Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Lollipop Virus doch nicht gelöscht? Weitere Viren... (https://www.trojaner-board.de/149028-lollipop-virus-geloescht-viren.html)

kemb 01.02.2014 00:03
Lollipop Virus doch nicht gelöscht? Weitere Viren...
 
Hallo
durch meine eigene Dummheit hat mich der Lollipop Virus erwischt. Ich wollte mir OpenOffice runterladen, habe aber wohl auf den falschn Link geklickt und beim Donwolad ein Virus bekommen. Norton warnet mich schon beim Download und versuchte Zugriffe zu blockieren. Ich hatte innerhalb einer Minute übr 10 blockierte Zugriffe. Nun so ganz hat es aber dann nicht geklappt. Das erste Anzeichen war eine auftauchende Verknüpfung auf dm Desktop von dem Spiel Goodgame Empire und als nächstes sah ich unten den Button von Lollipop.
Lollipop.exe konnte ich dann mit hilfe von Norton Secure Ereaser deinstalieren. Jedoch wunderte mich dise untypische Goodgame verknüpfung und ich habe Sorge das dahinter noch mehr steckt.
Ein vollständiger Systemscan läuft noch.
Leider habe ich in den nächsten 3 Wochen nicht wirklich Zeit den Laptop neu aufzusetzen und bin doch auf ihn angewiesen.
Kann mich hier einer vielleicht beruhigen, oder sagen welche Schritte ich noch unternehmen soll?

Bootsektor 01.02.2014 01:10
:hallo:

Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem
  • Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, ausser Du wurdest dazu aufgefordert.
  • Speichere alle unsere Toosl auf dem Desktop ab.
  • Poste die Logfiles direkt in deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

Bitte mache einen Scan mit FRST
Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


kemb 01.02.2014 11:39
Hallo,

danke für deine Hilfe.

FRST.txt:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by Kaja (administrator) on KAJA-PC on 01-02-2014 11:28:00
Running from C:\Users\Kaja\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files\Hotspot Shield\bin\hsswd.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\WINDOWS\System32\lxbkcoms.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\WINDOWS\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\ResultsAlpha\updateResultsAlpha.exe
() C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AnchorFree Inc.) C:\Program Files\Hotspot Shield\bin\HSSCP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2013-12-20] (APN)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {4274526b-78f7-11e1-84d6-002186800399} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {427d9b78-e1c9-11df-b8b7-002186800399} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {b699f5c1-a5e6-11df-a3af-002186800399} - Menu.exe
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {f3eac8cc-a330-11df-a77d-806e6f6e6963} - F:\start.bat

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {36A2122C-DDE0-4F56-AA5B-9CC54C3A1016} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - DefaultScope {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {36A2122C-DDE0-4F56-AA5B-9CC54C3A1016} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {DC9C1377-3A2D-42CB-A9FE-C27B185B6A3F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default
FF user.js: detected! => C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\user.js
FF Homepage: hxxp://count.manror.de/index.php?day=02&month=08&year=2013&hour=06&minute=55&second=00
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: vis - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2014-01-31]
FF Extension: Snip-Me - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\addon@snip-me.de.xpi [2013-03-12]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: Adblock Plus - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-16]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-12-20]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26]

Chrome:
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-12-20]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2013-02-09]

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-12-20] (APN LLC.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [831272 2013-06-21] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [78512 2013-06-21] ()
R2 HssWd; C:\Program Files\Hotspot Shield\bin\hsswd.exe [548136 2013-06-21] ()
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] ()
R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-08-30] (Cisco Systems, Inc.)

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-08-30] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-08-30] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-04-23] (SlySoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-06-21] (AnchorFree Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140130.001\IDSvix86.sys [394456 2014-01-19] (Symantec Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVENG.SYS [93272 2014-01-06] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVEX15.SYS [1612376 2014-01-06] (Symantec Corporation)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-02-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-05-16] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-06-21] (Anchorfree Inc.)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-01 11:18 - 2014-02-01 11:28 - 00024979 _____ () C:\Users\Kaja\Desktop\FRST.txt
2014-02-01 11:18 - 2014-02-01 11:18 - 00000000 ____D () C:\FRST
2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe
2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice
2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-31 23:48 - 2014-01-31 23:50 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-31 23:18 - 2014-01-31 23:37 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE
2014-01-31 22:54 - 2014-02-01 02:24 - 00000000 ____D () C:\Program Files\ResultsAlpha
2014-01-31 22:54 - 2014-01-31 22:54 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Windows Net Data
2014-01-31 22:42 - 2014-01-31 22:43 - 00000000 ____D () C:\Users\Kaja\AppData\Local\DownloadGuide
2014-01-28 12:32 - 2014-01-28 12:33 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood
2014-01-20 15:10 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 15:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 15:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 15:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 15:08 - 2014-01-20 15:10 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 11:54 - 2014-01-26 13:16 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos
2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip
2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania
2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006)
2014-01-03 13:26 - 2014-01-03 13:28 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik

==================== One Month Modified Files and Folders =======

2014-02-01 11:28 - 2014-02-01 11:18 - 00024979 _____ () C:\Users\Kaja\Desktop\FRST.txt
2014-02-01 11:25 - 2010-08-08 21:09 - 01762684 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 11:22 - 2010-08-16 13:33 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 11:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 11:22 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 11:22 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 11:20 - 2008-06-02 02:19 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-01 11:20 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-01 11:18 - 2014-02-01 11:18 - 00000000 ____D () C:\FRST
2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe
2014-02-01 11:17 - 2006-11-02 11:33 - 01648794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-01 11:12 - 2010-08-08 22:20 - 00077920 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 11:10 - 2006-11-02 13:47 - 00326544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 11:09 - 2008-01-21 03:47 - 01040758 _____ () C:\Windows\PFRO.log
2014-02-01 02:24 - 2014-01-31 22:54 - 00000000 ____D () C:\Program Files\ResultsAlpha
2014-02-01 01:32 - 2010-08-16 13:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 01:05 - 2012-04-01 12:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice
2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-31 23:50 - 2014-01-31 23:48 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-31 23:37 - 2014-01-31 23:18 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE
2014-01-31 23:18 - 2010-08-12 08:43 - 00000000 ____D () C:\ProgramData\Norton
2014-01-31 22:57 - 2010-08-13 12:22 - 00000000 ____D () C:\Users\Kaja\AppData\Local\CrashDumps
2014-01-31 22:54 - 2014-01-31 22:54 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\Windows Net Data
2014-01-31 22:43 - 2014-01-31 22:42 - 00000000 ____D () C:\Users\Kaja\AppData\Local\DownloadGuide
2014-01-30 17:45 - 2013-10-30 21:42 - 00000000 ____D () C:\Users\Kaja\Documents\Documents\Methoden der Sozialwissenschaft
2014-01-30 16:39 - 2010-08-08 23:39 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe
2014-01-30 16:33 - 2012-04-01 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-30 16:33 - 2011-05-19 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-28 12:33 - 2014-01-28 12:32 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood
2014-01-26 13:16 - 2014-01-15 11:54 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos
2014-01-20 19:33 - 2013-10-31 20:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-20 15:10 - 2014-01-20 15:08 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 15:10 - 2008-06-02 04:15 - 00000000 ____D () C:\Program Files\Java
2014-01-15 12:44 - 2008-06-02 03:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 12:42 - 2013-07-29 22:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 12:37 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 12:07 - 2010-09-02 21:33 - 00000000 ____D () C:\Users\Kaja\.gimp-2.6
2014-01-15 11:50 - 2011-10-07 21:44 - 00014693 _____ () C:\Windows\setupact.log
2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip
2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania
2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006)
2014-01-03 13:28 - 2014-01-03 13:26 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\hpe5006.dll


Some content of TEMP:
====================
C:\Users\Kaja\AppData\Local\Temp\First15.exe
C:\Users\Kaja\AppData\Local\Temp\VP6Install.exe
C:\Users\Kaja\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-01 11:28

==================== End Of Log ============================
--- --- ---

--- --- ---


Und hier die Adittion:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-02-2014 03
Ran by Kaja at 2014-02-01 11:28:32
Running from C:\Users\Kaja\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
4500_G510nz_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (Version: 9.0.115.0 - Adobe Systems Incorporated)
Adobe Help Center 2.1 (Version: 2.1 - Adobe Systems) Hidden
Adobe Photoshop 7.0 (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 5.0 (Version: 5.0 - Adobe Systems, Inc.)
Adobe Photoshop Elements 5.0 (Version: 5.0 - Adobe Systems, Inc.) Hidden
Adobe Reader X (10.1.9) - Deutsch (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (Version: 10.2.0.023 - Adobe Systems, Inc.)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638 - Adobe Systems, Inc.)
AIM (Version:  - )
AnimePalace - Der Anime & Manga Chat (Version:  - )
AnyDVD (Version: 6.6.4.2 - SlySoft)
Atheros Driver Installation Program (Version: 5.0 - Atheros)
ATI Catalyst Install Manager (Version: 3.0.664.0 - ATI Technologies, Inc.)
Audiograbber 1.83 SE  (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (Version: 1.0 - AG)
Avanquest update (Version: 1.31 - Avanquest Software)
Avira SearchFree Toolbar (Version: 12.10.0.2948 - APN, LLC)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI)
Catalyst Control Center Core Implementation (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.0508.2151.37248 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.0508.2151.37248 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Czech (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Danish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Dutch (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help English (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Finnish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help French (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help German (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Greek (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Hungarian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Italian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Japanese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Korean (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Polish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Russian (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Spanish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Swedish (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Thai (Version: 2008.0508.2150.37248 - ATI) Hidden
CCC Help Turkish (Version: 2008.0508.2150.37248 - ATI) Hidden
ccc-core-static (Version: 2008.0508.2151.37248 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.0508.2151.37248 - ATI) Hidden
Cisco AnyConnect Secure Mobility Client  (Version: 3.1.04066 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04066 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.0.13 - Cisco Systems, Inc.)
CloneDVD2 (Version:  - Elaborate Bytes)
Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000 - Microsoft Corporation)
CyberLink DVD Suite (Version: 5.5.1519 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.)
CyberLink YouCam (Version: 2.0.1616 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DHTML Editing Component (Version: 6.02.0001 - Microsoft Corporation)
Die Sims 2 (Version:  - )
Die Sims 2: Nightlife (Version:  - )
Die Sims 2: Wilde Campus-Jahre (Version:  - )
Die Sims™ 2 Apartment-Leben (Version:  - Electronic Arts)
Die Sims™ 2 Haustiere (Version:  - )
Die Sims™ 2 IKEA® Home-Accessoires (Version:  - Electronic Arts)
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires (Version:  - Electronic Arts)
dm-Fotowelt (Version:  - )
DocMgr (Version: 130.0.000.000 - Ihr Firmenname) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
ElsterFormular (Version: 11.5.1.4843 - Landesfinanzdirektion Thüringen)
ElsterFormular für Unternehmer (Version: 12.0.0.5880u - Landesfinanzdirektion Thüringen)
Erste Hilfe Existenzgründung (Version:  - )
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
GearDrvs (Version: 5.0.0.2 - Symantec Corporation) Hidden
GIMP 2.6.10 (Version: 2.6.10 - The GIMP Team)
Google Earth (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hotspot Shield 3.09 (Version: 3.09 - AnchorFree)
HP Active Support Library (Version: 3.1.9.1 - Hewlett-Packard)
HP Customer Participation Program 13.0 (Version: 13.0 - HP)
HP Doc Viewer (Version: 1.01.0005 - Hewlett-Packard)
HP Document Manager 2.0 (Version: 2.0 - HP)
HP Easy Setup - Frontend (Version: 5.7.0.2630 - Hewlett-Packard)
HP Help and Support (Version: 2.0.9.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (Version: 13.0 - HP)
HP Integrated Module with Bluetooth wireless technology 6.0.1.6200 (Version: 6.0.1.6200 - HP)
HP Officejet 4500 G510n-z (Version: 13.0 - HP)
HP Quick Launch Buttons 6.40 D3 (Version: 6.40 D3 - Hewlett-Packard)
HP QuickPlay 3.7 (Version:  - )
HP QuickTouch 1.00 D2 (Version: 1.0.9 - Hewlett-Packard)
HP Smart Web Printing 4.5 (Version: 4.5 - HP)
HP Solution Center 13.0 (Version: 13.0 - HP)
HP Total Care Advisor (Version: 2.1.3359.2635 - Hewlett-Packard)
HP Update (Version: 5.002.007.004 - Hewlett-Packard)
HP User Guides 0103 (Version: 1.01.0000 - Hewlett-Packard)
HP Wireless Assistant (Version: 3.00 I2 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IDT Audio (Version: 1.0.5893.0 - IDT)
IrfanView (remove only) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 5 (Version: 1.6.0.50 - Sun Microsystems, Inc.)
JavaFX 2.1.1 (Version: 2.1.1 - Oracle Corporation)
JMicron JMB38X Flash Media Controller (Version: 1.00.11.02 - JMicron Technology Corp.)
Lexmark X1100 Series (Version:  - Lexmark International, Inc.)
LightScribe System Software  1.12.33.2 (Version: 1.12.33.2 - LightScribe)
Lollipop (HKCU Version:  - Lollipop Network, S.L.) <==== ATTENTION
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 German Language Pack (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Zoo Tycoon (Version:  - )
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Norton 360 (Version: 2.0.0.242 - Symantec Corporation) Hidden
Norton 360 (Version: 6.4.1.14 - Symantec Corporation)
Oblivion (Version: 1.2.0416 - Bethesda Softworks)
OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)
OpenOffice 4.0.1 (Version: 4.01.9714 - Apache Software Foundation)
Pidgin (Version: 2.7.9 - )
Power2Go (Version: 5.6.3919 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.)
PowerDirector (Version: 6.5.2719 - CyberLink Corp.) Hidden
ProtectSmart Hard Drive Protection (Version: 3.10 A7 - Hewlett-Packard)
QuickTime (Version: 7.65.17.80 - Apple Inc.)
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000 - Realtek)
ResultsAlpha (Version: 2014.01.29.231828 - ResultsAlpha)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Schüco PlanSoft 3.2 (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2008.0508.2151.37248 - ATI) Hidden
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson PC Suite 6.012.00 (Version: 6.012.00 - Sony Ericsson)
Sony Ericsson Update Engine (Version: 2.11.12.9 - Sony Ericsson Mobile Communications AB)
Sony PC Companion 2.10.094 (Version: 2.10.094 - Sony)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.3.29.0 - Synaptics Incorporated)
T-Online 6.0 (Version:  - )
T-Online WLAN-Access Finder (Version:  - )
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
VarioPlus Creator (HKCU Version:  - Peter Hormanns)
Viewpoint Media Player (Version:  - )
VirtualCloneDrive (Version:  - Elaborate Bytes)
VIS (Version:  - ) <==== ATTENTION
VLC media player 2.1.0 (Version: 2.1.0 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

21-12-2013 20:07:48 Geplanter Prüfpunkt
24-12-2013 17:43:45 Geplanter Prüfpunkt
03-01-2014 12:59:51 Geplanter Prüfpunkt
06-01-2014 21:58:42 Geplanter Prüfpunkt
07-01-2014 19:04:42 Geplanter Prüfpunkt
12-01-2014 18:31:21 Geplanter Prüfpunkt
13-01-2014 19:57:04 Geplanter Prüfpunkt
14-01-2014 20:49:50 Geplanter Prüfpunkt
15-01-2014 11:37:01 Windows Update
17-01-2014 19:03:25 Geplanter Prüfpunkt
19-01-2014 20:07:06 Geplanter Prüfpunkt
20-01-2014 14:05:10 Installed Java 7 Update 51
22-01-2014 18:13:15 Geplanter Prüfpunkt
26-01-2014 18:33:18 Geplanter Prüfpunkt
28-01-2014 20:43:09 Geplanter Prüfpunkt
29-01-2014 21:56:17 Geplanter Prüfpunkt
31-01-2014 21:40:34 Geplanter Prüfpunkt
31-01-2014 22:29:58 Norton_Power_Eraser_20140131232958493
31-01-2014 22:47:43 OpenOffice 4.0.1 wird installiert

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {040B68F3-9E3F-4399-9BD0-740A459F204B} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {0CF7F025-79CD-4881-A1E9-C2B809C82F99} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Kaja => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {19E20916-6705-4362-AF11-8867A6747404} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2A6F2986-E00C-403D-BA3B-C985B550C6D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-16] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {757E927F-7AD7-4019-A153-F3F62D62E6CA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {AC89C091-5476-40C5-89A5-3D8153FB624F} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {CEF5135D-2F7F-4BD4-BEE6-76E9756DC840} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {D08786F2-1E78-4790-8421-A558FBB826E5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-30] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F0F81287-A56B-4A44-A14C-A69765F09E1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-05-08 23:14 - 2008-05-08 23:14 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2013-08-30 23:11 - 2013-08-30 23:11 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-06-21 01:46 - 2013-06-21 01:46 - 00749352 _____ () C:\Program Files\Hotspot Shield\bin\af_proxy.dll
2008-02-27 13:48 - 2008-02-27 13:48 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-12-20 16:47 - 2013-12-20 16:47 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun-Miniportadapter #2
Description: Microsoft Tun-Miniportadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/01/2014 11:23:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/01/2014 11:20:20 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/01/2014 11:11:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 11:37:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 11:33:19 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/31/2014 11:22:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/31/2014 11:19:32 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (01/31/2014 10:55:59 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung FlashPlayerPlugin_12_0_0_43.exe, Version 12.0.0.43, Zeitstempel 0x52cb9138, fehlerhaftes Modul ShimEng.dll_unloaded, Version 0.0.0.0, Zeitstempel 0x4549bdb7, Ausnahmecode 0xc0000005, Fehleroffset 0x70534618,
Prozess-ID 0x784, Anwendungsstartzeit FlashPlayerPlugin_12_0_0_43.exe0.

Error: (01/31/2014 05:01:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/30/2014 11:00:10 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (02/01/2014 11:23:37 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/01/2014 11:23:35 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/01/2014 11:22:22 AM) (Source: Microsoft-Windows-ResourcePublication) (User: NT-AUTORITÄT)
Description: Provider\Microsoft.Base.Publication/Publication/Computer

Error: (02/01/2014 11:20:17 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/01/2014 11:12:26 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (02/01/2014 11:11:36 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/01/2014 00:13:53 AM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505

Error: (01/31/2014 11:49:13 PM) (Source: VDS Dynamic Provider) (User: )
Description: Der Anbieter konnte Benachrichtigungen nicht speichern, die vom Treiber stammen. Der Dienst für virtuelle Datenträger muss neu gestartet werden. hr=80042505

Error: (01/31/2014 11:38:00 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (01/31/2014 11:37:35 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058


Microsoft Office Sessions:
=========================
Error: (03/08/2011 02:13:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1165 seconds with 1020 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-08-23 10:40:35.987
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 10:40:35.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 10:40:34.879
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-23 10:40:34.193
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-07 22:35:11.778
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-07 22:35:11.343
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-07 22:35:10.880
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-07 22:35:10.425
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Symantec\TEMP.^^^\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-07 22:35:09.866
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-02-07 22:35:09.414
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3068.9 MB
Available physical RAM: 1922.07 MB
Total Pagefile: 6360.31 MB
Available Pagefile: 5235.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.9 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:224.04 GB) (Free:89.02 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:232.88 GB) (Free:108.16 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:8.84 GB) (Free:1.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (14 Nov 2013) (CDROM) (Total:0.64 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 234B5336)
Partition 1: (Active) - (Size=224 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: E6C50D39)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Sieht irgendwie nicht gut aus. So viele Errors :(

Bootsektor 02.02.2014 08:49
Hallo kemb,

Zitat:
Sieht irgendwie nicht gut aus. So viele Errors
so schlimm sieht es gar nicht aus.

Kannst du mir etwas zu der Datei start.bat sagen?

Schritt 1
Bitte deinstalliere folgende Programme:

Avira SearchFree Toolbar
Lollipop
VIS
Dazu gehe auf
Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

kemb 02.02.2014 13:55
Ich kann dir leider nichts zu start.bat sagen.

Hier die Scans:

Code:
# AdwCleaner v3.018 - Bericht erstellt am 02/02/2014 um 12:53:47
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Kaja - KAJA-PC
# Gestartet von : C:\Users\Kaja\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\Users\Kaja\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Kaja\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (de)

[ Datei : C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\prefs.js ]

Zeile gelöscht : user_pref("plugin.blocklisted.npviewpoint", true);

-\\ Google Chrome v

[ Datei : C:\Users\Kaja\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4649 octets] - [02/02/2014 12:52:46]
AdwCleaner[S0].txt - [4500 octets] - [02/02/2014 12:53:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4560 octets] ##########


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Kaja on 02.02.2014 at 13:02:16,15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] hshld
Successfully stopped: [Service] hsstrayservice
Successfully deleted: [Service] hsstrayservice
Successfully stopped: [Service] hsswd
Successfully deleted: [Service] hsswd
Failed to stop: [Service] update resultsalpha
Failed to stop: [Service] util resultsalpha



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2228149092-2432111156-2657452413-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\hotspotshield
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36A2122C-DDE0-4F56-AA5B-9CC54C3A1016}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{36A2122C-DDE0-4F56-AA5B-9CC54C3A1016}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{4A5F884C-84B0-47E6-8669-2B0A785983E1}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBAB673A-A480-4050-BD2B-5DE24A7A0282}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\hotspot shield"
Successfully deleted: [Folder] "C:\Program Files\hotspot shield"
Failed to delete: [Folder] "C:\Program Files\resultsalpha"



~~~ FireFox

Emptied folder: C:\Users\Kaja\AppData\Roaming\mozilla\firefox\profiles\6lex0m77.default\minidumps [302 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.02.2014 at 13:10:03,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by Kaja (administrator) on KAJA-PC on 02-02-2014 13:12:25
Running from C:\Users\Kaja\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(ATI Technologies Inc.) C:\WINDOWS\System32\Ati2evxx.exe
(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
() C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\WINDOWS\System32\lxbkcoms.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\WINDOWS\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
() C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
() C:\Program Files\ResultsAlpha\updateResultsAlpha.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [417792 2009-11-10] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-08-30] (Cisco Systems, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-21] (IDT, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {4274526b-78f7-11e1-84d6-002186800399} - H:\LaunchU3.exe -a
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {427d9b78-e1c9-11df-b8b7-002186800399} - I:\LaunchU3.exe -a
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {b699f5c1-a5e6-11df-a3af-002186800399} - Menu.exe
HKU\S-1-5-21-2228149092-2432111156-2657452413-1000\...\MountPoints2: {f3eac8cc-a330-11df-a77d-806e6f6e6963} - F:\start.bat

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4A5F884C-84B0-47E6-8669-2B0A785983E1} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {DC9C1377-3A2D-42CB-A9FE-C27B185B6A3F} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default
FF Homepage: hxxp://count.manror.de/index.php?day=02&month=08&year=2013&hour=06&minute=55&second=00
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Snip-Me - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\addon@snip-me.de.xpi [2013-03-12]
FF Extension: Adblock Plus - C:\Users\Kaja\AppData\Roaming\Mozilla\Firefox\Profiles\6lex0m77.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-16]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files\Mozilla Firefox\browser\extensions\afurladvisor@anchorfree.com [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-10-26]

Chrome:
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2013-02-09]

========================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor5.0; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 lxbk_device; C:\Windows\system32\lxbkcoms.exe [537256 2008-02-19] ( )
R2 N360; C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [90112 2009-04-30] ()
R2 QPCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292248 2008-05-14] ()
R2 QPSched; C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [116112 2008-05-14] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe [221266 2009-07-21] (IDT, Inc.)
R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] ()
R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-08-30] (Cisco Systems, Inc.)
S2 hshld; C:\Program Files\Hotspot Shield\bin\cmw_srv.exe [x]

==================== Drivers (Whitelisted) ====================

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [39888 2013-08-30] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [58320 2013-08-30] (Cisco Systems, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [106432 2010-04-23] (SlySoft, Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140121.001\BHDrvx86.sys [1098968 2013-12-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\0604010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-11-21] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
R3 ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [11984 2007-02-16] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-11-21] (Symantec Corporation)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41160 2013-06-21] (AnchorFree Inc.)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140131.001\IDSvix86.sys [394456 2014-01-19] (Symantec Corporation)
S3 k750bus; C:\Windows\System32\DRIVERS\k750bus.sys [55216 2005-02-11] (MCCI)
S3 MTOnlPktAlyX; C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVENG.SYS [93272 2014-01-06] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140131.002\NAVEX15.SYS [1612376 2014-01-06] (Symantec Corporation)
R1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-09-03] (Protection Technology)
R0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [115680 2004-09-03] (Protection Technology)
R0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S3 SipIMNDI; C:\Windows\System32\DRIVERS\SipIMNDI.sys [24352 2009-10-15] (T-Systems International GmbH)
R3 SRTSP; C:\Windows\System32\Drivers\N360\0604010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0604010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0604010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0604010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2013-02-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0604010.00E\Ironx86.SYS [149624 2011-11-16] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360\0604010.00E\SYMTDIV.SYS [345208 2011-11-16] (Symantec Corporation)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2012-05-16] (AnchorFree Inc)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-06-21] (Anchorfree Inc.)
U1 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-02 13:10 - 2014-02-02 13:10 - 00003210 _____ () C:\Users\Kaja\Desktop\JRT.txt
2014-02-02 13:02 - 2014-02-02 13:02 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 13:01 - 2014-02-02 13:01 - 01037068 _____ (Thisisu) C:\Users\Kaja\Desktop\JRT.exe
2014-02-02 12:58 - 2014-02-02 12:58 - 00004640 _____ () C:\Users\Kaja\Desktop\AdwCleaner[S0].txt
2014-02-02 12:52 - 2014-02-02 12:53 - 00000000 ____D () C:\AdwCleaner
2014-02-02 12:51 - 2014-02-02 12:52 - 01166132 _____ () C:\Users\Kaja\Desktop\adwcleaner.exe
2014-02-01 11:28 - 2014-02-01 11:30 - 00034744 _____ () C:\Users\Kaja\Desktop\Addition.txt
2014-02-01 11:18 - 2014-02-02 13:12 - 00021407 _____ () C:\Users\Kaja\Desktop\FRST.txt
2014-02-01 11:18 - 2014-02-02 13:12 - 00000000 ____D () C:\FRST
2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe
2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice
2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-31 23:48 - 2014-01-31 23:50 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-31 23:18 - 2014-01-31 23:37 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE
2014-01-31 22:54 - 2014-02-02 13:04 - 00000000 ____D () C:\Program Files\ResultsAlpha
2014-01-28 12:32 - 2014-01-28 12:33 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood
2014-01-20 15:10 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-20 15:10 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-20 15:10 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-20 15:10 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-20 15:08 - 2014-01-20 15:10 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-15 11:54 - 2014-01-26 13:16 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos
2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip
2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania
2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006)
2014-01-03 13:26 - 2014-01-03 13:28 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik

==================== One Month Modified Files and Folders =======

2014-02-02 13:12 - 2014-02-01 11:18 - 00021407 _____ () C:\Users\Kaja\Desktop\FRST.txt
2014-02-02 13:12 - 2014-02-01 11:18 - 00000000 ____D () C:\FRST
2014-02-02 13:10 - 2014-02-02 13:10 - 00003210 _____ () C:\Users\Kaja\Desktop\JRT.txt
2014-02-02 13:05 - 2012-04-01 12:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-02 13:04 - 2014-01-31 22:54 - 00000000 ____D () C:\Program Files\ResultsAlpha
2014-02-02 13:04 - 2006-11-02 11:33 - 01648794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-02 13:02 - 2014-02-02 13:02 - 00000000 ____D () C:\Windows\ERUNT
2014-02-02 13:01 - 2014-02-02 13:01 - 01037068 _____ (Thisisu) C:\Users\Kaja\Desktop\JRT.exe
2014-02-02 13:00 - 2010-08-08 21:09 - 01815820 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 12:58 - 2014-02-02 12:58 - 00004640 _____ () C:\Users\Kaja\Desktop\AdwCleaner[S0].txt
2014-02-02 12:57 - 2010-08-16 13:33 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-02 12:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-02 12:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-02 12:56 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-02 12:54 - 2008-06-02 02:19 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-02 12:54 - 2006-11-02 14:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-02 12:53 - 2014-02-02 12:52 - 00000000 ____D () C:\AdwCleaner
2014-02-02 12:52 - 2014-02-02 12:51 - 01166132 _____ () C:\Users\Kaja\Desktop\adwcleaner.exe
2014-02-02 12:32 - 2010-08-16 13:33 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 11:30 - 2014-02-01 11:28 - 00034744 _____ () C:\Users\Kaja\Desktop\Addition.txt
2014-02-01 11:17 - 2014-02-01 11:17 - 01137152 _____ (Farbar) C:\Users\Kaja\Desktop\FRST.exe
2014-02-01 11:12 - 2010-08-08 22:20 - 00077920 _____ () C:\Users\Kaja\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-01 11:10 - 2006-11-02 13:47 - 00326544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 11:09 - 2008-01-21 03:47 - 01040758 _____ () C:\Windows\PFRO.log
2014-02-01 00:12 - 2014-02-01 00:12 - 00000000 ____D () C:\Users\Kaja\AppData\Roaming\OpenOffice
2014-01-31 23:52 - 2014-01-31 23:52 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-31 23:50 - 2014-01-31 23:48 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-31 23:45 - 2014-01-31 23:45 - 00000000 ____D () C:\Users\Kaja\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-31 23:37 - 2014-01-31 23:18 - 00000000 ____D () C:\Users\Kaja\AppData\Local\NPE
2014-01-31 23:18 - 2010-08-12 08:43 - 00000000 ____D () C:\ProgramData\Norton
2014-01-31 22:57 - 2010-08-13 12:22 - 00000000 ____D () C:\Users\Kaja\AppData\Local\CrashDumps
2014-01-30 17:45 - 2013-10-30 21:42 - 00000000 ____D () C:\Users\Kaja\Documents\Documents\Methoden der Sozialwissenschaft
2014-01-30 16:39 - 2010-08-08 23:39 - 00000000 ____D () C:\Users\Kaja\AppData\Local\Adobe
2014-01-30 16:33 - 2012-04-01 12:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-30 16:33 - 2011-05-19 14:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-28 12:33 - 2014-01-28 12:32 - 00000000 ____D () C:\Users\Kaja\Desktop\Bad Blood
2014-01-26 13:16 - 2014-01-15 11:54 - 00000000 ____D () C:\Users\Kaja\Desktop\Literatur fotos
2014-01-20 19:33 - 2013-10-31 20:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-20 15:10 - 2014-01-20 15:08 - 00005315 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-20 15:10 - 2008-06-02 04:15 - 00000000 ____D () C:\Program Files\Java
2014-01-15 12:44 - 2008-06-02 03:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 12:42 - 2013-07-29 22:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 12:37 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 12:07 - 2010-09-02 21:33 - 00000000 ____D () C:\Users\Kaja\.gimp-2.6
2014-01-15 11:50 - 2011-10-07 21:44 - 00014693 _____ () C:\Windows\setupact.log
2014-01-12 12:51 - 2014-01-12 12:51 - 41887786 _____ () C:\Users\Kaja\Desktop\Bad Blood.zip
2014-01-11 13:18 - 2014-01-11 13:18 - 00000000 ____D () C:\Users\Kaja\Desktop\Dance Mania
2014-01-11 13:15 - 2014-01-11 13:15 - 00000000 ____D () C:\Users\Kaja\Desktop\20 '1 Hits (2006)
2014-01-03 13:28 - 2014-01-03 13:26 - 00000000 ____D () C:\Users\Kaja\Desktop\Neue Musik

Files to move or delete:
====================
C:\ProgramData\ezsid.dat
C:\ProgramData\hpe5006.dll


Some content of TEMP:
====================
C:\Users\Kaja\AppData\Local\Temp\First15.exe
C:\Users\Kaja\AppData\Local\Temp\Quarantine.exe
C:\Users\Kaja\AppData\Local\Temp\VP6Install.exe
C:\Users\Kaja\AppData\Local\Temp\VP6VFW.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-02 13:02

==================== End Of Log ============================
--- --- ---


Danke für deine Hilfe

Bootsektor 02.02.2014 22:18
Hallo kemb,

Zitat:
Ich kann dir leider nichts zu start.bat sagen.
Ok. Kannst du mir denn etwas zu Hotspot Shield von Anchor sagen? Wie läuft dein Rechner jetzt so?

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
() C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe
() C:\Program Files\ResultsAlpha\updateResultsAlpha.exe
SearchScopes: HKLM - DefaultScope value is missing.
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] ()
R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] ()
C:\Program Files\ResultsAlpha
File: C:\ProgramData\hpe5006.dll

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 3
Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern :kaffee:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

kemb 04.02.2014 21:29
Also Hotspot Shield ist ein Programm, dass ich vor ca einem Jahr intstalliert habe um US Serien zu schauen. Es gibt quasi vor, dass dr PC in den USA steht. Ich hatte eigentlich keine Probleme damit, aber wenn s weg soll, dann kann es auch weg.

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 01-02-2014 03
Ran by Kaja at 2014-02-04 20:59:34 Run:1
Running from C:\Users\Kaja\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe
() C:\Program Files\ResultsAlpha\updateResultsAlpha.exe
SearchScopes: HKLM - DefaultScope value is missing.
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*'))%20%7B%20return%20'PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
R2 Update ResultsAlpha; C:\Program Files\ResultsAlpha\updateResultsAlpha.exe [103200 2014-01-30] ()
R2 Util ResultsAlpha; C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe [103200 2014-01-31] ()
C:\Program Files\ResultsAlpha
File: C:\ProgramData\hpe5006.dll
       
*****************

[3060] C:\Program Files\ResultsAlpha\bin\utilResultsAlpha.exe => Process closed successfully.
[2908] C:\Program Files\ResultsAlpha\updateResultsAlpha.exe => Process closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
Firefox Proxy settings were reset.
Update ResultsAlpha => Service deleted successfully.
Util ResultsAlpha => Service deleted successfully.
C:\Program Files\ResultsAlpha => Moved successfully.

========================= File: C:\ProgramData\hpe5006.dll ========================

MD5: CBF470B77B2DB2F25C56E05CE391F18A
Creation and modification date: 2010-09-19 20:01 - 2010-09-19 20:01
Size: 0148736
Attributes: ----A
Company Name: Avanquest Software
Internal Name: hpe.dll
Original Name: hpe.dll
Product Name:
Description: IElevator Class Container
File Version: 1.0.0.1
Product Version: 1.0.0.1
Copyright: (c) Avanquest Software.  All rights reserved.

====== End Of File: ======


==== End of Fixlog ====


Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.04.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Kaja :: KAJA-PC [Administrator]

04.02.2014 21:03:21
mbam-log-2014-02-04 (21-03-21).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218999
Laufzeit: 13 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCR\CLSID\{cbab673a-a480-4050-bd2b-5de24a7a0282} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{f631e34d-23d3-4ed2-8942-631b8aaf9ea4} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBAB673A-A480-4050-BD2B-5DE24A7A0282} (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Public\Documents\Games.exe (Worm.AutoRun) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Ich habe übrigens ResultAlpha auch im Firefox gefunden ( bei den Addons) und habe es dort gelöscht wie es hier stand: http://www.trojaner-board.de/146467-...entfernen.html

Wie es aussieht, hat Malwarebytes es auch geschafft noch zu löschen.

Schritt 3 und 4 poste ich morgen, da ich es heute nicht mehr schaffe.

Bootsektor 04.02.2014 22:49
Hallo kemb,

Zitat:
Schritt 3 und 4 poste ich morgen, da ich es heute nicht mehr schaffe.
ok, dann bis morgen. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131