Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: Webseiten öffnen immer neue Werbung (https://www.trojaner-board.de/161909-windows-8-webseiten-oeffnen-immer-neue-werbung.html)

Pingpong12 16.12.2014 17:52
Windows 8: Webseiten öffnen immer neue Werbung
 
Hallo,

egal welchen Browser ich nutze es öffnen sich andauernd Fenster mit Werbung. Ich habe bereits versucht die Add-Ons "Iminent WebBooster (BHO)" zu löschen aber das ist nicht möglich. Falls es daran überhaupt liegt..

Danke schon mal im Vorraus

Ich hoffe ich habe bis jetzt alles richtig gemacht.

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:37 on 16/12/2014 (Stefanmüller)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by ***** (administrator) on STEFAN on 16-12-2014 17:15:00
Running from C:\Users\*****\Desktop
Loaded Profile: ***** (Available profiles: *****)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Iminent) C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe
() C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe
() C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe
() C:\Program Files (x86)\EnterDigital\bin\EnterDigital.expext.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-27] (Google Inc.)
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Run: [BRS] => C:\Program Files (x86)\WSE_Astromenda\BRS\brs.exe -runBRS
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\RunOnce: [Adobe Speed Launcher] => 1418736613
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Policies\Explorer: [NofolderOptions] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
URLSearchHook: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=
SearchScopes: HKLM -> {BAEBB160-B1FD-4295-9002-C014ECA98720} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {BAEBB160-B1FD-4295-9002-C014ECA98720} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=
SearchScopes: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=
SearchScopes: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> {BAEBB160-B1FD-4295-9002-C014ECA98720} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll (SIEN)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: EnterDigital 1.0.0.5 -> {91b8f7a9-1558-40b3-b1e9-824ae5a2089f} -> C:\Program Files (x86)\EnterDigital\EnterDigitalBHO.dll No File
BHO-x32: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx86.dll (SIEN)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-12-13]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-25]

Chrome:
=======
CHR HomePage: Default -> hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir="
CHR DefaultSearchKeyword: Default -> astromenda.com
CHR DefaultSearchURL: Default -> hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24]
CHR Extension: (Google Drive) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]
CHR Extension: (YouTube) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google-Suche) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (EnterDigital) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbicpopjaaipnhconhlfmbkjbcfdhkkl [2014-12-11]
CHR Extension: (Norton Identity Safe) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-26]
CHR Extension: (Norton Security Toolbar) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-26]
CHR Extension: (Google Wallet) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]
CHR Extension: (Google Mail) - C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]
CHR HKLM\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - "C:\Program Files (x86)\Iminent\Iminent.crx" [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [pfkfdlcdbajamklbneflfbcmfgddmpae] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [3550880 2014-11-06] (Iminent)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
R2 Update EnterDigital; C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe [523504 2014-12-16] ()
R2 Util EnterDigital; C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe [523504 2014-12-16] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S4 WinkHandler; C:\Program Files (x86)\Iminent\WinkHandler.exe [425792 2014-01-07] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141212.002\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141215.016\ENG64.SYS [129752 2014-08-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141215.016\EX64.SYS [2137304 2014-08-25] (Symantec Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 {70ed362e-6c2f-4f13-9f05-a5b35ff4be55}Gw64; C:\Windows\System32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}Gw64.sys [48784 2014-12-12] (StdLib)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 17:15 - 2014-12-16 17:15 - 00024210 _____ () C:\Users\*****\Desktop\FRST.txt
2014-12-16 17:14 - 2014-12-16 17:15 - 00000000 ____D () C:\FRST
2014-12-16 17:12 - 2014-12-16 17:13 - 02119168 _____ (Farbar) C:\Users\*****\Desktop\FRST64.exe
2014-12-16 17:07 - 2014-12-16 17:08 - 00000000 ____D () C:\Users\*****\Desktop\Virus entfernen
2014-12-16 17:07 - 2014-12-16 17:07 - 00042557 _____ () C:\Users\*****\Documents\Firma Weinachten.odt
2014-12-16 17:05 - 2014-12-16 17:08 - 00000486 _____ () C:\Users\*****\Downloads\defogger_disable.log
2014-12-16 17:05 - 2014-12-16 17:05 - 00000000 _____ () C:\Users\*****\defogger_reenable
2014-12-16 14:48 - 2014-12-12 19:25 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}Gw64.sys
2014-12-16 14:28 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 14:28 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 18:42 - 2014-12-11 18:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-11 18:42 - 2014-12-11 18:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-11 18:42 - 2014-12-11 18:42 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-11 18:42 - 2014-12-11 18:42 - 00001398 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-11 18:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-11 18:41 - 2014-12-11 18:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\*****\Downloads\spybot-2.4.exe
2014-12-10 20:46 - 2014-12-10 20:46 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 15:37 - 2014-12-10 15:37 - 00014239 _____ () C:\Users\*****\Documents\Steckbrief Corvin.odt
2014-12-10 10:35 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 10:35 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 10:35 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 10:35 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 10:35 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 10:35 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 10:35 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 10:35 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 10:35 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 10:35 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 10:34 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 10:34 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 10:34 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 10:34 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 10:34 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 10:34 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 10:34 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 10:34 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 10:34 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 10:34 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 10:34 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 10:34 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 10:34 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 10:34 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 10:34 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 10:34 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 10:34 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 10:34 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 10:34 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 10:34 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 10:34 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 10:34 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 10:34 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 10:34 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 10:34 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 10:34 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 10:34 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 10:34 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 10:34 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 10:34 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 10:34 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 10:34 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 10:34 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 10:34 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 10:34 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 10:34 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 10:34 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 10:34 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 10:34 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 10:34 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 10:34 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 10:34 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 10:34 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-02 12:22 - 2014-12-02 12:22 - 00022528 _____ () C:\Users\*****\AppData\Local\dsisetup13030622.exe
2014-11-22 14:22 - 2014-11-22 14:22 - 00022528 _____ () C:\Users\*****\AppData\Local\dsisetup1500795462.exe
2014-11-20 16:45 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-20 16:45 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-20 16:44 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-20 16:44 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-16 20:21 - 2014-11-16 20:21 - 00000000 _____ () C:\Users\*****\Downloads\fabia-neu
2014-11-16 20:19 - 2014-11-16 20:19 - 00000000 __SHD () C:\Users\*****\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 17:14 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-12-16 17:05 - 2014-10-24 14:45 - 00000000 ____D () C:\Users\*****
2014-12-16 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-16 16:58 - 2014-09-24 07:17 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-16 16:58 - 2014-09-24 06:43 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-16 16:58 - 2014-09-24 06:43 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-16 16:36 - 2014-10-30 18:22 - 00000000 ____D () C:\Program Files (x86)\EnterDigital
2014-12-16 16:25 - 2014-10-24 14:39 - 01516979 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-16 16:22 - 2014-10-30 18:22 - 00000326 _____ () C:\WINDOWS\Tasks\WSE_Astromenda.job
2014-12-16 15:22 - 2014-10-30 19:22 - 00000195 _____ () C:\Users\*****\AppData\Roaming\WB.CFG
2014-12-16 14:45 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-16 14:41 - 2014-01-24 11:57 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-16 14:31 - 2014-10-24 16:27 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AF791F30-4CDE-49B2-B9DA-ABE6E5526993}
2014-12-16 14:29 - 2014-07-30 15:01 - 00000368 _____ () C:\WINDOWS\Tasks\dsmonitor.job
2014-12-16 14:29 - 2014-06-01 19:56 - 00000374 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor*****.job
2014-12-16 14:29 - 2014-01-24 11:57 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 10:21 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-14 16:55 - 2014-01-24 11:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3410860848-147556402-1147503670-1001
2014-12-13 18:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-13 16:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-13 14:50 - 2014-01-24 14:13 - 00000000 ____D () C:\Users\*****\Documents\Fax
2014-12-13 13:38 - 2014-02-01 14:51 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-12-13 13:38 - 2014-02-01 14:51 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-12 18:42 - 2014-01-24 11:58 - 00002202 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 13:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 22:16 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-10 22:13 - 2014-09-23 22:06 - 00007434 _____ () C:\WINDOWS\PFRO.log
2014-12-10 20:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 16:14 - 2014-01-25 18:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 16:12 - 2014-01-25 18:52 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 10:32 - 2014-01-27 19:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 20:29 - 2014-06-01 19:56 - 00003202 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor*****
2014-12-02 12:22 - 2014-11-02 14:22 - 00000002 _____ () C:\Users\*****\AppData\Local\DSI.DAT
2014-11-26 22:10 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 09:48 - 2014-10-31 11:16 - 00000000 ____D () C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7
2014-11-20 16:52 - 2014-10-30 18:22 - 00000000 ____D () C:\Program Files (x86)\RCP
2014-11-17 20:36 - 2014-01-24 11:57 - 00004104 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-17 20:36 - 2014-01-24 11:57 - 00003868 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-16 18:33 - 2013-08-22 15:44 - 00371584 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-16 16:38 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 16:38 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 16:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 16:38 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-14 16:55

==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by ***** at 2014-12-16 17:15:26
Running from C:\Users\*****\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{0DEB2EEB-BE9A-44B1-9D90-183250B61785}) (Version: 20.13.3317.03143 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.13.3317.03143 - Alcor Micro Corp.) Hidden
allday savings (HKLM\...\60951E57-596F-4F68-8D9E-F32C835AE122) (Version: 2.0.1 - allday savings)
AMD Catalyst Install Manager (HKLM\...\{425D8EBC-EDEE-A047-63BA-F02A2D3D531E}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4016 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3007 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3007 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.12.4 - Uniblue Systems Ltd)
EnterDigital (HKLM\...\EnterDigital) (Version: 2014.10.30.145832 - EnterDigital) <==== ATTENTION!
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 6.41.1.1 - Iminent) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.30153 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Word 2013 Packages (HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Word 2013 Packages) (Version:  - ) <==== ATTENTION
WSE_Astromenda (HKLM-x32\...\WSE_Astromenda) (Version:  - WSE_Astromenda) <==== ATTENTION!

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3410860848-147556402-1147503670-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\*****\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-11-2014 14:07:32 Windows Update
05-12-2014 17:06:40 Geplanter Prüfpunkt
10-12-2014 15:09:48 Windows Update
16-12-2014 13:44:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0493D144-CB38-43F4-BB05-D203B5C185AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {191ADB66-82F1-487B-9257-104A1BE9E913} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {1DAD7642-36B7-4430-A881-164778512137} - System32\Tasks\HPCeeScheduleFor***** => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {202F1706-921E-4C1B-A622-2CA241333520} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {2BC867E0-E2F3-4040-9B56-071ABDC933EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {3868F90E-17BB-41ED-B76F-C60B18CBFCDF} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {3FEF663D-BE28-406F-944F-BF854F68BE28} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5CE578AC-A51D-45A9-8175-A78FCC634FCB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5E615E8F-B848-494F-A104-FAEF8B61FD80} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7F8CBEEC-5BB3-409F-8422-2FBAE009BC0D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {9E42B0E1-4570-4F77-A561-4D0B4DA51423} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {A013F81C-215D-47A9-B946-939A49697B82} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {B41E74CE-19A4-47BD-B9F8-C6B973EBA7A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CF330095-0511-46F7-9B21-4505C7E3F731} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2014-03-21] (Uniblue Systems Ltd)
Task: {D72A17FE-8060-4FF0-9696-FBB5FAD4A409} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {E09651F2-21C0-430E-A1AB-D6FDF22B116C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {E3577188-E657-4F36-85BA-28AE8D685B66} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {F691D33E-38B7-4499-B017-67C2C84344E9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-24] (Google Inc.)
Task: {FD363832-B0C0-4C6E-A5F2-79C39E1A6E32} - System32\Tasks\WSE_Astromenda => C:\Users\*****\AppData\Roaming\WSE_Astromenda\UpdateProc\UpdateTask.exe [2014-11-25] () <==== ATTENTION
Task: C:\WINDOWS\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFor*****.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\WSE_Astromenda.job => C:\Users\STEFAN~1\AppData\Roaming\WSE_AS~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-02-12 16:05 - 2013-02-12 16:05 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-02-12 16:05 - 2013-02-12 16:05 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-12-16 14:48 - 2014-12-16 14:48 - 00523504 _____ () C:\Program Files (x86)\EnterDigital\bin\utilEnterDigital.exe
2014-12-02 12:05 - 2014-12-16 14:49 - 00523504 _____ () C:\Program Files (x86)\EnterDigital\updateEnterDigital.exe
2014-12-02 12:02 - 2014-12-16 01:24 - 00353008 _____ () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.PurBrowse64.exe
2014-11-27 09:34 - 2014-12-15 20:40 - 00101616 _____ () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.expext.exe
2014-12-11 18:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-11 18:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-11 18:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-11 18:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-11 18:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-04 13:54 - 2013-03-13 13:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-01-04 13:58 - 2013-03-12 15:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-12 23:53 - 2013-03-12 23:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-27 09:34 - 2014-12-15 20:40 - 00082160 _____ () C:\Program Files (x86)\EnterDigital\bin\EnterDigital.expextdll.dll
2014-12-12 18:42 - 2014-12-06 02:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 18:42 - 2014-12-06 02:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 18:42 - 2014-12-06 02:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 18:42 - 2014-12-06 02:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 18:42 - 2014-12-06 02:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-3410860848-147556402-1147503670-500 - Administrator - Disabled)
Gast (S-1-5-21-3410860848-147556402-1147503670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3410860848-147556402-1147503670-1003 - Limited - Enabled)
***** (S-1-5-21-3410860848-147556402-1147503670-1001 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2014 06:57:24 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (12/10/2014 10:31:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: Stefan)
Description: Produkt: Adobe Reader XI (11.0.09) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011010}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/09/2014 08:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NIS.exe, Version: 12.11.4.4, Zeitstempel: 0x53f531a0
Name des fehlerhaften Moduls: NUEX.DLL, Version: 1.6.0.32, Zeitstempel: 0x541e7c14
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000e2c2
ID des fehlerhaften Prozesses: 0x14a0
Startzeit der fehlerhaften Anwendung: 0xNIS.exe0
Pfad der fehlerhaften Anwendung: NIS.exe1
Pfad des fehlerhaften Moduls: NIS.exe2
Berichtskennung: NIS.exe3
Vollständiger Name des fehlerhaften Pakets: NIS.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: NIS.exe5

Error: (12/01/2014 07:47:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1100

Startzeit: 01d00d972c1dbc2b

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: 8b5e24d8-798a-11e4-be8d-0c54a500c9ee

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/28/2014 11:42:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17416 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1060

Startzeit: 01d00af7c4f65cf1

Endzeit: 0

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: 33738d25-76eb-11e4-be8c-0c54a500c9ee

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/16/2014 06:34:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: delegate_execute.exe, Version: 38.0.2125.111, Zeitstempel: 0x544712a1
Name des fehlerhaften Moduls: delegate_execute.exe, Version: 38.0.2125.111, Zeitstempel: 0x544712a1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000373c0
ID des fehlerhaften Prozesses: 0xdb8
Startzeit der fehlerhaften Anwendung: 0xdelegate_execute.exe0
Pfad der fehlerhaften Anwendung: delegate_execute.exe1
Pfad des fehlerhaften Moduls: delegate_execute.exe2
Berichtskennung: delegate_execute.exe3
Vollständiger Name des fehlerhaften Pakets: delegate_execute.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: delegate_execute.exe5

Error: (11/14/2014 07:23:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\WINDOWS\system32\svchost.exe -k netsvcs; Beschreibung = Windows Update; Fehler = 0x81000101).

Error: (11/12/2014 03:07:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (11/04/2014 00:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17344, Zeitstempel: 0x541b6f63
Name des fehlerhaften Moduls: EnterDigitalbho.dll, Version: 1.0.0.3, Zeitstempel: 0x545119b0
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00003421
ID des fehlerhaften Prozesses: 0x2a6c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5

Error: (11/03/2014 01:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.17344, Zeitstempel: 0x541b6f63
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x22e7be00
ID des fehlerhaften Prozesses: 0x287c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Vollständiger Name des fehlerhaften Pakets: IEXPLORE.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: IEXPLORE.EXE5


System errors:
=============
Error: (12/16/2014 04:39:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 12 Mal passiert.

Error: (12/16/2014 03:28:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 11 Mal passiert.

Error: (12/16/2014 02:45:33 PM) (Source: DCOM) (EventID: 10010) (User: Stefan)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/16/2014 02:45:03 PM) (Source: DCOM) (EventID: 10010) (User: Stefan)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (12/15/2014 07:59:57 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 10 Mal passiert.

Error: (12/15/2014 07:50:01 PM) (Source: DCOM) (EventID: 10010) (User: Stefan)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/15/2014 03:11:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 9 Mal passiert.

Error: (12/15/2014 00:47:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert.

Error: (12/15/2014 00:08:50 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (12/15/2014 10:48:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (12/11/2014 06:57:24 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (12/10/2014 10:31:40 AM) (Source: MsiInstaller) (EventID: 1024) (User: Stefan)
Description: Adobe Reader XI (11.0.09) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011010}1625(NULL)(NULL)(NULL)

Error: (12/09/2014 08:27:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: NIS.exe12.11.4.453f531a0NUEX.DLL1.6.0.32541e7c14c00000050000e2c214a001d013d5327e9d35C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exeC:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\21.6.0.32\NUEX.DLL5ae2fe6d-7fd9-11e4-be8e-0c54a500c9ee

Error: (12/01/2014 07:47:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416110001d00d972c1dbc2b0C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE8b5e24d8-798a-11e4-be8d-0c54a500c9ee

Error: (11/28/2014 11:42:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416106001d00af7c4f65cf10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE33738d25-76eb-11e4-be8c-0c54a500c9ee

Error: (11/16/2014 06:34:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: delegate_execute.exe38.0.2125.111544712a1delegate_execute.exe38.0.2125.111544712a1c0000005000373c0db801d001c385d3cb72C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\delegate_execute.exeC:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\delegate_execute.exec4ef809e-6db6-11e4-be89-0c54a500c9ee

Error: (11/14/2014 07:23:07 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (11/12/2014 03:07:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (11/04/2014 00:18:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63EnterDigitalbho.dll1.0.0.3545119b0c0000005000034212a6c01cff82110214c7aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\EnterDigital\EnterDigitalbho.dll58e88c31-6414-11e4-be83-0c54a500c9ee

Error: (11/03/2014 01:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17344541b6f63unknown0.0.0.000000000c000000522e7be00287c01cff761a3795cafC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknown16ce6611-6355-11e4-be83-0c54a500c9ee


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8131.22 MB
Available physical RAM: 6212.07 MB
Total Pagefile: 9411.22 MB
Available Pagefile: 6683.63 MB
Total Virtual: 131072 MB
Available Virtual: 131071.81 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:916.29 GB) (Free:844.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:13.3 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5080202A)

Partition: GPT Partition Type.

==================== End Of Log ============================

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-12-16 17:27:59
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002c WDC_WD10EZEX-60ZF5A0 rev.80.00A80 931,51GB
Running: k177l0xi.exe; Driver: C:\Users\STEFAN~1\AppData\Local\Temp\ugldypob.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[8440] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506  00007ffe8f6d169a 4 bytes [6D, 8F, FE, 7F]
.text  C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[8440] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514  00007ffe8f6d16a2 4 bytes [6D, 8F, FE, 7F]
.text  C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[8440] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118    00007ffe8f6d181a 4 bytes [6D, 8F, FE, 7F]
.text  C:\Program Files (x86)\EnterDigital\bin\EnterDigital.BrowserAdapter64.exe[8440] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142    00007ffe8f6d1832 4 bytes [6D, 8F, FE, 7F]

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [3996:10496]                                                                                              fffff960008fbb90

---- Disk sectors - GMER 2.1 ----

Disk    \Device\Harddisk0\DR0                                                                                                                  unknown MBR code

---- EOF - GMER 2.1 ----

schrauber 16.12.2014 18:40
hi,

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    EnterDigital

    Iminent

    RegClean-Pro

    Word 2013 Packages

    WSE_Astromenda


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Pingpong12 18.12.2014 18:24
hi,

Code:
# AdwCleaner v4.105 - Bericht erstellt am 18/12/2014 um 18:10:14
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : ***** - *****
# Gestartet von : C:\Users\*****\Desktop\Virus entfernen\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Users\*****~1\AppData\Local\Temp\EnterDigital
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Datei Gelöscht : C:\Users\Public\Desktop\driverscanner.lnk
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : dsmonitor

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9CB2CD61-FFA0-406C-9D2D-8FDE6F4A4D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}]
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\BRS
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\adserver.iminent.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\astromenda.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\de.yhs4.search.yahoo.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\iminent.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweetamoris.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.sweetamoris.de

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v39.0.2171.95

[C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://astromenda.com/results.php?f=4&q={searchTerms}&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=

*************************

AdwCleaner[R0].txt - [7377 octets] - [18/12/2014 18:08:03]
AdwCleaner[S0].txt - [6288 octets] - [18/12/2014 18:10:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6348 octets] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 18.12.2014
Suchlauf-Zeit: 17:49:58
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.18.04
Rootkit Datenbank: v2014.12.14.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Stefanmüller

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 360091
Verstrichene Zeit: 5 Min, 48 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 22
PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{91b8f7a9-1558-40b3-b1e9-824ae5a2089f}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{09e31fda-3893-4c78-9562-7b8df8f5f47c}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C69A48F3-9357-40E4-9C73-9B3A8E23A128}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C69A48F3-9357-40E4-9C73-9B3A8E23A128}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{09e31fda-3893-4c78-9562-7b8df8f5f47c}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{91B8F7A9-1558-40B3-B1E9-824AE5A2089F}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{91B8F7A9-1558-40B3-B1E9-824AE5A2089F}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.EnterDigital.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{91B8F7A9-1558-40B3-B1E9-824AE5A2089F}, In Quarantäne, [73d969fb88f4df57fdc800cfef131be5],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [7bd1e67e83f99e98d0f787846c97ab55],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [ae9ee87c2854f14592367497df2444bc],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [3d0f7be92557f145a5b76aa133d030d0],
PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}Gw64, In Quarantäne, [153754107a02d46245687eeecf348a76],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [74d8372d1d5fa195d500dbbb4fb4d927],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [4408bba9007cb77f92bf3f92d0345ea2],
PUP.Optional.Astromenda.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [004cb7ad4c30e74f79d8745d19ebaa56],
PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [2329cc98b0cc46f060a9e58c2fd44cb4],
PUP.Optional.Softonic.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [cf7dd2924c30ae882d1e7dd86f94d729],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_astromenda, In Quarantäne, [e963aeb6f8848da9801bd98d57ac29d7],
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pfkfdlcdbajamklbneflfbcmfgddmpae, In Quarantäne, [7ece70f4ff7db0861042d5fc768eb749],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [014b184c364667cf7b6b0e87ee155ea2],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [103c87dd4a32f2447a8a9814cf3546ba],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [fa523b29f28a102653b558194cb740c0],

Registrierungswerte: 3
PUP.Optional.Iminent.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [3d0f7be92557f145a5b76aa133d030d0],
PUP.Optional.Iminent.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [8fbdd193d5a7ee48e17bc84382817c84],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, In Quarantäne, [103c87dd4a32f2447a8a9814cf3546ba]

Registrierungsdaten: 1
PUP.Optional.Astromenda.A, HKU\S-1-5-21-3410860848-147556402-1147503670-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=, Gut: (www.google.com), Schlecht: (hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir=),Ersetzt,[e864e282f884ab8bce10d99bdd283ac6]

Ordner: 1
PUP.Optional.Astromenda.A, C:\Users\Stefanmüller\AppData\Roaming\WSE_Astromenda, In Quarantäne, [dd6f065e75070d2947ea162c37cca858],

Dateien: 6
PUP.Optional.Iminent.A, C:\Users\Stefanmüller\AppData\Local\Temp\uninstall.exe9c6f821, In Quarantäne, [fb51eb797efe0a2c88375dcabd4857a9],
PUP.Optional.Iminent.A, C:\Users\Stefanmüller\AppData\Local\Temp\IminentUninstall.exe9c6f821, In Quarantäne, [95b70163324a092d06b4a9b8a55cc937],
PUP.Optional.Astromenda.A, C:\Windows\Tasks\WSE_Astromenda.job, In Quarantäne, [9ab276ee8bf1df5749f4d98031d234cc],
PUP.Optional.Astromenda.A, C:\Windows\System32\Tasks\WSE_Astromenda, In Quarantäne, [c58785df7507ff379da1e17809fa926e],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{70ed362e-6c2f-4f13-9f05-a5b35ff4be55}Gw64.sys, In Quarantäne, [153754107a02d46245687eeecf348a76],
PUP.Optional.Iminent.A, C:\Users\Stefanmüller\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, In Quarantäne, [51fb65ffb8c4f93d0fce324d33d07090],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Stefanmller on 18.12.2014 at 18:15:44,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\Stefanmller\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Stefanmller\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] C:\WINDOWS\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-D855646C.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\GOOGLETOOLBARUSER_32.EXE-992C17DF.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\DRIVERSCANNER.EXE-B0057537.pf



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.12.2014 at 18:17:28,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

schrauber 18.12.2014 21:31

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Pingpong12 23.12.2014 19:47
hi,

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=a307b483cbaf354ea8f599fa81281b80
# engine=21683
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-23 06:24:48
# local_time=2014-12-23 07:24:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Norton Internet Security'
# compatibility_mode=3597 16777213 100 100 854758 181955673 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3210404 44240381 0 0
# scanned=81630
# found=5
# cleaned=0
# scan_time=997
sh=0116402F55F12D13C5141E0EEDCD43414E455928 ft=1 fh=d02f683612b49601 vn="Variante von Win32/DealPly.Z evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3410860848-147556402-1147503670-1001\$RKW40NJ\UpdateTask.exe"
sh=FA55D765ACECF0E142995558447BA1C0C64A95B9 ft=1 fh=8a5fed32a6adae19 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\roboot64.exe.vir"
sh=24A44F8AAD4D7BE36BE346527CDCDD702580E18A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Stefanmüller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbicpopjaaipnhconhlfmbkjbcfdhkkl\1.0.1_0\background.js"
sh=1312A02D526DA2780D06C7223A0C85B7FFF4E418 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Stefanmüller\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbicpopjaaipnhconhlfmbkjbcfdhkkl\1.0.1_0\content.js"
sh=C1F0C56AD6D7D069F909D7EEBE6577EB4AD497DA ft=1 fh=b8eda7561bcfedb9 vn="Variante von Win32/InstallCore.TR evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Stefanmüller\Downloads\Word_Setup.exe"
Code:
Results of screen317's Security Check version 0.99.93 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Windows Defender         
Norton Internet Security 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Spybot - Search & Destroy
 Adobe Reader XI 
 Mozilla Thunderbird (24.6.0)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Spybot Teatimer.exe is disabled!
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-12-2014
Ran by ****** (administrator) on ******N on 23-12-2014 19:42:48
Running from C:\Users\******\Desktop\Virus entfernen
Loaded Profile: ****** (Available profiles: ******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2012-08-22] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-06-04] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-01-27] (Google Inc.)
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\RunOnce: [Adobe Speed Launcher] => 1419352058
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\...\Policies\Explorer: [NofolderOptions] 0
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
HKU\S-1-5-21-3410860848-147556402-1147503670-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK13/4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {BAEBB160-B1FD-4295-9002-C014ECA98720} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {BAEBB160-B1FD-4295-9002-C014ECA98720} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> {BAEBB160-B1FD-4295-9002-C014ECA98720} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3410860848-147556402-1147503670-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\coFFPlgn [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.5.0.19\IPSFF [2014-08-25]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_clickconnect_14_44_ie&cd=2XzuyEtN2Y1L1QzuyEtD0FtDtB0FyC0DyDtDyB0AzytDzz0EtN0D0Tzu0StCtDtAyEtN1L2XzutAtFyDtFtCtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEyCzzyB0ByE0F0CtG0D0B0CzytG0EtAtC0FtG0E0FtDtBtGtCyCyE0AzztAtAtA0AtD0C0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StD0C0E0FtD0FtC0BtGyDzy0DzytGyE0D0E0AtG0A0CtB0DtGyCyE0Ezz0D0A0EyE0AtD0C0F2Q&cr=1137921836&ir="
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-24]
CHR Extension: (Google Drive) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-28]
CHR Extension: (YouTube) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-24]
CHR Extension: (Google-Suche) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-24]
CHR Extension: (EnterDigital) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbicpopjaaipnhconhlfmbkjbcfdhkkl [2014-12-11]
CHR Extension: (Norton Identity Safe) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-26]
CHR Extension: (Google Wallet) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-24]
CHR Extension: (Google Mail) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CLHNServiceForPowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-10] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-10] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-10] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 2013-06-04] (IDT, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-10-24] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
S3 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-22] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [129536 2013-07-06] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\BASHDefs\20141209.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\IPSDefs\20141222.001\IDSvia64.sys [637656 2014-11-18] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141222.034\ENG64.SYS [129752 2014-08-25] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.5.0.19\Definitions\VirusDefs\20141222.034\EX64.SYS [2137304 2014-08-25] (Symantec Corporation)
R2 ntk_PowerDVD12; c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2014-07-23] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-07-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1506000.020\SymELAM.sys [23568 2014-07-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-08-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-07-23] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 19:35 - 2014-12-23 19:35 - 00852505 _____ () C:\Users\******\Downloads\SecurityCheck.exe
2014-12-18 18:15 - 2014-12-18 18:15 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-18 18:08 - 2014-12-18 18:10 - 00000000 ____D () C:\AdwCleaner
2014-12-18 17:49 - 2014-12-23 18:46 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 17:49 - 2014-12-23 18:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 17:49 - 2014-12-18 17:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-18 17:49 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-18 17:49 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-18 17:49 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-18 16:16 - 2014-12-18 16:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-12-18 16:16 - 2014-12-18 16:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-12-18 16:12 - 2014-12-18 16:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-17 18:22 - 2014-12-17 18:22 - 00022528 _____ () C:\Users\******\AppData\Local\dsisetup852064532.exe
2014-12-16 17:47 - 2014-12-16 17:47 - 00000486 _____ () C:\Users\******\Downloads\defogger_disable (1).log
2014-12-16 17:14 - 2014-12-23 19:42 - 00000000 ____D () C:\FRST
2014-12-16 17:07 - 2014-12-23 19:42 - 00000000 ____D () C:\Users\******\Desktop\Virus entfernen
2014-12-16 17:07 - 2014-12-16 17:07 - 00042557 _____ () C:\Users\******\Documents\Firma Weinachten.odt
2014-12-16 17:05 - 2014-12-16 17:08 - 00000486 _____ () C:\Users\******\Downloads\defogger_disable.log
2014-12-16 17:05 - 2014-12-16 17:05 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-12-16 14:28 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-16 14:28 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 18:42 - 2014-12-11 18:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-11 18:42 - 2014-12-11 18:44 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-11 18:42 - 2014-12-11 18:42 - 00001410 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Safer-Networking
2014-12-11 18:42 - 2014-12-11 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-11 18:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-12-11 18:41 - 2014-12-11 18:42 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\******\Downloads\spybot-2.4.exe
2014-12-10 20:46 - 2014-12-10 20:46 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 15:37 - 2014-12-10 15:37 - 00014239 _____ () C:\Users\******\Documents\Steckbrief Corvin.odt
2014-12-10 10:35 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 10:35 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 10:35 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 10:35 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 10:35 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 10:35 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 10:35 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 10:35 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 10:35 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 10:35 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 10:35 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 10:34 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 10:34 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 10:34 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 10:34 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 10:34 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 10:34 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 10:34 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 10:34 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 10:34 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 10:34 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 10:34 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 10:34 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 10:34 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 10:34 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 10:34 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 10:34 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 10:34 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 10:34 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 10:34 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 10:34 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 10:34 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 10:34 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 10:34 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 10:34 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 10:34 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 10:34 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 10:34 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 10:34 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 10:34 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 10:34 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 10:34 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 10:34 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 10:34 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 10:34 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 10:34 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 10:34 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 10:34 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 10:34 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 10:34 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 10:34 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 10:34 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 10:34 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 10:34 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-02 12:22 - 2014-12-02 12:22 - 00022528 _____ () C:\Users\******\AppData\Local\dsisetup13030622.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-23 19:41 - 2014-01-24 11:57 - 00001132 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-23 19:25 - 2014-10-24 14:39 - 01064349 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-23 19:05 - 2014-09-24 07:17 - 01980934 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-23 19:05 - 2014-09-24 06:43 - 00841326 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-23 19:05 - 2014-09-24 06:43 - 00191558 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-23 19:02 - 2013-08-22 15:46 - 00297325 _____ () C:\WINDOWS\setupact.log
2014-12-23 19:01 - 2014-10-24 16:27 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AF791F30-4CDE-49B2-B9DA-ABE6E5526993}
2014-12-23 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-23 17:27 - 2014-01-24 11:57 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 19:09 - 2014-09-23 22:06 - 00015502 _____ () C:\WINDOWS\PFRO.log
2014-12-22 19:09 - 2014-06-01 19:56 - 00000374 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFor******.job
2014-12-22 19:09 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-22 16:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-20 13:12 - 2014-06-01 19:56 - 00003202 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleFor******
2014-12-20 13:12 - 2014-02-01 14:51 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-12-20 13:12 - 2014-02-01 14:51 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-19 09:40 - 2014-01-24 11:34 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3410860848-147556402-1147503670-1001
2014-12-18 18:10 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-18 18:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-18 17:43 - 2014-10-30 18:22 - 00000000 ____D () C:\Users\******\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-12-18 14:57 - 2013-08-22 14:25 - 00000194 _____ () C:\WINDOWS\win.ini
2014-12-18 13:30 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-18 13:22 - 2014-10-30 19:22 - 00000211 _____ () C:\Users\******\AppData\Roaming\WB.CFG
2014-12-17 18:22 - 2014-11-02 14:22 - 00000001 _____ () C:\Users\******\AppData\Local\DSI.DAT
2014-12-16 17:05 - 2014-10-24 14:45 - 00000000 ____D () C:\Users\******
2014-12-13 14:50 - 2014-01-24 14:13 - 00000000 ____D () C:\Users\******\Documents\Fax
2014-12-12 18:42 - 2014-01-24 11:58 - 00002202 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-11 13:35 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 20:46 - 2014-09-24 08:43 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 20:46 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 16:14 - 2014-01-25 18:53 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 16:12 - 2014-01-25 18:52 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-10 10:32 - 2014-01-27 19:48 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-26 22:10 - 2014-09-24 08:46 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-11-26 22:10 - 2014-09-24 08:46 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe
C:\Users\******\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-23 18:11

==================== End Of Log ============================
--- --- ---

schrauber 24.12.2014 18:03
Download Ordner leeren.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$Recycle.Bin
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.






Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:42 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131