Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Positive finds (https://www.trojaner-board.de/163770-positive-finds.html)

Kornblume21 09.02.2015 12:55
Positive finds
 
Hallo, ich bin neu hier und hoffe das ihr mir helfen könnt..
Ich hab mir gestern mit einem anderen Programm ungewollt Positivefinds runtergeladen.
Jetzt tauchen überall Werbungen auf.
Ich hab schon versucht es mit der Systemsteuerung zu deinstallieren, das Symbol ist auch weg und den Rest hab ich in den Papierkorb gelegt und den dann gelöscht.
Außerdem hab ich noch den AdwCleaner ganze 3 Mal drüber laufen lassen.
Aber es erscheinen immer noch alle Werbungen, und leiten wenn man sie weg klicken will auf andere Seiten.
Außerdem hab ich versucht es mit dem SpyHunter4 der oft entfohlen wird wegzumachen der hilft aber kein bisschen, und der lässt sich jetzt auch nicht mehr entfernen bzw er ist weg aber er erscheint trotzdem noch wenn man den Computer hochfährt.
Ich hab einen PC und das Betriebssystem Windows 7 und arbeite mit Google Chrome.
Ich weiß nicht mehr weiter und hab schon so viel gelesen und verstehe das alles nicht ich kenne mich mit solchen Codes und was man damit macht gar nicht aus..
Bitte habt Geduld mit mir ich bin eine Totale Anfängern.
Danke im Voraus an alle die mir helfen möchten.

*edit*

*Es erscheint auch am Linken Rand ein Balken der Bilder zeigt oder mich zu anderen Themen weiterleiten will*

Warlord711 09.02.2015 15:10
Hallo Kornblume21

:hallo:

Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Hier findest du die Anleitung für Hilfesuchende
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg.

Wir arbeiten hier alle freiwillig und meist auch nur in unserer Freizeit. Daher kann es bei Antworten zu Verzögerungen kommen.
Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist.


Führe sämtliche Tools mit administrativen Rechten aus, Vista, Win7,Win8 User mit Rechtsklick "als Administrator starten".

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Cursor zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Kornblume21 09.02.2015 15:51
Danke für deine schnelle Antwort.
Aber ich musste den Norton deaktivieren.
Ich hoffe ich habe es richtig gemacht.

FRST Editor.


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Theresa (administrator) on THERESA-PC on 09-02-2015 15:47:47
Running from C:\Users\Theresa\Downloads
Loaded Profiles: Theresa (Available profiles: Theresa)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVEO) C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Huawei Technologies Co., Ltd.) C:\Users\Theresa\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-06-16] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AveoSTI.exe] => C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Run: [Google Update] => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccad-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccb1-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccee-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccf1-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1e762afd-43f3-11e1-821d-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1e762b08-43f3-11e1-821d-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {589ba581-980b-11e0-8ec8-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {589ba598-980b-11e0-8ec8-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {89dbaf93-ed96-11e3-9a26-1c6f65877ed0} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {a009b415-c701-11e0-a8c1-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {a009b419-c701-11e0-a8c1-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {c639a99a-b5c4-11e0-aa00-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {d0bc2256-980a-11e0-9cd5-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {df36eeba-871c-11e3-9eb4-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {e2da4aa6-c4bb-11e0-9809-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {e2da4aad-c4bb-11e0-9809-1c6f65877ed0} - I:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => http=127.0.0.1:57066;https=127.0.0.1:57066
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3319204614-1463971908-219564730-1000 -> {1E5A1183-23A4-45f8-B42C-137A28242B02} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3319204614-1463971908-219564730-1000 -> {756A330B-A09C-4cdd-BD24-6899EA50A35A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3319204614-1463971908-219564730-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319204614-1463971908-219564730-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3319204614-1463971908-219564730-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn [2015-02-09]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-16]
FF HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M3ADB7403-1B09-44B1-9105-6405263F25D5&SearchSource=55&CUI=&UM=5&UP=SP8547A275-2593-4A9D-BD1E-B99655D367C8&SSPV=SP21511B_sp_ch
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.5.1_0\plugins/npProductDetectPlugin.dll (Hewlett-Packard)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google-Suche) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (HP Product Detection Plugin) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp [2011-08-16]
CHR Extension: (Google Wallet) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
StartMenuInternet: Google Chrome - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-18] (Adobe Systems) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-09] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25088 2009-10-26] (HTC, Corporation)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2011-06-17] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [321024 2010-12-31] (AVEO Corp) [File not signed]
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20150106.001\BHDrvx86.sys [1164504 2015-01-06] (Symantec Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2015-01-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-09] ()
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-09] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-08-20] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20150206.001\IDSvix86.sys [503512 2015-01-31] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-06-17] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20150208.001\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20150208.001\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [183584 2010-01-27] (Realtek Semiconductor Corp.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [728064 2011-06-01] (Realtek Semiconductor Corporation                          )
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [35960 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-18] (Symantec Corporation)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [112128 2009-06-15] (Huawei Technologies Co., Ltd.)
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 15:47 - 2015-02-09 15:48 - 00024932 _____ () C:\Users\Theresa\Downloads\FRST.txt
2015-02-09 15:47 - 2015-02-09 15:47 - 00000000 ____D () C:\FRST
2015-02-09 15:46 - 2015-02-09 15:46 - 01124352 _____ (Farbar) C:\Users\Theresa\Downloads\FRST.exe
2015-02-09 15:45 - 2015-02-09 15:45 - 02132992 _____ (Farbar) C:\Users\Theresa\Downloads\FRST64.exe
2015-02-09 11:20 - 2015-02-09 14:21 - 00000000 ____D () C:\AdwCleaner
2015-02-09 11:16 - 2015-02-09 11:17 - 02112512 _____ () C:\Users\Theresa\Downloads\adwcleaner_4.110.exe
2015-02-09 10:47 - 2015-02-09 10:47 - 00000000 ____D () C:\Users\Theresa\AppData\Roaming\Enigma Software Group
2015-02-09 10:45 - 2015-02-09 10:46 - 00000000 ____D () C:\sh4ldr
2015-02-09 10:42 - 2015-02-09 10:42 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-09 10:41 - 2015-02-09 10:41 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-09 10:29 - 2015-02-09 10:29 - 00503936 _____ () C:\Users\Theresa\Downloads\Nicht bestätigt 167480.crdownload
2015-02-07 19:41 - 2015-02-07 19:41 - 00022005 _____ () C:\Users\Theresa\Desktop\Unbenannt 6.odt
2015-02-06 12:25 - 2015-02-06 12:25 - 00001284 _____ () C:\Users\Theresa\Hartlauer Fotoviewer.lnk
2015-02-06 12:25 - 2015-02-06 12:25 - 00001284 _____ () C:\Users\Theresa\Hartlauer Foto World.lnk
2015-02-06 11:50 - 2015-02-09 11:05 - 00000000 ____D () C:\Users\Theresa\Desktop\Neuer Ordner
2015-01-26 08:37 - 2015-01-26 08:48 - 00028739 _____ () C:\Users\Theresa\Desktop\Idee Anfang.odt
2015-01-21 18:25 - 2015-01-21 18:25 - 00003349 _____ () C:\Users\Theresa\AppData\Local\recently-used.xbel
2015-01-14 09:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:53 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:53 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:53 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:53 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 15:22 - 2011-06-16 13:41 - 01728782 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 15:14 - 2011-06-16 15:03 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000UA.job
2015-02-09 14:58 - 2013-02-26 11:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 14:31 - 2009-07-14 05:34 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 14:31 - 2009-07-14 05:34 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 14:23 - 2011-06-17 08:06 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-09 14:23 - 2011-06-17 07:50 - 00000144 _____ () C:\service.log
2015-02-09 14:23 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 14:23 - 2009-07-14 05:39 - 00283593 _____ () C:\Windows\setupact.log
2015-02-09 11:28 - 2011-06-16 13:41 - 00000000 ____D () C:\Users\Theresa
2015-02-09 11:06 - 2014-06-16 06:36 - 00000000 ____D () C:\Users\Theresa\Desktop\Chat
2015-02-09 10:34 - 2013-04-14 15:13 - 06402048 ___SH () C:\Users\Theresa\Desktop\Thumbs.db
2015-02-09 10:26 - 2014-06-26 21:02 - 00000000 ____D () C:\Users\Theresa\AppData\Roaming\DVDVideoSoft
2015-02-09 10:22 - 2012-03-24 13:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-08 20:34 - 2014-04-05 12:34 - 00000000 ____D () C:\ProgramData\Wizard101(DE)
2015-02-08 20:30 - 2011-06-16 14:59 - 00103740 _____ () C:\Windows\PFRO.log
2015-02-08 20:15 - 2014-06-26 21:07 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-08 20:15 - 2014-06-26 21:07 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-08 17:14 - 2011-06-16 15:03 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000Core.job
2015-02-06 12:59 - 2014-05-13 10:00 - 00000000 ____D () C:\ProgramData\tmp
2015-02-06 12:36 - 2014-05-13 10:00 - 00000000 ____D () C:\ProgramData\hps
2015-02-05 18:58 - 2013-02-26 11:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 18:58 - 2013-02-26 11:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 12:49 - 2013-03-31 15:43 - 00000000 ____D () C:\Program Files\DesertBrainMaster
2015-02-05 12:49 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-05 12:48 - 2011-09-06 07:48 - 00000000 ____D () C:\Program Files\EA GAMES
2015-02-05 12:44 - 2013-03-31 15:55 - 00000000 ____D () C:\Program Files\Water Mahjongg
2015-02-05 12:44 - 2011-06-16 18:12 - 00000000 ____D () C:\Users\Theresa\Documents\bitComposer Games
2015-02-05 12:42 - 2011-12-24 13:53 - 00000000 ____D () C:\ProgramData\GARTEN8C
2015-01-26 08:40 - 2011-06-16 13:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 14:52 - 2012-03-26 16:30 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-24 14:52 - 2011-06-16 14:49 - 00000000 ____D () C:\ProgramData\Norton
2015-01-21 19:04 - 2014-11-30 15:25 - 00000000 ____D () C:\Users\Theresa\Desktop\Neuer Ordner (3)
2015-01-21 18:26 - 2013-10-15 19:47 - 00000000 ____D () C:\Users\Theresa\.gimp-2.8
2015-01-21 18:25 - 2013-08-11 08:01 - 00000000 ____D () C:\Users\Theresa\AppData\Local\gtk-2.0
2015-01-21 18:23 - 2009-07-14 03:04 - 00000511 _____ () C:\Windows\win.ini
2015-01-20 21:07 - 2011-06-18 12:17 - 00000000 ____D () C:\Users\Theresa\AppData\Local\CrashDumps
2015-01-15 03:30 - 2013-07-14 20:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2011-07-01 07:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-01-21 18:25 - 2015-01-21 18:25 - 0003349 _____ () C:\Users\Theresa\AppData\Local\recently-used.xbel
2012-03-18 09:13 - 2012-03-18 09:13 - 0000017 _____ () C:\Users\Theresa\AppData\Local\resmon.resmoncfg
2014-12-08 13:28 - 2014-12-08 13:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-08-16 20:01 - 2011-08-16 20:09 - 0000804 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Theresa\OOo_3.3.0_Win_x86_install-wJRE_de.exe


Some content of TEMP:
====================
C:\Users\Theresa\AppData\Local\Temp\86438uninstall.exe
C:\Users\Theresa\AppData\Local\Temp\APNStub.exe
C:\Users\Theresa\AppData\Local\Temp\AutoRun.exe
C:\Users\Theresa\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Theresa\AppData\Local\Temp\bfguni.exe
C:\Users\Theresa\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Theresa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7320011.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7330004.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7350007.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Theresa\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Theresa\AppData\Local\Temp\EAInstall.dll
C:\Users\Theresa\AppData\Local\Temp\eauninstall.exe
C:\Users\Theresa\AppData\Local\Temp\EBU452A.EXE
C:\Users\Theresa\AppData\Local\Temp\EBU47BE.exe
C:\Users\Theresa\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Theresa\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\Theresa\AppData\Local\Temp\htmlayout.dll
C:\Users\Theresa\AppData\Local\Temp\iConvertUpdate.exe
C:\Users\Theresa\AppData\Local\Temp\installhelper.dll
C:\Users\Theresa\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Theresa\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Theresa\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Theresa\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Theresa\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Theresa\AppData\Local\Temp\Mobogenie_Setup_2-1-37_610.exe
C:\Users\Theresa\AppData\Local\Temp\nsbCFB1.exe
C:\Users\Theresa\AppData\Local\Temp\nsg7722.exe
C:\Users\Theresa\AppData\Local\Temp\nsgD721.exe
C:\Users\Theresa\AppData\Local\Temp\nsr7B0A.exe
C:\Users\Theresa\AppData\Local\Temp\ResetDevice.exe
C:\Users\Theresa\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Theresa\AppData\Local\Temp\setup.exe
C:\Users\Theresa\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Theresa\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Theresa\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe
C:\Users\Theresa\AppData\Local\Temp\tmd_34017914.exe
C:\Users\Theresa\AppData\Local\Temp\toolbar11484949.exe
C:\Users\Theresa\AppData\Local\Temp\uninst1.exe
C:\Users\Theresa\AppData\Local\Temp\uninstall20319988.exe
C:\Users\Theresa\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Theresa\AppData\Local\Temp\VP6Install.exe
C:\Users\Theresa\AppData\Local\Temp\VP6VFW.dll
C:\Users\Theresa\AppData\Local\Temp\_is99A1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 17:07

==================== End Of Log ============================
--- --- ---

--- --- ---



Addition Editor

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Theresa at 2015-02-09 15:48:33
Running from C:\Users\Theresa\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.08 - GIGABYTE)
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
5600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
5600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 9.5.2 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
ATI AVIVO Codecs (Version: 11.6.0.50825 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{5D8A076D-F75E-A149-10D8-87338721AA3A}) (Version: 3.0.790.0 - ATI Technologies, Inc.)
AutoGreen B10.0517.1 (HKLM\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B10.0517.1 (Version: 1.00.0000 - GIGABYTE) Hidden
AVEO USB2.0 PC Camera(U2HGCV3P31048) (HKLM\...\{3860C309-C642-49EE-B32D-8C4B462BC7BE}) (Version: 2.0.0.5 - USB2.0 PC Camera)
Awakening: Das Himmelsschloss (HKLM\...\BFG-Awakening - Das Himmelsschloss) (Version:  - )
Awakening: Das Koenigreich der Kobolde (HKLM\...\BFG-Awakening - Das Koenigreich der Kobolde) (Version:  - )
Belkin N300 Micro USB Wireless Adapter (HKLM\...\{B20F9D1C-A0A5-4cd8-8306-DA03872311B1}) (Version: 1.00.0155 - )
Big Fish Games: Game Manager (HKLM\...\BFGC) (Version: 2.0.0.8 - )
Bing Bar (HKLM\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Browser Configuration Utility (HKLM\...\{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}) (Version: 1.1.18.0 - DeviceVM Inc.) <==== ATTENTION
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2010.0825.2146.37182 - Ihr Firmenname) Hidden
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dark Parables: Der Orden der Rotkaeppchen (HKLM\...\BFG-Dark Parables - Der Orden der Rotkaeppchen) (Version:  - )
Dark Parables: Der Schmerz der Schneekoenigin (HKLM\...\BFG-Dark Parables - Der Schmerz der Schneekoenigin) (Version:  - )
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Die ersten 10 Jahre (HKLM\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
Die Sims™ Inselgeschichten (HKLM\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version:  - Electronic Arts)
Die Sims™ Tiergeschichten (HKLM\...\{A10DA03B-9048-48B4-00A2-A71153C3F886}) (Version:  - Electronic Arts)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Easy Tune 6 B10.0516.1 (HKLM\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0516.1 (Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.1214.1  (HKLM\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gameforge Live 2.0.5 (HKLM\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.5 - Gameforge)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hartlauer Foto World (HKLM\...\Hartlauer Foto World) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HydraVision (Version: 4.2.180.0 - ATI Technologies Inc.) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IPTInstaller (HKLM\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 10 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217010FF}) (Version: 7.0.100 - Oracle)
Junk Mail filter update (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Madagascar (HKLM\...\InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}) (Version: 1.00.0000 - Activision)
Madagascar (TM) (Version: 1.00.0000 - Activision) Hidden
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM\...\Mobile Partner) (Version: 11.300.05.00.152 - Huawei Technologies Co.,Ltd)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
msxml4 (HKLM\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
Mystery Case Files &reg;: 13th Skull (HKLM\...\BFG-Mystery Case Files - 13th Skull) (Version:  - )
Mystery Case Files&reg;: Dire Grove™ (HKLM\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.18.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.18.0 - NEC Electronics Corporation) Hidden
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 19.9.1.14 - Symantec Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
ON_OFF Charge B10.0427.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenLibraries (HKLM\...\OpenLibraries) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Photomizer (HKLM\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.0.12.229 - Engelmann Media GmbH)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Realtek Ethernet Controller Driver For Windows 7 (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.18.322.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6034 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6083 - Realtek Semiconductor Corp.)
Robinson Crusoe (HKLM\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version:  - cerasus.media GmbH)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stronghold 2 Deluxe (HKLM\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.30 - Firefly Studios)
Stronghold Legends (HKLM\...\{66A405D2-BA14-4594-BF36-B3B544F0754E}) (Version: 1.20.0000 - Firefly Studios)
Studie zur Verbesserung von HP Officejet Pro 8600 Produkten (HKLM\...\{4033E880-B959-49E7-A1B0-BF2E81BBC2AA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
T-Mobile Internet Manager (HKLM\...\T-Mobile Internet Manager) (Version: 11.301.05.00.108 - Huawei Technologies Co.,Ltd)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Turtle Odyssey 2 (HKLM\...\Turtle Odyssey 2) (Version:  - )
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Wildlife Park 2 - Meine Haustiere WildlifePark2_MeineHaustiere_DE_v2.1 (HKLM\...\Wildlife Park 2 - Meine Haustiere_is1) (Version:  - Deep Silver)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows-Treiberpaket - Telechips Inc (vtcdrv) USB  (11/16/2011 5.0.0.3) (HKLM\...\E40BDFFBFD93EBFF5EF93A21BDA9030934851531) (Version: 11/16/2011 5.0.0.3 - Telechips Inc)
Wizard101(DE) (HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Wizard101(DE)_is1) (Version:  - Gameforge 4D GmbH)
WolfQuest (HKLM\...\{9E6AD6CF-1EFF-43E4-86C4-5C00254C3D8E}) (Version: 2.5.1 - eduweb)
Zoo Tycoon: Complete Collection (HKLM\...\Zoo Tycoon 1.0) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Theresa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Theresa\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3319204614-1463971908-219564730-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {047D1B10-5268-4C78-9214-6DA7DE142746} - System32\Tasks\{942DC7A1-176A-4AB7-8696-A1A2650AD173} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {0A68CB08-A6D7-40D1-9144-3797BC27F028} - System32\Tasks\{CFEECAF2-D92B-4C31-B3CD-AA8BDC5AF4DF} => pcalua.exe -a "C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.7.2\GUninstaller.exe" -c -uprtc -key "BabylonToolbar"
Task: {1450C48C-C60C-4502-A06A-51057FBD5941} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000Core => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {35266A5C-6318-4D7E-86D2-BD6BF9D8201D} - System32\Tasks\{DC70B069-CF6D-42CB-9FDB-AF4DDEC82ED2} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {466910AB-21DC-4EA5-9EF0-ED0A7384A7EA} - System32\Tasks\{2E80A6EA-5C99-465E-AA2F-A16E74EFAB35} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {4F258251-7800-49BA-878A-5056655F1DC3} - System32\Tasks\{46F77A0C-C243-4971-9294-9B053057B4AC} => pcalua.exe -a "C:\Program Files\EA GAMES\Die Sims 2 Super Deluxe\EAUninstall.exe"
Task: {74C78660-9607-4DDF-88DC-63DA71DC648B} - System32\Tasks\{37C082FF-9CB3-4092-9FA3-B32E68B2770D} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {75C6342C-7774-4A1C-9719-8D25C4EDB574} - System32\Tasks\{8522F950-76E2-4ED7-9330-3E2980D5F6D0} => pcalua.exe -a C:\PROGRA~1\PURPLE~1\JOANJA~1\UNWISE.EXE -c C:\PROGRA~1\PURPLE~1\JOANJA~1\INSTALL.LOG
Task: {785E297D-4092-42BA-8FFA-E8EA88B89FC1} - System32\Tasks\{3806F000-7275-4B8F-9972-35EA3EF52BA9} => pcalua.exe -a C:\Windows\IsUn0407.exe -d C:\Windows -c -fC:\Programme\Disney Interactive\Aladdin\DeIsL1.isu
Task: {7894AE02-4B30-4B33-AB0B-0B3BB4E26F6F} - System32\Tasks\{6FAF8449-07A8-468B-8B86-3983911321EB} => pcalua.exe -a "C:\Users\Theresa\Downloads\jahplayer-0.2.2-installer (3).exe" -d C:\Users\Theresa\Downloads
Task: {87725664-DAFF-4983-ABCD-E52238DE9766} - System32\Tasks\{68F20D32-3954-4DB8-9C25-5F1665EA84A8} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {89CD2FEE-8A40-4496-879C-7C9F70701549} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {8C587E77-1611-487A-9FD7-180E0D986633} - System32\Tasks\{2CFAB97B-241C-4A22-9F3E-09179C363476} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {9DAAA007-B931-4344-A7E3-5B7A7D251182} - System32\Tasks\{721B5516-A75E-4B0C-9814-9D2E8F731F0F} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {9DC71F2C-3474-4440-92DB-FF7087CBFF08} - System32\Tasks\{82494719-F0AB-4BF0-9E8C-879F6832A4B7} => I:\COMTEST\Bin\COMTEST.exe
Task: {B48DBAF1-AF29-4FFD-ABAF-C049D5070D7E} - System32\Tasks\{7D74943A-5468-4482-9B8D-1B0F38C15AB7} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {B55261B8-D7C1-49C4-8DDE-47B19E33CEFA} - System32\Tasks\{0176C4DC-9797-41B0-A07D-EBB4181E981A} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {B6CABD96-5BF1-418B-ABB3-DC349030BC5B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-04] (Symantec Corporation)
Task: {B844621B-FCD6-4D24-909A-54BBCB91897E} - System32\Tasks\{AB5027B1-C286-477E-BAA9-10DA390F8651} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {BDD239D2-34A8-479F-8E4E-27ADF139AA97} - System32\Tasks\{95A714E3-A0DE-45BE-99FD-028346AD51AE} => pcalua.exe -a "C:\Program Files\jahPlayer\openlibraries-0.4.0-runtime.exe" -d "C:\Program Files\jahPlayer"
Task: {CE2F4B02-1486-4FF4-95ED-045DA25CC26E} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {D166794E-FEDB-4F20-94A7-10ED85475CB9} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: {D21D8588-6420-448E-8C1E-ACBACE20CDE1} - System32\Tasks\{43FF4D2C-B9B0-4E37-8810-954D065A757A} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {DA55C26B-D7B8-4165-A69F-615F660E9C49} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000UA => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)
Task: {DD93DA5B-CC13-4984-90DE-11964DE48A2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {E4884FDD-84AF-4077-8064-CCC31998AFCD} - System32\Tasks\{B54D18DF-F193-4DBE-B0C9-C73154F39AE5} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {E522186C-E022-410E-9468-6309DEE58F3D} - System32\Tasks\{4673B7AB-2339-4A5D-ABD8-D99CD84EB1C6} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {EA20C1C5-BCAA-41E2-B2A1-8D3A5C739C6A} - System32\Tasks\{764A301A-7B2F-423A-B165-60D413EE2C03} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {EAC4E9DA-4162-4856-96DA-50C7FDAF0CEA} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-09] (Enigma Software Group USA, LLC.)
Task: {EBB1DC60-7F7A-4BDE-9B7D-B5AB90C3A912} - System32\Tasks\{84AC4ADD-B347-45FD-8BF0-39BAD8398DF3} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe
Task: {F74E3753-65FE-431B-9D15-228A708DC275} - System32\Tasks\{C9F2709A-50FD-4DD6-A823-8FB84F5F5293} => C:\Program Files\Deep Silver\Wildlife Park 2\WLP2.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000Core.job => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000UA.job => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-17 07:50 - 2009-08-24 13:38 - 00068136 _____ () C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
2011-06-17 07:50 - 2009-03-13 10:30 - 00109096 _____ () C:\Program Files\Gigabyte\EasySaver\YCC.DLL
2012-12-07 18:27 - 2012-12-07 18:27 - 00167424 _____ () C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
2012-08-02 08:18 - 2010-10-25 14:38 - 00049152 _____ () C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AVEOCamSDK.dll
2010-08-04 14:58 - 2010-08-04 14:58 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-08-25 20:44 - 2010-08-25 20:44 - 00270336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2015-02-06 17:21 - 2015-02-04 10:02 - 01117512 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-06 17:21 - 2015-02-04 10:02 - 00211272 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-06 17:21 - 2015-02-04 10:02 - 09170760 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll
2015-02-06 17:21 - 2015-02-04 10:02 - 14965064 _____ () C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:2701CA70
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE
AlternateDataStreams: C:\ProgramData\TEMP:A4241298
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30
AlternateDataStreams: C:\ProgramData\TEMP:D8A1AC56

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3319204614-1463971908-219564730-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3319204614-1463971908-219564730-500 - Administrator - Disabled)
Gast (S-1-5-21-3319204614-1463971908-219564730-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3319204614-1463971908-219564730-1002 - Limited - Enabled)
Theresa (S-1-5-21-3319204614-1463971908-219564730-1000 - Administrator - Enabled) => C:\Users\Theresa

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 01:47:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm ccSvcHst.exe, Version 11.2.3.6 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: a80

Startzeit: 01d04461ffda88da

Endzeit: 7

Anwendungspfad: C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

Berichts-ID: c3e0bebc-b059-11e4-b2f7-1c6f65877ed0

Error: (02/05/2015 00:28:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e28

Startzeit: 01d0306e2823873f

Endzeit: 4041

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 03e27b68-ad2a-11e4-a202-1c6f65877ed0

Error: (02/04/2015 10:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm WizardGraphicalClient.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 89e60

Startzeit: 01d040abcc64ad2b

Endzeit: 1103

Anwendungspfad: C:\ProgramData\Wizard101(DE)\Bin\WizardGraphicalClient.exe

Berichts-ID:

Error: (01/28/2015 08:55:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000050e0
ID des fehlerhaften Prozesses: 0x3dc
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (01/28/2015 08:55:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ccSvcHst.exe, Version: 11.2.3.6, Zeitstempel: 0x4fdbcf1d
Name des fehlerhaften Moduls: ISDATAPR.DLL, Version: 19.9.1.14, Zeitstempel: 0x510c9139
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00077ee7
ID des fehlerhaften Prozesses: 0x770
Startzeit der fehlerhaften Anwendung: 0xccSvcHst.exe0
Pfad der fehlerhaften Anwendung: ccSvcHst.exe1
Pfad des fehlerhaften Moduls: ccSvcHst.exe2
Berichtskennung: ccSvcHst.exe3

Error: (01/20/2015 09:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: HPNetworkCommunicatorCom.exe, Version: 28.0.1315.0, Zeitstempel: 0x507e9038
Name des fehlerhaften Moduls: HPNetworkCommunicatorCom.exe, Version: 28.0.1315.0, Zeitstempel: 0x507e9038
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000158cf
ID des fehlerhaften Prozesses: 0x12f30
Startzeit der fehlerhaften Anwendung: 0xHPNetworkCommunicatorCom.exe0
Pfad der fehlerhaften Anwendung: HPNetworkCommunicatorCom.exe1
Pfad des fehlerhaften Moduls: HPNetworkCommunicatorCom.exe2
Berichtskennung: HPNetworkCommunicatorCom.exe3

Error: (01/19/2015 05:12:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: WizardLauncher.exe, Version: 0.0.0.0, Zeitstempel: 0x5421de7d
Name des fehlerhaften Moduls: uxtheme.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bdb38
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73931bbb
ID des fehlerhaften Prozesses: 0x3e3bc
Startzeit der fehlerhaften Anwendung: 0xWizardLauncher.exe0
Pfad der fehlerhaften Anwendung: WizardLauncher.exe1
Pfad des fehlerhaften Moduls: WizardLauncher.exe2
Berichtskennung: WizardLauncher.exe3

Error: (01/10/2015 05:31:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 39.0.2171.95 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6c8d8

Startzeit: 01d02cf2b6a321b9

Endzeit: 16

Anwendungspfad: C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe

Berichts-ID: 0326c0cd-98e6-11e4-adcb-1c6f65877ed0

Error: (12/24/2014 00:59:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Name des fehlerhaften Moduls: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002167
ID des fehlerhaften Prozesses: 0x46118
Startzeit der fehlerhaften Anwendung: 0xSims2Launcher.exe0
Pfad der fehlerhaften Anwendung: Sims2Launcher.exe1
Pfad des fehlerhaften Moduls: Sims2Launcher.exe2
Berichtskennung: Sims2Launcher.exe3

Error: (12/24/2014 00:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Name des fehlerhaften Moduls: Sims2Launcher.exe, Version: 1.0.0.1, Zeitstempel: 0x48f12e72
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00002167
ID des fehlerhaften Prozesses: 0x46510
Startzeit der fehlerhaften Anwendung: 0xSims2Launcher.exe0
Pfad der fehlerhaften Anwendung: Sims2Launcher.exe1
Pfad des fehlerhaften Moduls: Sims2Launcher.exe2
Berichtskennung: Sims2Launcher.exe3


System errors:
=============
Error: (02/09/2015 02:23:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01a
sfsync04
tcpipBM

Error: (02/09/2015 02:22:59 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.

Error: (02/09/2015 02:22:52 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync04.sys konnte nicht geladen werden.

Error: (02/09/2015 01:54:38 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.

Error: (02/09/2015 01:49:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01a
sfsync04
tcpipBM

Error: (02/09/2015 01:49:22 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.

Error: (02/09/2015 01:49:15 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync04.sys konnte nicht geladen werden.

Error: (02/09/2015 01:14:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01a
sfsync04
tcpipBM

Error: (02/09/2015 01:14:08 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.

Error: (02/09/2015 01:14:01 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync04.sys konnte nicht geladen werden.


Microsoft Office Sessions:
=========================
Error: (02/09/2015 01:47:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: ccSvcHst.exe11.2.3.6a8001d04461ffda88da7C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exec3e0bebc-b059-11e4-b2f7-1c6f65877ed0

Error: (02/05/2015 00:28:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567e2801d0306e2823873f4041C:\Windows\Explorer.EXE03e27b68-ad2a-11e4-a202-1c6f65877ed0

Error: (02/04/2015 10:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WizardGraphicalClient.exe0.0.0.089e6001d040abcc64ad2b1103C:\ProgramData\Wizard101(DE)\Bin\WizardGraphicalClient.exe

Error: (01/28/2015 08:55:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c0000005000050e03dc01d0306e14828e61C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll12655af6-a6c3-11e4-a202-1c6f65877ed0

Error: (01/28/2015 08:55:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ccSvcHst.exe11.2.3.64fdbcf1dISDATAPR.DLL19.9.1.14510c9139c000000500077ee777001d0306e1e5dc101C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\ISDATAPR.DLLf8305413-a6c2-11e4-a202-1c6f65877ed0

Error: (01/20/2015 09:07:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: HPNetworkCommunicatorCom.exe28.0.1315.0507e9038HPNetworkCommunicatorCom.exe28.0.1315.0507e9038c0000005000158cf12f3001d0340211974558C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exeC:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exeff5fa835-a0df-11e4-a202-1c6f65877ed0

Error: (01/19/2015 05:12:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: WizardLauncher.exe0.0.0.05421de7duxtheme.dll_unloaded0.0.0.04a5bdb38c000000573931bbb3e3bc01d03402aa14d331C:\ProgramData\Wizard101(DE)\PatchClient\BankA\WizardLauncher.exeuxtheme.dlleef99326-9ff5-11e4-a202-1c6f65877ed0

Error: (01/10/2015 05:31:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.956c8d801d02cf2b6a321b916C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe0326c0cd-98e6-11e4-adcb-1c6f65877ed0

Error: (12/24/2014 00:59:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sims2Launcher.exe1.0.0.148f12e72Sims2Launcher.exe1.0.0.148f12e72c0000005000021674611801d01f710ac08968C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exeC:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exe4b4c9d7d-8b64-11e4-adcb-1c6f65877ed0

Error: (12/24/2014 00:58:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Sims2Launcher.exe1.0.0.148f12e72Sims2Launcher.exe1.0.0.148f12e72c0000005000021674651001d01f70fc4dbc05C:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exeC:\Program Files\EA GAMES\Die Sims 2 Villen- und Garten-Accessoires\TSBin\Sims2Launcher.exe3db4ceb2-8b64-11e4-adcb-1c6f65877ed0


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 965 Processor
Percentage of memory in use: 49%
Total physical RAM: 3324.54 MB
Available physical RAM: 1670.8 MB
Total Pagefile: 6647.37 MB
Available Pagefile: 4439.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:704.03 GB) NTFS
Drive d: (SimsPS) (CDROM) (Total:2.14 GB) (Free:0 GB) UDF
Drive i: () (Removable) (Total:1.87 GB) (Free:1.48 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 5 (Size: 1.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

Warlord711 09.02.2015 15:56
Schritt 1

Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:
    Browser Configuration Utility
  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Schritt 4

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Schritt 5

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Kornblume21 09.02.2015 16:13
Ich hab jetzt Schritt 1 und Schritt 2 gemacht.
Muss ich Norton jetzt wieder deaktivieren es hat sich wieder eingeschaltet ?

*edit*
*Darf ich mit den nächsten Schritten weiter machen oder muss ich auf deine Antwort warten ?*


Code:
# AdwCleaner v4.110 - Bericht erstellt 09/02/2015 um 16:09:04
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x86)
# Benutzername : Theresa - THERESA-PC
# Gestarted von : C:\Users\Theresa\Downloads\AdwCleaner_4.110 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [23427 Bytes] - [09/02/2015 11:20:51]
AdwCleaner[R1].txt - [3175 Bytes] - [09/02/2015 11:35:37]
AdwCleaner[R2].txt - [3234 Bytes] - [09/02/2015 11:37:28]
AdwCleaner[R3].txt - [1079 Bytes] - [09/02/2015 11:42:59]
AdwCleaner[R4].txt - [1748 Bytes] - [09/02/2015 14:19:14]
AdwCleaner[R5].txt - [1870 Bytes] - [09/02/2015 16:07:39]
AdwCleaner[S0].txt - [21762 Bytes] - [09/02/2015 11:28:28]
AdwCleaner[S1].txt - [3295 Bytes] - [09/02/2015 11:40:11]
AdwCleaner[S2].txt - [1141 Bytes] - [09/02/2015 11:51:03]
AdwCleaner[S3].txt - [1809 Bytes] - [09/02/2015 14:21:35]
AdwCleaner[S4].txt - [1792 Bytes] - [09/02/2015 16:09:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1851  Bytes] ##########

Warlord711 09.02.2015 16:49
"Eigentlich" sollte Norton keine Probleme machen, manchmal blockt AV-Software unsere Tools, was er wohl schon bei FRST gemacht hat, wenn ich das richtig lese.

Dann am besten auslassen, solange die Tools laufen.

Kornblume21 09.02.2015 17:57
JRT Editor

Das ist jetzt Schritt 3


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by Theresa on 09.02.2015 at 16:58:22,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"



~~~ Files

Failed to delete: [File] "C:\Users\Theresa\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Theresa\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Theresa\appdata\locallow\datamngr"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2015 at 17:00:05,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Schritt 4

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 09.02.2015 17:05:42, SYSTEM, THERESA-PC, Protection, Malware Protection, Starting,
Protection, 09.02.2015 17:05:42, SYSTEM, THERESA-PC, Protection, Malware Protection, Started,
Protection, 09.02.2015 17:05:42, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 17:05:43, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Started,
Update, 09.02.2015 17:05:56, SYSTEM, THERESA-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 09.02.2015 17:05:56, SYSTEM, THERESA-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1,
Update, 09.02.2015 17:06:37, SYSTEM, THERESA-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.9.6,
Protection, 09.02.2015 17:06:37, SYSTEM, THERESA-PC, Protection, Refresh, Starting,
Protection, 09.02.2015 17:06:37, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Stopping,
Protection, 09.02.2015 17:06:37, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Stopped,
Protection, 09.02.2015 17:06:41, SYSTEM, THERESA-PC, Protection, Refresh, Success,
Protection, 09.02.2015 17:06:41, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 17:06:41, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Started,
Scan, 09.02.2015 17:24:20, SYSTEM, THERESA-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 16 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 2 Malwareerkennung, 31-Malwareerkennung,
Protection, 09.02.2015 17:26:09, SYSTEM, THERESA-PC, Protection, Malware Protection, Starting,
Protection, 09.02.2015 17:26:09, SYSTEM, THERESA-PC, Protection, Malware Protection, Started,
Protection, 09.02.2015 17:26:09, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Starting,
Protection, 09.02.2015 17:26:13, SYSTEM, THERESA-PC, Protection, Malicious Website Protection, Started,

(end)
Schritt 5


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Theresa (administrator) on THERESA-PC on 09-02-2015 17:56:02
Running from C:\Users\Theresa\Downloads
Loaded Profiles: Theresa (Available profiles: Theresa)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Gigabyte\EasySaver\essvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Huawei Technologies Co., Ltd.) C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVEO) C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Huawei Technologies Co., Ltd.) C:\Users\Theresa\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Google Inc.) C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Theresa\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [DataCardMonitor] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe [253952 2011-06-16] (Huawei Technologies Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8555040 2010-04-06] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AveoSTI.exe] => C:\Program Files\AVEO USB2.0 PC Camera(U2HGCV3P31048)\AveoSTI.exe [32768 2010-12-02] (AVEO)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] => C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe [110592 2009-12-31] (Huawei Technologies Co., Ltd.)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Run: [Google Update] => C:\Users\Theresa\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-21] (Google Inc.)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: I - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccad-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccb1-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccee-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1d19ccf1-6047-11e1-9049-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1e762afd-43f3-11e1-821d-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {1e762b08-43f3-11e1-821d-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {589ba581-980b-11e0-8ec8-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {589ba598-980b-11e0-8ec8-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {89dbaf93-ed96-11e3-9a26-1c6f65877ed0} - I:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {a009b415-c701-11e0-a8c1-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {a009b419-c701-11e0-a8c1-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {c639a99a-b5c4-11e0-aa00-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {d0bc2256-980a-11e0-9cd5-806e6f6e6963} - D:\Autorun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {df36eeba-871c-11e3-9eb4-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {e2da4aa6-c4bb-11e0-9809-1c6f65877ed0} - I:\AutoRun.exe
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\MountPoints2: {e2da4aad-c4bb-11e0-9809-1c6f65877ed0} - I:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [.DEFAULT] => http=127.0.0.1:57066;https=127.0.0.1:57066
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.9.1.14
HKU\S-1-5-21-3319204614-1463971908-219564730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3319204614-1463971908-219564730-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @protectdisc.com/NPMPDRM -> C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3319204614-1463971908-219564730-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3319204614-1463971908-219564730-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Theresa\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFF [2013-10-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn [2015-02-09]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-08-16]
FF HKU\S-1-5-21-3319204614-1463971908-219564730-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M3ADB7403-1B09-44B1-9105-6405263F25D5&SearchSource=55&CUI=&UM=5&UP=SP8547A275-2593-4A9D-BD1E-B99655D367C8&SSPV=SP21511B_sp_ch
CHR StartupUrls: Default -> "hxxp://www.google.at/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\40.0.2214.111\gcswf32.dll No File
CHR Plugin: (Norton Confidential) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.3.7_0\npcoplgn.dll No File
CHR Plugin: (HP Product Detection Plugin for Mozilla) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp\1.0.5.1_0\plugins/npProductDetectPlugin.dll (Hewlett-Packard)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (fluxDVD Browser Plugin) - C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Users\Theresa\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-06]
CHR Extension: (YouTube) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google-Suche) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (HP Product Detection Plugin) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnhbepgnjnaoahohppnffanmkjkjoglp [2011-08-16]
CHR Extension: (Google Wallet) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Mail) - C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
StartMenuInternet: Google Chrome - C:\Users\Theresa\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-18] (Adobe Systems) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-16] (Symantec Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-09] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25088 2009-10-26] (HTC, Corporation)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19496 2010-04-27] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [83872 2011-06-17] ()
S3 AVEO; C:\Windows\System32\DRIVERS\AVEOdcnt.sys [321024 2010-12-31] (AVEO Corp) [File not signed]
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20150203.001\BHDrvx86.sys [1164504 2015-02-03] (Symantec Corporation)
U0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [22528 2008-10-09] (Bytemobile, Inc.) [File not signed]
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1309010.00E\ccSetx86.sys [132768 2012-06-07] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2015-01-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-09] ()
R3 gdrv; C:\Windows\gdrv.sys [17488 2015-02-09] (Windows (R) 2000 DDK provider)
S3 GVTDrv; C:\Windows\system32\Drivers\GVTDrv.sys [24944 2013-08-20] ()
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20150206.001\IDSvix86.sys [503512 2015-01-31] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-06-17] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20150208.021\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20150208.021\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [183584 2010-01-27] (Realtek Semiconductor Corp.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [728064 2011-06-01] (Realtek Semiconductor Corporation                          )
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [63352 2006-07-05] (Protection Technology (StarForce))
S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [59776 2006-08-11] (Protection Technology (StarForce))
R3 SRTSP; C:\Windows\System32\Drivers\NIS\1309010.00E\SRTSP.SYS [574112 2012-07-06] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1309010.00E\SRTSPX.SYS [32928 2012-07-06] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1309010.00E\SYMDS.SYS [340088 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1309010.00E\SYMEFA.SYS [924320 2012-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [141944 2012-03-26] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [35960 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1309010.00E\Ironx86.SYS [149624 2012-04-18] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1309010.00E\SYMNETS.SYS [318584 2012-04-18] (Symantec Corporation)
S3 vtcdrv; C:\Windows\System32\DRIVERS\vtcdrv.sys [18688 2010-05-17] (Windows (R) Codename Longhorn DDK provider)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [112128 2009-06-15] (Huawei Technologies Co., Ltd.)
U2 wuaserv; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 17:55 - 2015-02-09 17:55 - 01124352 _____ (Farbar) C:\Users\Theresa\Downloads\FRST (1).exe
2015-02-09 17:55 - 2015-02-09 17:55 - 00004384 _____ () C:\{D1D27C39-EE9A-462C-B87F-53FA2CF3F6DA}
2015-02-09 17:39 - 2015-02-09 17:39 - 00001963 _____ () C:\Users\Theresa\Desktop\mbam.txt
2015-02-09 17:34 - 2015-02-09 17:34 - 00001963 _____ () C:\mbam.txt
2015-02-09 17:05 - 2015-02-09 17:26 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 17:05 - 2015-02-09 17:05 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-09 17:05 - 2015-02-09 17:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-09 17:05 - 2015-02-09 17:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 17:05 - 2015-02-09 17:05 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-09 17:05 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 17:05 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-09 17:05 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-09 17:02 - 2015-02-09 17:03 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Theresa\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-09 17:00 - 2015-02-09 17:00 - 00001301 _____ () C:\Users\Theresa\Desktop\JRT.txt
2015-02-09 16:55 - 2015-02-09 16:55 - 01388274 _____ (Thisisu) C:\Users\Theresa\Downloads\JRT.exe
2015-02-09 16:06 - 2015-02-09 16:06 - 02112512 _____ () C:\Users\Theresa\Downloads\AdwCleaner_4.110 (1).exe
2015-02-09 15:59 - 2015-02-09 15:59 - 00001182 _____ () C:\Users\Theresa\Desktop\Revo Uninstaller.lnk
2015-02-09 15:59 - 2015-02-09 15:59 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-02-09 15:58 - 2015-02-09 15:58 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Theresa\Downloads\revosetup95.exe
2015-02-09 15:48 - 2015-02-09 15:48 - 00042226 _____ () C:\Users\Theresa\Downloads\Addition.txt
2015-02-09 15:47 - 2015-02-09 17:56 - 00024253 _____ () C:\Users\Theresa\Downloads\FRST.txt
2015-02-09 15:47 - 2015-02-09 17:56 - 00000000 ____D () C:\FRST
2015-02-09 15:46 - 2015-02-09 15:46 - 01124352 _____ (Farbar) C:\Users\Theresa\Downloads\FRST.exe
2015-02-09 15:45 - 2015-02-09 15:45 - 02132992 _____ (Farbar) C:\Users\Theresa\Downloads\FRST64.exe
2015-02-09 11:20 - 2015-02-09 16:09 - 00000000 ____D () C:\AdwCleaner
2015-02-09 11:16 - 2015-02-09 11:17 - 02112512 _____ () C:\Users\Theresa\Downloads\adwcleaner_4.110.exe
2015-02-09 10:47 - 2015-02-09 10:47 - 00000000 ____D () C:\Users\Theresa\AppData\Roaming\Enigma Software Group
2015-02-09 10:45 - 2015-02-09 10:46 - 00000000 ____D () C:\sh4ldr
2015-02-09 10:42 - 2015-02-09 10:42 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-09 10:41 - 2015-02-09 10:41 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-07 19:41 - 2015-02-07 19:41 - 00022005 _____ () C:\Users\Theresa\Desktop\Unbenannt 6.odt
2015-02-06 12:25 - 2015-02-06 12:25 - 00001284 _____ () C:\Users\Theresa\Hartlauer Fotoviewer.lnk
2015-02-06 12:25 - 2015-02-06 12:25 - 00001284 _____ () C:\Users\Theresa\Hartlauer Foto World.lnk
2015-02-06 11:50 - 2015-02-09 11:05 - 00000000 ____D () C:\Users\Theresa\Desktop\Neuer Ordner
2015-01-26 08:37 - 2015-01-26 08:48 - 00028739 _____ () C:\Users\Theresa\Desktop\Idee Anfang.odt
2015-01-21 18:25 - 2015-01-21 18:25 - 00003349 _____ () C:\Users\Theresa\AppData\Local\recently-used.xbel
2015-01-14 09:54 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-14 09:54 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:53 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:53 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:53 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:53 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 17:33 - 2009-07-14 05:34 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:33 - 2009-07-14 05:34 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 17:26 - 2011-06-17 08:06 - 00017488 _____ (Windows (R) 2000 DDK provider) C:\Windows\gdrv.sys
2015-02-09 17:26 - 2011-06-17 07:50 - 00000144 _____ () C:\service.log
2015-02-09 17:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 17:25 - 2011-06-16 14:59 - 00111284 _____ () C:\Windows\PFRO.log
2015-02-09 17:25 - 2009-07-14 05:39 - 00283817 _____ () C:\Windows\setupact.log
2015-02-09 17:24 - 2011-06-16 13:41 - 01749144 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 17:14 - 2011-06-16 15:03 - 00001128 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000UA.job
2015-02-09 17:14 - 2011-06-16 15:03 - 00001076 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3319204614-1463971908-219564730-1000Core.job
2015-02-09 16:58 - 2013-02-26 11:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 16:03 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 11:28 - 2011-06-16 13:41 - 00000000 ____D () C:\Users\Theresa
2015-02-09 11:06 - 2014-06-16 06:36 - 00000000 ____D () C:\Users\Theresa\Desktop\Chat
2015-02-09 10:34 - 2013-04-14 15:13 - 06402048 ___SH () C:\Users\Theresa\Desktop\Thumbs.db
2015-02-09 10:26 - 2014-06-26 21:02 - 00000000 ____D () C:\Users\Theresa\AppData\Roaming\DVDVideoSoft
2015-02-09 10:22 - 2012-03-24 13:16 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-08 20:34 - 2014-04-05 12:34 - 00000000 ____D () C:\ProgramData\Wizard101(DE)
2015-02-08 20:15 - 2014-06-26 21:07 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-08 20:15 - 2014-06-26 21:07 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-06 12:59 - 2014-05-13 10:00 - 00000000 ____D () C:\ProgramData\tmp
2015-02-06 12:36 - 2014-05-13 10:00 - 00000000 ____D () C:\ProgramData\hps
2015-02-05 18:58 - 2013-02-26 11:24 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 18:58 - 2013-02-26 11:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-05 12:49 - 2013-03-31 15:43 - 00000000 ____D () C:\Program Files\DesertBrainMaster
2015-02-05 12:49 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-05 12:48 - 2011-09-06 07:48 - 00000000 ____D () C:\Program Files\EA GAMES
2015-02-05 12:44 - 2013-03-31 15:55 - 00000000 ____D () C:\Program Files\Water Mahjongg
2015-02-05 12:44 - 2011-06-16 18:12 - 00000000 ____D () C:\Users\Theresa\Documents\bitComposer Games
2015-02-05 12:42 - 2011-12-24 13:53 - 00000000 ____D () C:\ProgramData\GARTEN8C
2015-01-26 08:40 - 2011-06-16 13:43 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 14:52 - 2012-03-26 16:30 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-24 14:52 - 2011-06-16 14:49 - 00000000 ____D () C:\ProgramData\Norton
2015-01-21 19:04 - 2014-11-30 15:25 - 00000000 ____D () C:\Users\Theresa\Desktop\Neuer Ordner (3)
2015-01-21 18:26 - 2013-10-15 19:47 - 00000000 ____D () C:\Users\Theresa\.gimp-2.8
2015-01-21 18:25 - 2013-08-11 08:01 - 00000000 ____D () C:\Users\Theresa\AppData\Local\gtk-2.0
2015-01-21 18:23 - 2009-07-14 03:04 - 00000511 _____ () C:\Windows\win.ini
2015-01-20 21:07 - 2011-06-18 12:17 - 00000000 ____D () C:\Users\Theresa\AppData\Local\CrashDumps
2015-01-15 03:30 - 2013-07-14 20:46 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 03:02 - 2011-07-01 07:34 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2015-01-21 18:25 - 2015-01-21 18:25 - 0003349 _____ () C:\Users\Theresa\AppData\Local\recently-used.xbel
2012-03-18 09:13 - 2012-03-18 09:13 - 0000017 _____ () C:\Users\Theresa\AppData\Local\resmon.resmoncfg
2014-12-08 13:28 - 2014-12-08 13:28 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-08-16 20:01 - 2011-08-16 20:09 - 0000804 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Theresa\OOo_3.3.0_Win_x86_install-wJRE_de.exe


Some content of TEMP:
====================
C:\Users\Theresa\AppData\Local\Temp\86438uninstall.exe
C:\Users\Theresa\AppData\Local\Temp\APNStub.exe
C:\Users\Theresa\AppData\Local\Temp\AutoRun.exe
C:\Users\Theresa\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Theresa\AppData\Local\Temp\bfguni.exe
C:\Users\Theresa\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Theresa\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7320011.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7330004.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7350007.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7380007.dll
C:\Users\Theresa\AppData\Local\Temp\drm_dyndata_7380011.dll
C:\Users\Theresa\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Theresa\AppData\Local\Temp\EAInstall.dll
C:\Users\Theresa\AppData\Local\Temp\eauninstall.exe
C:\Users\Theresa\AppData\Local\Temp\EBU452A.EXE
C:\Users\Theresa\AppData\Local\Temp\EBU47BE.exe
C:\Users\Theresa\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Theresa\AppData\Local\Temp\FreeYouTubeDownload.exe
C:\Users\Theresa\AppData\Local\Temp\htmlayout.dll
C:\Users\Theresa\AppData\Local\Temp\iConvertUpdate.exe
C:\Users\Theresa\AppData\Local\Temp\installhelper.dll
C:\Users\Theresa\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Theresa\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Theresa\AppData\Local\Temp\jre-6u34-windows-i586-iftw.exe
C:\Users\Theresa\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Theresa\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Theresa\AppData\Local\Temp\ResetDevice.exe
C:\Users\Theresa\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Theresa\AppData\Local\Temp\setup.exe
C:\Users\Theresa\AppData\Local\Temp\Softonic_chr_1-8-29-3_cn.exe
C:\Users\Theresa\AppData\Local\Temp\sqlite3.dll
C:\Users\Theresa\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Theresa\AppData\Local\Temp\The Sims 2 Double Deluxe_uninst.exe
C:\Users\Theresa\AppData\Local\Temp\tmd_34017914.exe
C:\Users\Theresa\AppData\Local\Temp\uninst1.exe
C:\Users\Theresa\AppData\Local\Temp\uninstall20319988.exe
C:\Users\Theresa\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Theresa\AppData\Local\Temp\VP6Install.exe
C:\Users\Theresa\AppData\Local\Temp\VP6VFW.dll
C:\Users\Theresa\AppData\Local\Temp\_is99A1.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 17:07

==================== End Of Log ============================
--- --- ---

--- --- ---

Warlord711 09.02.2015 18:44
Kannst du noch mal nach dem Malwarebytes Log schauen, das war leider das falsche.

Malwarebytes Anti-Malware Logfile finden - Anleitungen

Kornblume21 09.02.2015 18:51
Was muss ich anders machen oder muss ich es genau so machen wie vorhin auch ?
Es tut mir leid ich weiß im Moment nicht was du meinst, bitte erkläre es mir.

Warlord711 09.02.2015 18:54
Du hast mir das Schutz Protokoll von Malwarebytes gepostet, ich benötige aber das Suchlaufprotokoll, so wie es in der bebilderten Anleitung zu ersehen ist ;)

Kornblume21 09.02.2015 19:14
Ich hoffe das ich es richtig gemacht habe.

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 09.02.2015
Suchlauf-Zeit: 17:07:45
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.02.09.06
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Theresa

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 323819
Verstrichene Zeit: 16 Min, 8 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 2
PUP.Optional.Snapdo.T, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [bfab1b015436c373e5fc99a58182cf31],
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}, In Quarantäne, [383218041f6bce68bf5fa65c83807987],

Registrierungswerte: 1
PUP.Optional.MySearchDial.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|AppPath, C:\Program Files\Mysearchdial\1.8.29.0\, In Quarantäne, [8fdbe13b5e2c6ec8ba6eeb1b10f529d7]

Registrierungsdaten: 4
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}),Ersetzt,[0a6093898703a591f020cede6e97d32d]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}),Ersetzt,[b1b9e13bf9913df9c15014989c6911ef]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}),Ersetzt,[7febd04c0684072f16fd27854abbde22]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}),Ersetzt,[2248e93393f777bfc8476547f80d3ec2]

Ordner: 2
PUP.Optional.Extutil.A, C:\Users\Theresa\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, In Quarantäne, [1f4b59c30b7fd066078f194d798a0af6],
PUP.Optional.Managera.A, C:\Users\Theresa\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, In Quarantäne, [6109120a9af01b1bdeb995d1966d8779],

Dateien: 24
PUP.Optional.Conduit.A, C:\Users\Theresa\AppData\Local\Temp\nsbCFB1.exe, In Quarantäne, [a5c552ca99f143f302374762b44d24dc],
PUP.Optional.Conduit.A, C:\Users\Theresa\AppData\Local\Temp\nsg7722.exe, In Quarantäne, [1b4f908ca2e8ad89b5848722ea1740c0],
PUP.Optional.Conduit.A, C:\Users\Theresa\AppData\Local\Temp\nsgD721.exe, In Quarantäne, [b3b7829a0387ea4c3efb208924dda35d],
PUP.Optional.Babylon.A, C:\Users\Theresa\AppData\Local\Temp\toolbar11484949.exe, In Quarantäne, [056533e9890170c6e9590d1254acc33d],
PUP.Optional.Conduit.A, C:\Users\Theresa\AppData\Local\Temp\nsr7B0A.exe, In Quarantäne, [a4c6809c9feb37ff0138bdec1de409f7],
PUP.Optional.NextLive.A, C:\Users\Theresa\AppData\Local\Temp\Mobogenie_Setup_2-1-37_610.exe, In Quarantäne, [82e80f0d2466d16515e04b2fa75a8878],
PUP.Optional.Softonic.A, C:\Users\Theresa\AppData\Local\Temp\cnpy\Softonic_chr_1.8.29.3.exe, In Quarantäne, [a6c444d81575b1854b7ab0428a77cf31],
PUP.Optional.Babylon.A, C:\Users\Theresa\AppData\Local\Temp\FB7FDD9F-BAB0-7891-AA01-55071CBBC2AC\Setup.exe, In Quarantäne, [0169021a9febcb6b65d77aa5de225aa6],
Trojan.RotBrowse, C:\Users\Theresa\AppData\Local\Temp\FB7FDD9F-BAB0-7891-AA01-55071CBBC2AC\Latest\ccp.exe, In Quarantäne, [9ad067b5e1a986b0dd58d3aefe076c94],
PUP.Optional.BabylonToolBar.A, C:\Users\Theresa\AppData\Local\Temp\FB7FDD9F-BAB0-7891-AA01-55071CBBC2AC\Latest\MyBabylonTB.exe, In Quarantäne, [23479f7d3b4f43f3fe18ef4f5aa71ae6],
PUP.Adware.Agent, C:\Users\Theresa\AppData\Local\Temp\PositiveFinds\Setup.exe, In Quarantäne, [b3b7d349503a3ff75278ef17ed13e31d],
PUP.Optional.SmartBar, C:\Users\Theresa\AppData\Local\Temp\MSIC808.tmp-\Smartbar.Installer.CustomActions.dll, In Quarantäne, [49215bc17f0b51e5a4ed8ca243bd04fc],
PUP.Optional.BabylonToolBar.A, C:\Users\Theresa\AppData\Local\Temp\DAFF48F7-BAB0-7891-8796-2828657A49B5\MyBabylonTB.exe, In Quarantäne, [ee7ce735642640f676a055e9b24fa25e],
Adware.Agent, C:\Users\Theresa\AppData\Local\Temp\1544425.Uninstall\uninstall.exe, In Quarantäne, [a4c6fc20b5d51d19aa7c09a11de3e020],
PUP.Optional.InstallCore, C:\Users\Theresa\AppData\Local\Temp\is1933591475\188537066_stp.EXE, In Quarantäne, [90da52ca2862b97da652d1186a9807f9],
PUP.Optional.Wajam.A, C:\Users\Theresa\AppData\Local\Temp\is1933591475\188537223_stp\wajam_download.exe, In Quarantäne, [8ae041db8ffb83b31e43a0a7ca36758b],
PUP.Optional.SoftPulse, C:\Users\Theresa\Downloads\Nicht bestätigt 167480.crdownload, In Quarantäne, [a0cac7557416ed49e4a1e933db271ee2],
PUP.Optional.InstallCore, C:\Users\Theresa\Downloads\FlvPlayerSetup.exe, In Quarantäne, [4624c458a9e17cba49053f43b94c6a96],
PUP.Optional.SmartBar, C:\Windows\Installer\1fa75be.msi, In Quarantäne, [18521efe73176bcb61264518808039c7],
PUP.Optional.Extutil.A, C:\Users\Theresa\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, In Quarantäne, [1f4b59c30b7fd066078f194d798a0af6],
PUP.Optional.Extutil.A, C:\Users\Theresa\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, In Quarantäne, [1f4b59c30b7fd066078f194d798a0af6],
PUP.Optional.Extutil.A, C:\Users\Theresa\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, In Quarantäne, [1f4b59c30b7fd066078f194d798a0af6],
PUP.Optional.Managera.A, C:\Users\Theresa\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, In Quarantäne, [6109120a9af01b1bdeb995d1966d8779],
PUP.Optional.Managera.A, C:\Users\Theresa\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, In Quarantäne, [6109120a9af01b1bdeb995d1966d8779],

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)

Warlord711 09.02.2015 20:17
Ja genau, das war das richtige Log.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M3ADB7403-1B09-44B1-9105-6405263F25D5&SearchSource=55&CUI=&UM=5&UP=SP8547A275-2593-4A9D-BD1E-B99655D367C8&SSPV=SP21511B_sp_ch
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Der ESET Scan dauert länger:

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Kornblume21 09.02.2015 20:36
Da steht das das nicht gefunden wurde.
Also ab dem Punkt komme ich nicht weiter.
Ich kann den Fix Button nicht anklicken weil dann immer steht nicht gefunden und dann macht es alles wieder zu.

Starte nun FRST erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Ich komme morgen wieder so bald ich kann, danke für deine Hilfe, ich melde mich wenn ich wieder da bin.
Ich wünsche dir einen schönen Abend.

Warlord711 09.02.2015 21:49
Ich habe dir die Fixlist.txt erstellt und hochgeladen.

Normalerweise musst du diese auf den Desktop speichern, da du aber der Anleitung nicht gefolgt bist, liegt deine frst.exe Datei unter C:\Users\Theresa\Downloads

Stell sicher das die FRST.exe und die Fixlist.txt im gleichen Verzeichnis liegen.

Kornblume21 10.02.2015 08:52
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-02-2015
Ran by Theresa at 2015-02-10 08:08:38 Run:2
Running from C:\Users\Theresa\Desktop
Loaded Profiles: Theresa (Available profiles: Theresa)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M3ADB7403-1B09-44B1-9105-6405263F25D5&SearchSource=55&CUI=&UM=5&UP=SP8547A275-2593-4A9D-BD1E-B99655D367C8&SSPV=SP21511B_sp_ch
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
emptytemp:
*****************

Chrome HomePage not detected.
HKLM\SOFTWARE\Policies\Google => Key not found.
EmptyTemp: => Removed 38.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:08:41 ====
Security Check


Code:
Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Norton Internet Security 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 10 
 Java version 32-bit out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player        16.0.0.305 
 Adobe Reader 9 Adobe Reader out of Date!
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
Ich hab auf meiner externen Festplatte alles gespeichert was am Computer war soll ich die anstecken oder einen leeren USB Stick ?
Norton schreibt mir immer das Vieren eindringen wollen jedes mal wenn es ausschalte können dann nicht noch mehr Vieren eindringen bzw wenn ich Fire Wall deaktiviere ?
Können sie mir das bitte erklären.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:05 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19