Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   PC nach unbekannten Programmen sehr langsam (https://www.trojaner-board.de/151988-pc-unbekannten-programmen-sehr-langsam.html)

Goldix3 04.04.2014 09:03
PC nach unbekannten Programmen sehr langsam
 
Hallo liebe Leute!

Ich habe ein Problem :confused:. Ich bin hier am PC von meinem Freund. Gestern wollte ich von meiner Serie die letzte Folge online schauen, und habe auf irgendeine Seite geklickt. Ich dachte dann, ich würde den FlashPlayer aktualisieren, aber ich habe wohl irgendeinen ****** runtergeladen :(. Dann kam als seine Startseite immer Websearch, als neuer tab immer Quickstart, MC Cafee hat sich dauernd geöffnet und andauernd gingen POP-UPs auf, mit dämlicher Werbung (FireFox). Ich habe danach gegooglet und die oben stehenden Probleme soweit entfernt. Allerdings sagt mein Freund, dass sein PC jetzt sehr langsam ist und er ist sehr wütend auf mich und ich würde mich wirklich über Hilfe freuen! Er hat Windows 8.

Ich poste mal alles, was ich in den 4 Schritten bekommen habe und hoffe dass man mir helfen kann das Problem zu finden...

defogger disable:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:38 on 04/04/2014 (DerBoss)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Das FRST:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by DerBoss (administrator) on DERBOSSPC on 04-04-2014 09:40:49
Running from C:\Users\DerBoss\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
() C:\Users\DerBoss\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3251176115-1451399811-2016643048-1001\...\MountPoints2: {c625c79a-ee20-11e2-be6d-806e6f6e6963} - "E:\Setup\setup.exe"
HKU\S-1-5-21-3251176115-1451399811-2016643048-1001\...\MountPoints2: {f129e00f-5f8b-11e3-be79-b4b52fd933c4} - "G:\DPFMate.exe"

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {6B928651-254F-4553-A01F-B0F39C9C867D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {6B928651-254F-4553-A01F-B0F39C9C867D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {6B928651-254F-4553-A01F-B0F39C9C867D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\DerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\6h44v0me.default-1396549465745
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-22] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2013-07-19] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130722.003\ENG64.SYS [126040 2013-07-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130722.003\EX64.SYS [2098776 2013-07-22] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 09:40 - 2014-04-04 09:40 - 02157056 _____ (Farbar) C:\Users\DerBoss\Downloads\FRST64.exe
2014-04-04 09:40 - 2014-04-04 09:40 - 00012479 _____ () C:\Users\DerBoss\Downloads\FRST.txt
2014-04-04 09:40 - 2014-04-04 09:40 - 00000000 ____D () C:\FRST
2014-04-04 09:38 - 2014-04-04 09:38 - 00000248 _____ () C:\Users\DerBoss\Downloads\defogger_enable.log
2014-04-04 09:38 - 2014-04-04 09:38 - 00000000 _____ () C:\Users\DerBoss\defogger_reenable
2014-04-04 09:37 - 2014-04-04 09:38 - 00000476 _____ () C:\Users\DerBoss\Downloads\defogger_disable.log
2014-04-04 09:37 - 2014-04-04 09:37 - 00050477 _____ () C:\Users\DerBoss\Downloads\Defogger.exe
2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\DerBoss\Desktop\Alte Firefox-Daten
2014-04-03 20:10 - 2014-02-12 12:46 - 00000426 _____ () C:\AVScanner.ini
2014-04-03 14:40 - 2014-04-03 14:45 - 00000000 ____D () C:\AdwCleaner
2014-04-03 14:39 - 2014-04-03 14:39 - 01426178 _____ () C:\Users\DerBoss\Downloads\adwcleaner3023.exe
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\Users\DerBoss\AppData\Local\VS Revo Group
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-03 14:35 - 2014-04-03 14:35 - 10619688 _____ (VS Revo Group ) C:\Users\DerBoss\Downloads\RevoUninProSetup.exe
2014-04-03 14:30 - 2014-04-03 14:31 - 00295920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-03 14:24 - 2014-04-03 14:24 - 00442280 _____ () C:\Users\DerBoss\Downloads\Player_Setup.exe
2014-03-29 16:56 - 2014-03-29 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 21:56 - 2014-03-13 22:01 - 00000000 ____D () C:\Users\DerBoss\Desktop\Musikjunkie-Farid.Bang.2014.Killa.Premium.Edition
2014-03-11 22:25 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-11 22:25 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-11 22:25 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-11 22:25 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-11 22:25 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-11 22:25 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-11 22:25 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-11 22:25 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-11 22:25 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-11 22:25 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-03-11 22:25 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-11 22:25 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-11 22:25 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 22:25 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-11 22:25 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-11 22:25 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-03-11 22:25 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-03-11 22:25 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-03-11 22:25 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys

==================== One Month Modified Files and Folders =======

2014-04-04 09:40 - 2014-04-04 09:40 - 02157056 _____ (Farbar) C:\Users\DerBoss\Downloads\FRST64.exe
2014-04-04 09:40 - 2014-04-04 09:40 - 00012479 _____ () C:\Users\DerBoss\Downloads\FRST.txt
2014-04-04 09:40 - 2014-04-04 09:40 - 00000000 ____D () C:\FRST
2014-04-04 09:40 - 2013-07-22 17:38 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 09:38 - 2014-04-04 09:38 - 00000248 _____ () C:\Users\DerBoss\Downloads\defogger_enable.log
2014-04-04 09:38 - 2014-04-04 09:38 - 00000000 _____ () C:\Users\DerBoss\defogger_reenable
2014-04-04 09:38 - 2014-04-04 09:37 - 00000476 _____ () C:\Users\DerBoss\Downloads\defogger_disable.log
2014-04-04 09:38 - 2013-07-16 16:14 - 00000000 ____D () C:\Users\DerBoss
2014-04-04 09:37 - 2014-04-04 09:37 - 00050477 _____ () C:\Users\DerBoss\Downloads\Defogger.exe
2014-04-04 09:36 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-04 09:34 - 2013-07-16 16:14 - 01272533 _____ () C:\windows\WindowsUpdate.log
2014-04-04 09:34 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-04 00:00 - 2013-09-06 18:23 - 00000000 ____D () C:\Users\DerBoss\AppData\Local\PokerStars.EU
2014-04-03 20:51 - 2013-07-16 16:20 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3251176115-1451399811-2016643048-1001
2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\DerBoss\Desktop\Alte Firefox-Daten
2014-04-03 18:05 - 2012-11-25 13:45 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-03 18:05 - 2012-11-25 13:45 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-03 18:05 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-03 15:59 - 2013-07-22 17:46 - 00000000 ____D () C:\Users\DerBoss\AppData\Roaming\TS3Client
2014-04-03 14:46 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-03 14:45 - 2014-04-03 14:40 - 00000000 ____D () C:\AdwCleaner
2014-04-03 14:45 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-03 14:39 - 2014-04-03 14:39 - 01426178 _____ () C:\Users\DerBoss\Downloads\adwcleaner3023.exe
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\Users\DerBoss\AppData\Local\VS Revo Group
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-03 14:35 - 2014-04-03 14:35 - 10619688 _____ (VS Revo Group ) C:\Users\DerBoss\Downloads\RevoUninProSetup.exe
2014-04-03 14:33 - 2013-07-27 19:40 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-03 14:33 - 2013-07-16 16:14 - 00001444 _____ () C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-03 14:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-03 14:31 - 2014-04-03 14:30 - 00295920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-03 14:30 - 2013-07-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 14:30 - 2012-08-01 19:02 - 01947858 _____ () C:\windows\PFRO.log
2014-04-03 14:24 - 2014-04-03 14:24 - 00442280 _____ () C:\Users\DerBoss\Downloads\Player_Setup.exe
2014-04-03 12:55 - 2013-12-06 18:50 - 00018468 _____ () C:\Users\DerBoss\daemonprocess.txt
2014-04-03 09:53 - 2014-01-29 16:06 - 00000000 ____D () C:\Users\DerBoss\AppData\Roaming\Skype
2014-03-29 16:56 - 2014-03-29 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 15:53 - 2013-09-06 18:23 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-03-25 19:41 - 2013-07-28 16:43 - 00000000 ____D () C:\Users\DerBoss\Downloads\Bushido & Shindy NWA 2013
2014-03-18 20:00 - 2013-08-15 17:38 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 19:58 - 2013-07-23 21:43 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-13 22:23 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-03-13 22:01 - 2014-03-13 21:56 - 00000000 ____D () C:\Users\DerBoss\Desktop\Musikjunkie-Farid.Bang.2014.Killa.Premium.Edition
2014-03-13 21:59 - 2012-07-26 09:21 - 00030262 _____ () C:\windows\setupact.log
2014-03-13 21:42 - 2013-07-16 16:15 - 00000000 ___RD () C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 21:42 - 2013-07-16 16:15 - 00000000 ___RD () C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 07:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 07:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 07:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-03-13 07:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 07:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-11 22:45 - 2013-07-22 17:38 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-05 00:52 - 2013-07-27 19:35 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2013-07-27 19:35 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\DerBoss\AppData\Local\Temp\avgnt.exe
C:\Users\DerBoss\AppData\Local\Temp\Quarantine.exe
C:\Users\DerBoss\AppData\Local\Temp\sdanircmdc.exe
C:\Users\DerBoss\AppData\Local\Temp\TeamSpeak3-Client-win64-3.0.10.1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 10:34

==================== End Of Log ============================
Addition
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by DerBoss at 2014-04-04 09:41:06
Running from C:\Users\DerBoss\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP2700 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series) (Version:  - Canon Inc.)
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5510 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3109 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1902 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Gameforge Live 1.6.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.6.0 - Gameforge)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Postscript Converter (Version: 3.1.3591 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.50 (HKLM\...\Logitech Gaming Software) (Version: 8.50.281 - Logitech Inc.)
Metin2 (HKLM-x32\...\Metin2_is1) (Version:  - Gameforge 4D GmbH)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nightly 24.0a1 (x64 en-US) (HKLM\...\Nightly 24.0a1 (x64 en-US)) (Version: 24.0a1 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA Control Panel 305.29 (Version: 305.29 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 305.29 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 305.29 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.82.513 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version:  - PokerStars.eu)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.11.1 - TeamSpeak Systems GmbH)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

18-03-2014 17:57:09 Windows Update
27-03-2014 10:56:13 Geplanter Prüfpunkt
03-04-2014 12:36:49 Revo Uninstaller Pro's restore point - DMUninstaller

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {126C58D8-2466-479C-882A-14F0EC708344} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {47C8E69F-3777-4ECE-AEC6-D2B5E92A9C5D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {48E42F98-E165-482D-AE5C-F6F4F0FCD25E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {55FC3212-E6E3-4E70-B1B0-64E935EAE87B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {69A5BE9C-9A25-4971-AD0D-6CCF90FF031A} - \UpdaterEX No Task File
Task: {76D5969E-7E51-4FF8-B8BF-777966BE175B} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {857CC92B-1698-41BF-B3F7-0E17479720C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {E3FD6CA9-9A4D-4952-9222-306D6D04AFE1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FA9146C6-E19D-466A-ADA2-5AB3F173607F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-08-29 12:02 - 2012-08-29 12:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 12:02 - 2012-08-29 12:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-04-04 09:37 - 2014-04-04 09:37 - 00050477 _____ () C:\Users\DerBoss\Downloads\Defogger.exe
2012-11-25 04:56 - 2012-07-18 10:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-07-23 21:20 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2012-11-25 05:02 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-29 16:56 - 2014-03-29 16:56 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 08:22:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e5d
Name des fehlerhaften Moduls: mozalloc.dll, Version: 28.0.0.5186, Zeitstempel: 0x5323e5ef
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0xd14
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5

Error: (04/03/2014 02:46:19 PM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz  konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.  0x0.

Error: (04/03/2014 02:46:19 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (04/03/2014 02:46:19 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (04/03/2014 02:36:48 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {36cc2f15-4db1-414c-a42f-8b81c553d1da}

Error: (04/03/2014 02:31:29 PM) (Source: Windows Search Service) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz  konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.  0x0.

Error: (04/03/2014 02:31:29 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (04/03/2014 02:31:28 PM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (04/03/2014 02:26:48 PM) (Source: Application Hang) (User: )
Description: Programm NewPlayer.exe, Version 2.1.1.2 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4f44

Startzeit: 01cf4f37e6d4e5fc

Endzeit: 1

Anwendungspfad: C:\Program Files (x86)\NewPlayer\NewPlayer.exe

Berichts-ID: 2e7dd05a-bb2b-11e3-be8a-b4b52fd933c4

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/01/2014 04:49:10 PM) (Source: Application Hang) (User: )
Description: Programm ts3client_win32.exe, Version 3.0.11.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 4700

Startzeit: 01cf4db4bb1f2b09

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe

Berichts-ID: c7c3a70d-b9ac-11e3-be8a-b4b52fd933c4

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (04/03/2014 09:56:20 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/03/2014 05:01:49 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/03/2014 02:48:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/03/2014 02:48:20 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/03/2014 02:45:19 PM) (Source: DCOM) (User: DerBossPc)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/03/2014 02:45:06 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/03/2014 02:33:40 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (04/03/2014 02:33:28 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (03/26/2014 03:22:08 PM) (Source: DCOM) (User: DerBossPc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/26/2014 03:22:08 PM) (Source: DCOM) (User: DerBossPc)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (04/03/2014 08:22:29 PM) (Source: Application Error)(User: )
Description: plugin-container.exe28.0.0.518653240e5dmozalloc.dll28.0.0.51865323e5ef800000030000119cd1401cf4f67b9836f83C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlle9ba6ae0-bb5c-11e3-be8c-b4b52fd933c4

Error: (04/03/2014 02:46:19 PM) (Source: Windows Search Service)(User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet.  0x0

Error: (04/03/2014 02:46:19 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Error: (04/03/2014 02:46:19 PM) (Source: Windows Search Service)(User: )
Description:

Error: (04/03/2014 02:36:48 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {36cc2f15-4db1-414c-a42f-8b81c553d1da}

Error: (04/03/2014 02:31:29 PM) (Source: Windows Search Service)(User: )
Description: WSearchIdxPiDer Vorgang wurde erfolgreich beendet.  0x0

Error: (04/03/2014 02:31:29 PM) (Source: Windows Search Service)(User: )
Description: Kontext:  Anwendung, SystemIndex Katalog

Error: (04/03/2014 02:31:28 PM) (Source: Windows Search Service)(User: )
Description:

Error: (04/03/2014 02:26:48 PM) (Source: Application Hang)(User: )
Description: NewPlayer.exe2.1.1.24f4401cf4f37e6d4e5fc1C:\Program Files (x86)\NewPlayer\NewPlayer.exe2e7dd05a-bb2b-11e3-be8a-b4b52fd933c4

Error: (04/01/2014 04:49:10 PM) (Source: Application Hang)(User: )
Description: ts3client_win32.exe3.0.11.0470001cf4db4bb1f2b094294967295C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exec7c3a70d-b9ac-11e3-be8a-b4b52fd933c4


==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8147.35 MB
Available physical RAM: 6301.7 MB
Total Pagefile: 9363.35 MB
Available Pagefile: 7269.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1850.33 GB) (Free:1805.73 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.21 GB) (Free:1.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (GamePanel) (CDROM) (Total:0.24 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 6927EBBA)

Partition: GPT Partition Type.

==================== End Of Log ============================
GMER:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-04 09:48:51
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039 ST2000DM001-9YN164 rev.HP16 1863,02GB
Running: Gmer-19357.exe; Driver: C:\Users\DerBoss\AppData\Local\Temp\uwtyrpog.sys


---- User code sections - GMER 2.1 ----

.text  C:\windows\System32\spoolsv.exe[1564] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                          000007fa0164177a 4 bytes [64, 01, FA, 07]
.text  C:\windows\System32\spoolsv.exe[1564] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                          000007fa01641782 4 bytes [64, 01, FA, 07]
.text  c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[1580] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306  000007fa0164177a 4 bytes [64, 01, FA, 07]
.text  c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe[1580] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314  000007fa01641782 4 bytes [64, 01, FA, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6312] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007f9fe6d1532 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6312] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007f9fe6d153a 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[6312] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007f9fe6d165a 4 bytes [6D, FE, F9, 07]
.text  C:\windows\system32\nvvsvc.exe[5708] C:\windows\system32\MSIMG32.dll!GradientFill + 690                                                                    000007f9fe6d1532 4 bytes [6D, FE, F9, 07]
.text  C:\windows\system32\nvvsvc.exe[5708] C:\windows\system32\MSIMG32.dll!GradientFill + 698                                                                    000007f9fe6d153a 4 bytes [6D, FE, F9, 07]
.text  C:\windows\system32\nvvsvc.exe[5708] C:\windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                  000007f9fe6d165a 4 bytes [6D, FE, F9, 07]
.text  C:\windows\system32\nvvsvc.exe[5708] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                          000007fa0164177a 4 bytes [64, 01, FA, 07]
.text  C:\windows\system32\nvvsvc.exe[5708] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                          000007fa01641782 4 bytes [64, 01, FA, 07]
.text  C:\windows\Explorer.EXE[3752] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                  000007fa0164177a 4 bytes [64, 01, FA, 07]
.text  C:\windows\Explorer.EXE[3752] C:\windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                  000007fa01641782 4 bytes [64, 01, FA, 07]
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[2488] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 306                                      000007fa0164177a 4 bytes [64, 01, FA, 07]
.text  C:\Program Files\Logitech Gaming Software\LCore.exe[2488] C:\windows\system32\psapi.dll!GetProcessImageFileNameA + 314                                      000007fa01641782 4 bytes [64, 01, FA, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[5552] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                      000007f9fe6d1532 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[5552] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                      000007f9fe6d153a 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe[5552] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                    000007f9fe6d165a 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[3604] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                      000007f9fe6d1532 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[3604] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                      000007f9fe6d153a 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe[3604] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                    000007f9fe6d165a 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[2340] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                000007f9fe6d1532 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[2340] C:\windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                000007f9fe6d153a 4 bytes [6D, FE, F9, 07]
.text  C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe[2340] C:\windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                              000007f9fe6d165a 4 bytes [6D, FE, F9, 07]

---- Threads - GMER 2.1 ----

Thread  C:\windows\SYSTEM32\ntdll.dll [1508:808]                                                                                                                    0000000000de1c24
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:2668]                                                                                                                  000000006d1fe54e
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:1136]                                                                                                                  000000006be7eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:3200]                                                                                                                  000000006be7eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:340]                                                                                                                    000000006be7eec8
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:4192]                                                                                                                  000000006c82319b
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:4196]                                                                                                                  000000006b707019
Thread  C:\windows\SYSTEM32\ntdll.dll [1508:5032]                                                                                                                  0000000074b716dc
Thread  C:\windows\system32\csrss.exe [4004:1540]                                                                                                                  fffff960008a35e8

---- Disk sectors - GMER 2.1 ----
Ich würde mich echt freuen wenn mir jemand hilft...

schrauber 04.04.2014 09:09
hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Goldix3 04.04.2014 09:40
Erstmal vielen Dank für die Antwort :)

mbam:
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 04.04.2014 10:11:02, SYSTEM, DERBOSSPC, Protection, Malware Protection, Starting,
Protection, 04.04.2014 10:11:02, SYSTEM, DERBOSSPC, Protection, Malware Protection, Started,
Protection, 04.04.2014 10:11:02, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Starting,
Protection, 04.04.2014 10:11:03, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Started,
Update, 04.04.2014 10:12:23, SYSTEM, DERBOSSPC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 04.04.2014 10:12:25, SYSTEM, DERBOSSPC, Manual, Malware Database, 2014.3.4.9, 2014.4.4.2,
Protection, 04.04.2014 10:12:26, SYSTEM, DERBOSSPC, Protection, Refresh, Starting,
Protection, 04.04.2014 10:12:26, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Stopping,
Protection, 04.04.2014 10:12:26, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Stopped,
Protection, 04.04.2014 10:12:29, SYSTEM, DERBOSSPC, Protection, Refresh, Success,
Protection, 04.04.2014 10:12:29, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Starting,
Protection, 04.04.2014 10:12:29, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Started,
Protection, 04.04.2014 10:22:40, SYSTEM, DERBOSSPC, Protection, Malware Protection, Starting,
Protection, 04.04.2014 10:22:40, SYSTEM, DERBOSSPC, Protection, Malware Protection, Started,
Protection, 04.04.2014 10:22:40, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Starting,
Protection, 04.04.2014 10:22:41, SYSTEM, DERBOSSPC, Protection, Malicious Website Protection, Started,

(end)
AdwCleaner hatte ich gestern schon benutzt, um irgendwas zu entfernen.
Das ist die Textdatei von gestern
Code:
# AdwCleaner v3.023 - Bericht erstellt am 03/04/2014 um 14:45:06
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : DerBoss - DERBOSSPC
# Gestartet von : C:\Users\DerBoss\Downloads\adwcleaner3023.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginService
Dienst Gelöscht : Wpm

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\DerBoss\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\DerBoss\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\DerBoss\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\DerBoss\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\DerBoss\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Ordner Gelöscht : C:\Users\DerBoss\Documents\Mobogenie
Ordner Gelöscht : C:\Users\DerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\21pv84sf.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\windows\System32\Tasks\UpdaterEX

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\DerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\21pv84sf.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1396527962&from=tugs&uid=ST2000DM001-9YN164_W240NH5H");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "145278ebd044f667ee2229c0ccd5b230");

*************************

AdwCleaner[R0].txt - [9602 octets] - [03/04/2014 14:44:48]
AdwCleaner[S0].txt - [7833 octets] - [03/04/2014 14:45:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7893 octets] ##########
und das die von heute:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 04/04/2014 um 10:25:44
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : DerBoss - DERBOSSPC
# Gestartet von : C:\Users\DerBoss\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\DerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\6h44v0me.default-1396549465745\prefs.js ]


*************************

AdwCleaner[R0].txt - [9602 octets] - [03/04/2014 14:44:48]
AdwCleaner[R1].txt - [919 octets] - [04/04/2014 10:25:08]
AdwCleaner[S0].txt - [8025 octets] - [03/04/2014 14:45:06]
AdwCleaner[S1].txt - [841 octets] - [04/04/2014 10:25:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [900 octets] ##########
JRT:
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 8 x64
Ran by DerBoss on 04.04.2014 at 10:32:23,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6B928651-254F-4553-A01F-B0F39C9C867D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{6B928651-254F-4553-A01F-B0F39C9C867D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{6B928651-254F-4553-A01F-B0F39C9C867D}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6B928651-254F-4553-A01F-B0F39C9C867D}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2014 at 10:34:59,76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und das neue FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by DerBoss (administrator) on DERBOSSPC on 04-04-2014 10:35:37
Running from C:\Users\DerBoss\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2012-09-19] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-09-19] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3251176115-1451399811-2016643048-1001\...\MountPoints2: {c625c79a-ee20-11e2-be6d-806e6f6e6963} - "E:\Setup\setup.exe"
HKU\S-1-5-21-3251176115-1451399811-2016643048-1001\...\MountPoints2: {f129e00f-5f8b-11e3-be79-b4b52fd933c4} - "G:\DPFMate.exe"

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {6B928651-254F-4553-A01F-B0F39C9C867D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {6B928651-254F-4553-A01F-B0F39C9C867D} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\DerBoss\AppData\Roaming\Mozilla\Firefox\Profiles\6h44v0me.default-1396549465745
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []

==================== Services (Whitelisted) =================

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-07-15] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-07-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-07-22] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130719.002\IDSvia64.sys [513184 2013-07-19] (Symantec Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130722.003\ENG64.SYS [126040 2013-07-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130722.003\EX64.SYS [2098776 2013-07-22] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-07-24] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-04 10:35 - 2014-04-04 10:35 - 00012853 _____ () C:\Users\DerBoss\Downloads\FRST.txt
2014-04-04 10:34 - 2014-04-04 10:34 - 00001211 _____ () C:\Users\DerBoss\Desktop\JRT.txt
2014-04-04 10:28 - 2014-04-04 10:28 - 01038974 _____ (Thisisu) C:\Users\DerBoss\Downloads\JRT.exe
2014-04-04 10:28 - 2014-04-04 10:28 - 00000000 ____D () C:\windows\ERUNT
2014-04-04 10:25 - 2014-04-04 10:27 - 00000979 _____ () C:\Users\DerBoss\Desktop\AdwCleaner[S1].txt
2014-04-04 10:24 - 2014-04-04 10:24 - 01426178 _____ () C:\Users\DerBoss\Downloads\adwcleaner.exe
2014-04-04 10:24 - 2014-04-04 10:24 - 00001657 _____ () C:\Users\DerBoss\Desktop\mbam.txt
2014-04-04 10:11 - 2014-04-04 10:26 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 10:10 - 2014-04-04 10:10 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\DerBoss\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 10:10 - 2014-04-04 10:10 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 10:10 - 2014-04-04 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:10 - 2014-04-04 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 10:10 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-04-04 10:10 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-04-04 10:10 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-04-04 09:48 - 2014-04-04 09:48 - 00007401 _____ () C:\Users\DerBoss\Desktop\Gmer.txt
2014-04-04 09:42 - 2014-04-04 09:42 - 00380416 _____ () C:\Users\DerBoss\Desktop\Gmer-19357.exe
2014-04-04 09:41 - 2014-04-04 09:41 - 00023907 _____ () C:\Users\DerBoss\Desktop\Addition.txt
2014-04-04 09:40 - 2014-04-04 10:35 - 00000000 ____D () C:\FRST
2014-04-04 09:40 - 2014-04-04 09:43 - 00025433 _____ () C:\Users\DerBoss\Desktop\FRST.txt
2014-04-04 09:40 - 2014-04-04 09:40 - 02157056 _____ (Farbar) C:\Users\DerBoss\Downloads\FRST64.exe
2014-04-04 09:38 - 2014-04-04 09:38 - 00000248 _____ () C:\Users\DerBoss\Downloads\defogger_enable.log
2014-04-04 09:38 - 2014-04-04 09:38 - 00000000 _____ () C:\Users\DerBoss\defogger_reenable
2014-04-04 09:37 - 2014-04-04 09:38 - 00000476 _____ () C:\Users\DerBoss\Desktop\defogger_disable.log
2014-04-04 09:37 - 2014-04-04 09:37 - 00050477 _____ () C:\Users\DerBoss\Downloads\Defogger.exe
2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\DerBoss\Desktop\Alte Firefox-Daten
2014-04-03 20:10 - 2014-02-12 12:46 - 00000426 _____ () C:\AVScanner.ini
2014-04-03 14:45 - 2014-04-03 14:45 - 00008025 _____ () C:\Users\DerBoss\Desktop\AdwCleaner[S0].txt
2014-04-03 14:40 - 2014-04-04 10:27 - 00000000 ____D () C:\AdwCleaner
2014-04-03 14:39 - 2014-04-03 14:39 - 01426178 _____ () C:\Users\DerBoss\Downloads\adwcleaner3023.exe
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\Users\DerBoss\AppData\Local\VS Revo Group
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-03 14:35 - 2014-04-03 14:35 - 10619688 _____ (VS Revo Group ) C:\Users\DerBoss\Downloads\RevoUninProSetup.exe
2014-04-03 14:30 - 2014-04-03 14:31 - 00295920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-29 16:56 - 2014-03-29 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 21:56 - 2014-03-13 22:01 - 00000000 ____D () C:\Users\DerBoss\Desktop\Musikjunkie-Farid.Bang.2014.Killa.Premium.Edition
2014-03-11 22:25 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-03-11 22:25 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-11 22:25 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-11 22:25 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-11 22:25 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-11 22:25 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-11 22:25 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-11 22:25 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-11 22:25 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-11 22:25 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-11 22:25 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-11 22:25 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-11 22:25 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-03-11 22:25 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-11 22:25 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-11 22:25 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-11 22:25 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-11 22:25 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-11 22:25 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-03-11 22:25 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-03-11 22:25 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-03-11 22:25 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys

==================== One Month Modified Files and Folders =======

2014-04-04 10:35 - 2014-04-04 10:35 - 00012853 _____ () C:\Users\DerBoss\Downloads\FRST.txt
2014-04-04 10:35 - 2014-04-04 09:40 - 00000000 ____D () C:\FRST
2014-04-04 10:34 - 2014-04-04 10:34 - 00001211 _____ () C:\Users\DerBoss\Desktop\JRT.txt
2014-04-04 10:31 - 2012-11-25 13:45 - 00745562 _____ () C:\windows\system32\perfh007.dat
2014-04-04 10:31 - 2012-11-25 13:45 - 00169488 _____ () C:\windows\system32\perfc007.dat
2014-04-04 10:31 - 2012-07-26 09:28 - 01752656 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-04 10:28 - 2014-04-04 10:28 - 01038974 _____ (Thisisu) C:\Users\DerBoss\Downloads\JRT.exe
2014-04-04 10:28 - 2014-04-04 10:28 - 00000000 ____D () C:\windows\ERUNT
2014-04-04 10:27 - 2014-04-04 10:25 - 00000979 _____ () C:\Users\DerBoss\Desktop\AdwCleaner[S1].txt
2014-04-04 10:27 - 2014-04-03 14:40 - 00000000 ____D () C:\AdwCleaner
2014-04-04 10:26 - 2014-04-04 10:11 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 10:26 - 2012-08-01 19:02 - 01962712 _____ () C:\windows\PFRO.log
2014-04-04 10:26 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-04 10:25 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-04 10:24 - 2014-04-04 10:24 - 01426178 _____ () C:\Users\DerBoss\Downloads\adwcleaner.exe
2014-04-04 10:24 - 2014-04-04 10:24 - 00001657 _____ () C:\Users\DerBoss\Desktop\mbam.txt
2014-04-04 10:22 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\schemas
2014-04-04 10:10 - 2014-04-04 10:10 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\DerBoss\Downloads\mbam-setup-2.0.0.1000.exe
2014-04-04 10:10 - 2014-04-04 10:10 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-04 10:10 - 2014-04-04 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-04 10:10 - 2014-04-04 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-04 10:08 - 2014-01-29 16:06 - 00000000 ____D () C:\Users\DerBoss\AppData\Roaming\Skype
2014-04-04 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-04-04 09:48 - 2014-04-04 09:48 - 00007401 _____ () C:\Users\DerBoss\Desktop\Gmer.txt
2014-04-04 09:44 - 2013-07-16 16:14 - 01273712 _____ () C:\windows\WindowsUpdate.log
2014-04-04 09:43 - 2014-04-04 09:40 - 00025433 _____ () C:\Users\DerBoss\Desktop\FRST.txt
2014-04-04 09:42 - 2014-04-04 09:42 - 00380416 _____ () C:\Users\DerBoss\Desktop\Gmer-19357.exe
2014-04-04 09:41 - 2014-04-04 09:41 - 00023907 _____ () C:\Users\DerBoss\Desktop\Addition.txt
2014-04-04 09:40 - 2014-04-04 09:40 - 02157056 _____ (Farbar) C:\Users\DerBoss\Downloads\FRST64.exe
2014-04-04 09:40 - 2013-07-22 17:38 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-04 09:38 - 2014-04-04 09:38 - 00000248 _____ () C:\Users\DerBoss\Downloads\defogger_enable.log
2014-04-04 09:38 - 2014-04-04 09:38 - 00000000 _____ () C:\Users\DerBoss\defogger_reenable
2014-04-04 09:38 - 2014-04-04 09:37 - 00000476 _____ () C:\Users\DerBoss\Desktop\defogger_disable.log
2014-04-04 09:38 - 2013-07-16 16:14 - 00000000 ____D () C:\Users\DerBoss
2014-04-04 09:37 - 2014-04-04 09:37 - 00050477 _____ () C:\Users\DerBoss\Downloads\Defogger.exe
2014-04-04 09:34 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-04 00:00 - 2013-09-06 18:23 - 00000000 ____D () C:\Users\DerBoss\AppData\Local\PokerStars.EU
2014-04-03 20:51 - 2013-07-16 16:20 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3251176115-1451399811-2016643048-1001
2014-04-03 20:24 - 2014-04-03 20:24 - 00000000 ____D () C:\Users\DerBoss\Desktop\Alte Firefox-Daten
2014-04-03 15:59 - 2013-07-22 17:46 - 00000000 ____D () C:\Users\DerBoss\AppData\Roaming\TS3Client
2014-04-03 14:45 - 2014-04-03 14:45 - 00008025 _____ () C:\Users\DerBoss\Desktop\AdwCleaner[S0].txt
2014-04-03 14:39 - 2014-04-03 14:39 - 01426178 _____ () C:\Users\DerBoss\Downloads\adwcleaner3023.exe
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\Users\DerBoss\AppData\Local\VS Revo Group
2014-04-03 14:36 - 2014-04-03 14:36 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-04-03 14:35 - 2014-04-03 14:35 - 10619688 _____ (VS Revo Group ) C:\Users\DerBoss\Downloads\RevoUninProSetup.exe
2014-04-03 14:33 - 2013-07-27 19:40 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-03 14:33 - 2013-07-16 16:14 - 00001444 _____ () C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-03 14:33 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-04-03 14:31 - 2014-04-03 14:30 - 00295920 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-03 14:30 - 2013-07-27 19:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-03 12:55 - 2013-12-06 18:50 - 00018468 _____ () C:\Users\DerBoss\daemonprocess.txt
2014-03-29 16:56 - 2014-03-29 16:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 15:53 - 2013-09-06 18:23 - 00000000 ____D () C:\Program Files (x86)\PokerStars.EU
2014-03-25 19:41 - 2013-07-28 16:43 - 00000000 ____D () C:\Users\DerBoss\Downloads\Bushido & Shindy NWA 2013
2014-03-18 20:00 - 2013-08-15 17:38 - 00000000 ____D () C:\windows\system32\MRT
2014-03-18 19:58 - 2013-07-23 21:43 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-13 22:23 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\rescache
2014-03-13 22:01 - 2014-03-13 21:56 - 00000000 ____D () C:\Users\DerBoss\Desktop\Musikjunkie-Farid.Bang.2014.Killa.Premium.Edition
2014-03-13 21:59 - 2012-07-26 09:21 - 00030262 _____ () C:\windows\setupact.log
2014-03-13 21:42 - 2013-07-16 16:15 - 00000000 ___RD () C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-13 21:42 - 2013-07-16 16:15 - 00000000 ___RD () C:\Users\DerBoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-13 07:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 07:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-13 07:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\windows\ToastData
2014-03-13 07:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-13 07:37 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-11 22:45 - 2013-07-22 17:38 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-05 09:26 - 2014-04-04 10:10 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-04-04 10:10 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-04-04 10:10 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-05 00:52 - 2013-07-27 19:35 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-05 00:52 - 2013-07-27 19:35 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\DerBoss\AppData\Local\Temp\avgnt.exe
C:\Users\DerBoss\AppData\Local\Temp\Quarantine.exe
C:\Users\DerBoss\AppData\Local\Temp\sdanircmdc.exe
C:\Users\DerBoss\AppData\Local\Temp\TeamSpeak3-Client-win64-3.0.10.1.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-28 10:34

==================== End Of Log ============================
--- --- ---

schrauber 05.04.2014 10:28

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131