014-05-14 12:51 - 02066944 _____ (Farbar) C:\Users\Sonja\Desktop\FRST64.exe

2014-05-27 11:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-05-27 10:59 - 2014-05-27 10:59 - 00000857 _____ () C:\Users\Sonja\Desktop\checkup.txt

2014-05-27 10:56 - 2014-05-27 10:55 - 00854367 _____ () C:\Users\Sonja\Desktop\SecurityCheck.exe

2014-05-27 10:53 - 2014-05-27 10:53 - 00000000 ____D () C:\Users\Sonja\Desktop\collage

2014-05-27 10:51 - 2013-07-22 19:32 - 00831158 _____ () C:\Windows\system32\perfh007.dat

2014-05-27 10:51 - 2013-07-22 19:32 - 00188760 _____ () C:\Windows\system32\perfc007.dat

2014-05-27 10:51 - 2012-07-26 09:28 - 01952918 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-05-27 10:47 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-05-27 10:45 - 2014-01-22 21:51 - 00000000 ____D () C:\Users\Public\Documents\phase6_18_Daten

2014-05-27 10:45 - 2014-01-11 21:25 - 00000000 ____D () C:\Users\Sonja\Documents\Youcam

2014-05-27 10:44 - 2014-01-13 18:24 - 00000346 _____ () C:\Windows\Tasks\HPCeeScheduleForSonja.job

2014-05-27 10:44 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-26 23:14 - 2014-01-11 21:20 - 01083494 _____ () C:\Windows\WindowsUpdate.log

2014-05-26 23:03 - 2014-05-26 23:03 - 00000000 ____D () C:\Users\Sonja\Documents\Avatar

2014-05-26 21:25 - 2014-02-02 23:51 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-26 14:55 - 2014-05-26 14:55 - 02347384 _____ (ESET) C:\Users\Sonja\Downloads\esetsmartinstaller_deu.exe

2014-05-26 14:40 - 2014-01-13 18:24 - 00003160 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForSonja

2014-05-26 14:40 - 2014-01-11 21:20 - 00000000 ____D () C:\Users\Sonja

2014-05-26 14:20 - 2014-01-20 22:18 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-05-26 14:20 - 2014-01-20 22:18 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-24 19:03 - 2012-07-26 09:21 - 00040485 _____ () C:\Windows\setupact.log

2014-05-23 12:58 - 2014-05-23 12:58 - 00014336 ___SH () C:\Users\Sonja\Downloads\Thumbs.db

2014-05-23 12:57 - 2014-05-23 12:57 - 00275968 _____ () C:\Users\Sonja\Desktop\Wahlhelferbelehrung.ppt

2014-05-23 12:31 - 2014-01-17 19:46 - 00000985 _____ () C:\Users\Sonja\Desktop\Sweet Home 3D.lnk

2014-05-23 12:30 - 2014-02-05 09:28 - 00067584 ___SH () C:\Users\Sonja\Desktop\Thumbs.db

2014-05-16 16:10 - 2014-05-16 16:10 - 00001036 _____ () C:\Users\Sonja\Desktop\JRT.txt

2014-05-16 16:02 - 2014-05-16 16:02 - 00000000 ____D () C:\Windows\ERUNT

2014-05-16 16:00 - 2014-05-16 16:00 - 01016261 _____ (Thisisu) C:\Users\Sonja\Desktop\JRT.exe

2014-05-16 15:55 - 2012-08-04 00:23 - 00141518 _____ () C:\Windows\PFRO.log

2014-05-16 15:54 - 2014-05-16 15:53 - 00000000 ____D () C:\AdwCleaner

2014-05-16 15:50 - 2014-05-16 15:49 - 01325827 _____ () C:\Users\Sonja\Desktop\adwcleaner_3.208.exe

2014-05-16 15:45 - 2014-05-16 15:45 - 00024037 _____ () C:\Users\Sonja\Desktop\mbam.txt

2014-05-16 15:42 - 2014-05-16 15:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-16 15:40 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\TAPI

2014-05-16 15:40 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-05-16 15:18 - 2014-05-16 15:18 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-16 15:18 - 2014-05-16 15:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 15:17 - 2014-05-16 15:14 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Sonja\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-16 15:09 - 2014-02-13 16:22 - 00000000 ____D () C:\ProgramData\6c4825cf40a8ac2e

2014-05-16 14:54 - 2014-05-16 14:54 - 00001275 _____ () C:\Users\Sonja\Desktop\Revo Uninstaller.lnk

2014-05-16 14:54 - 2014-05-16 14:54 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2014-05-16 14:54 - 2014-05-16 14:53 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sonja\Downloads\revosetup95.exe

2014-05-16 14:28 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-16 14:28 - 2014-01-11 21:24 - 00000000 ___RD () C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-16 14:26 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-05-15 17:00 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-05-15 17:00 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-15 17:00 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-05-15 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates

2014-05-15 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-05-15 16:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-05-14 16:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-05-14 16:31 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-05-14 15:00 - 2014-02-21 21:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-05-14 14:59 - 2014-05-14 14:59 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER

2014-05-14 14:58 - 2014-01-12 23:08 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-14 14:56 - 2014-01-12 23:07 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-05-14 13:30 - 2014-05-14 13:30 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security

2014-05-14 13:25 - 2013-12-04 19:30 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64

2014-05-14 13:24 - 2013-12-04 19:31 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration

2014-05-14 13:24 - 2013-12-04 19:31 - 00002508 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk

2014-05-14 13:24 - 2013-12-04 19:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security

2014-05-14 13:22 - 2014-05-14 13:21 - 00297224 _____ () C:\Windows\Minidump\051414-63125-01.dmp

2014-05-14 13:21 - 2014-02-01 23:37 - 00000000 ____D () C:\Windows\Minidump

2014-05-14 13:20 - 2014-02-01 23:36 - 665766305 _____ () C:\Windows\MEMORY.DMP

2014-05-14 13:20 - 2014-01-11 21:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-05-14 13:06 - 2014-05-14 13:06 - 00010574 _____ () C:\Users\Sonja\Desktop\Gmer.txt

2014-05-14 12:59 - 2014-05-14 12:59 - 00380416 _____ () C:\Users\Sonja\Desktop\Gmer-19357.exe

2014-05-14 12:54 - 2014-05-14 12:54 - 00036535 _____ () C:\Users\Sonja\Desktop\Addition.txt

2014-05-14 12:48 - 2014-05-14 12:48 - 00000472 _____ () C:\Users\Sonja\Desktop\defogger_disable.log

2014-05-14 12:48 - 2014-05-14 12:48 - 00000000 _____ () C:\Users\Sonja\defogger_reenable

2014-05-14 12:46 - 2014-05-14 12:46 - 00050477 _____ () C:\Users\Sonja\Desktop\Defogger.exe

2014-05-14 12:27 - 2014-02-02 23:51 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-05-12 13:07 - 2014-05-12 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-05-07 11:36 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-05-06 07:14 - 2014-05-14 12:32 - 19274752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 07:14 - 2014-05-14 12:32 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-06 05:48 - 2014-05-14 12:32 - 14367232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-05-06 05:48 - 2014-05-14 12:32 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-05-06 05:37 - 2014-05-14 12:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 05:26 - 2014-05-14 12:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-05-01 22:37 - 2014-01-14 20:36 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-05-01 22:37 - 2014-01-14 20:36 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-04-28 11:43 - 2014-04-28 11:39 - 00000000 ____D () C:\Users\Sonja\Desktop\Wohnung

2014-04-28 11:42 - 2014-04-28 11:41 - 00000000 ____D () C:\Users\Sonja\Desktop\FH
 

Some content of TEMP:

====================

C:\Users\Sonja\AppData\Local\Temp\38686uninstall.exe

C:\Users\Sonja\AppData\Local\Temp\77595uninstall.exe

C:\Users\Sonja\AppData\Local\Temp\COMAP.EXE

C:\Users\Sonja\AppData\Local\Temp\drm_dialogs.dll

C:\Users\Sonja\AppData\Local\Temp\drm_dyndata_7260005.dll

C:\Users\Sonja\AppData\Local\Temp\Extract.exe

C:\Users\Sonja\AppData\Local\Temp\htmlayout.dll

C:\Users\Sonja\AppData\Local\Temp\Quarantine.exe

C:\Users\Sonja\AppData\Local\Temp\SP64996.exe

C:\Users\Sonja\AppData\Local\Temp\SP64999.exe

C:\Users\Sonja\AppData\Local\Temp\SP65792.exe

C:\Users\Sonja\AppData\Local\Temp\SP65823.exe

C:\Users\Sonja\AppData\Local\Temp\Sqlite3.dll

C:\Users\Sonja\AppData\Local\Temp\toolbar559650156.exe

C:\Users\Sonja\AppData\Local\Temp\VuuPC.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe

[2014-05-14 12:33] - [2014-04-12 11:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B
 

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-19 12:55
 

==================== End Of Log ============================

--- --- ---

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\S-1-5-21-3822750039-1062396405-2383090701-1002\...\Run: [lollipop_02181301] => "c:\users\sonja\appdata\local\lollipop\lollipop_02181301.exe" lollipop_02181301

c:\users\sonja\appdata\local\lollipop

R1 {f727685b-ed90-4adc-8eec-8234574a91e6}Gw64; C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys [61120 2014-04-24] (StdLib)

C:\Windows\System32\drivers\{f727685b-ed90-4adc-8eec-8234574a91e6}Gw64.sys

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.