Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: HD-Total Addware in Firefox

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.03.2014, 17:49   #1
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Hallo
Als ich mich vor gut einer Woche via Kabel mit dem Internet verbunden habe, hat Norton Alarm geschlagen (suspicious Cloud 9). Ich hatte mir das Programm Virtual Wifi Router installiert, da es mir nicht erlaubt ist einen Hardwarerouter zu benützen.
Nun zu meinem Problem. In meinem Browser hat sich das Addon HD-Total eingenistet, welches mich mit zwielichtigen Seiten zu verbinden versucht. Ich hatte dann einen Scan mit HijackThis gemacht, das Addon deinstalliert und folgenden Registryeintrag gelöscht:

O2 - BHO: CrossriderApp0053360 - {11111111-1111-1111-1111-110511331160} - C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-bho.dll

Das Addon installiert sich aber immer wieder selbst und ist auch in den programfiles zu finden.

Norton hatte vor geraumer Zeit auch mal den Zeustrojaner in einer Email gefunden und in die Quarantäne verschoben, falls sonst noch verdächtiges Zeug auftauchen sollte.

Vielen Dank und hier noch die Logs

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:21, on 14.03.2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\*****\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Users\*****\AppData\Local\FilesFrog Update Checker\update_checker.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hxxp://pac.zhaw.ch/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: CrossriderApp0053360 - {11111111-1111-1111-1111-110511331160} - C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-bho.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = *****\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix: 
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351
O17 - HKLM\System\CS1\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = fr3.swh.mhn.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351
O17 - HKLM\System\CS2\Services\Tcpip\..\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = zhaw.ch,sitecomwl351
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP SkyRoom (Hp.Skyroom.Windows.Service) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Graphics Sender Service (rgsender) - Hewlett-Packard, Inc. - c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
O23 - Service: SEB Windows Service (SebWindowsService) - ETH Zurich - C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 16819 bytes
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:34 on 23/03/2014 (*****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ****** (administrator) on R108016 on 23-03-2014 17:37:48
Running from C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
(ETH Zurich) C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(PortableApps.com) E:\PortableApps\PortableApps.com\PortableAppsPlatform.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2013-12-26] ()
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
IFEO\Utilman.exe: [Debugger] 
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/16
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: [NameServer]10.148.96.2,10.156.33.53
Tcpip\..\Interfaces\{D15E7D67-71C5-48B9-8B7C-6F5D7C87E9C4}: [NameServer]160.85.192.100,160.85.193.100

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default
FF user.js: detected! => C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\user.js
FF Homepage: www.google.ch
FF NetworkProxy: "autoconfig_url", "hxxp://pac.zhaw.ch/proxy.pac"
FF NetworkProxy: "backup.ftp", "46.163.66.107"
FF NetworkProxy: "backup.ftp_port", 1080
FF NetworkProxy: "backup.socks", "46.163.66.107"
FF NetworkProxy: "backup.socks_port", 1080
FF NetworkProxy: "backup.ssl", "46.163.66.107"
FF NetworkProxy: "backup.ssl_port", 1080
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\searchplugins\safesearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HD-Total-1.1 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com [2014-03-16]
FF Extension: Copy Links - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011-08-09]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\admin@proxy-listen.de.xpi [2013-01-19]
FF Extension: Flagfox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-20]
FF Extension: BugMeNot Plugin - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-01-02]
FF Extension: DownThemAll! - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [193392 2012-09-10] (Solid Documents, LLC)
R2 SebWindowsService; C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [32256 2012-12-19] (ETH Zurich)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2010-10-18] (Ekahau Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-11] (Acronis)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-11] (Acronis)
U4 eabfiltr; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 17:37 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-23 17:33 - 2014-03-23 17:37 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:45 - 2014-03-19 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-15 09:38 - 2014-03-15 12:41 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-14 10:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 10:41 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 10:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 10:41 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 10:41 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 10:41 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 10:41 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 10:41 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-14 10:41 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 10:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 10:41 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-14 10:41 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-14 10:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-14 10:41 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 10:41 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 10:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-14 10:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-14 10:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-14 07:45 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 07:45 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 07:45 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-14 07:45 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-14 07:45 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-14 07:45 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-14 07:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-14 07:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:49 - 2014-03-23 13:08 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-13 20:40 - 2014-03-23 14:45 - 00002528 _____ () C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00003090 _____ () C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001504 _____ () C:\windows\Tasks\hdtotal1.1-updater.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001458 _____ () C:\windows\Tasks\hdtotal1.1-codedownloader.job
2014-03-13 20:40 - 2014-03-23 14:40 - 00001358 _____ () C:\windows\Tasks\hdtotal1.1-enabler.job
2014-03-13 20:40 - 2014-03-18 14:41 - 00000000 ____D () C:\Program Files (x86)\hdtotal1.1
2014-03-13 20:40 - 2014-03-15 21:33 - 00000000 ____D () C:\Users\******\AppData\Local\FilesFrog Update Checker
2014-03-13 20:40 - 2014-03-13 20:40 - 00004534 _____ () C:\windows\System32\Tasks\hdtotal1.1-updater
2014-03-13 20:40 - 2014-03-13 20:40 - 00004488 _____ () C:\windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-13 20:40 - 2014-03-13 20:40 - 00004388 _____ () C:\windows\System32\Tasks\hdtotal1.1-enabler
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:40 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-03-13 20:39 - 2014-03-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-06 09:51 - 2014-03-20 15:48 - 00000448 _____ () C:\windows\setupact.log
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-06 09:50 - 00114018 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip

==================== One Month Modified Files and Folders =======

2014-03-23 17:37 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-23 17:37 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-23 17:34 - 2014-03-23 17:34 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-23 17:34 - 2010-09-30 16:14 - 00000000 ____D () C:\Users\******
2014-03-23 17:29 - 2012-07-28 17:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-23 17:02 - 2013-01-20 10:57 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
2014-03-23 14:45 - 2014-03-13 20:40 - 00002528 _____ () C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00003090 _____ () C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001504 _____ () C:\windows\Tasks\hdtotal1.1-updater.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001458 _____ () C:\windows\Tasks\hdtotal1.1-codedownloader.job
2014-03-23 14:40 - 2014-03-13 20:40 - 00001358 _____ () C:\windows\Tasks\hdtotal1.1-enabler.job
2014-03-23 14:01 - 2010-09-03 23:09 - 01055857 _____ () C:\windows\WindowsUpdate.log
2014-03-23 13:08 - 2014-03-13 20:49 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-23 12:43 - 2014-03-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-23 11:35 - 2013-01-20 10:57 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
2014-03-22 15:18 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 15:18 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 01:22 - 2012-04-20 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-03-21 22:56 - 2012-03-11 15:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-03-21 20:42 - 2010-09-03 21:29 - 00723100 _____ () C:\windows\system32\perfh007.dat
2014-03-21 20:42 - 2010-09-03 21:29 - 00158370 _____ () C:\windows\system32\perfc007.dat
2014-03-21 20:42 - 2009-07-14 06:13 - 01667084 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:49 - 2012-03-11 15:40 - 00000000 ___RD () C:\Users\******\Dropbox
2014-03-20 15:49 - 2010-09-03 21:30 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-03-20 15:48 - 2014-03-06 09:51 - 00000448 _____ () C:\windows\setupact.log
2014-03-20 15:48 - 2012-05-08 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-20 15:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-20 15:40 - 2012-09-10 12:44 - 00001370 _____ () C:\Users\******\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-03-20 08:37 - 2013-05-17 11:02 - 00000000 ____D () C:\Users\******\Documents\Kochen
2014-03-19 22:57 - 2014-03-19 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:06 - 2013-10-03 20:44 - 00000000 ____D () C:\Users\******\Documents\Arbeitspläne, Erzbierschof
2014-03-19 08:50 - 2010-09-30 16:44 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-19 08:46 - 2012-12-07 15:25 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-19 08:46 - 2012-09-08 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 08:45 - 2013-07-28 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 08:42 - 2010-10-05 21:46 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 14:41 - 2014-03-13 20:40 - 00000000 ____D () C:\Program Files (x86)\hdtotal1.1
2014-03-18 08:04 - 2011-11-08 21:29 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 08:04 - 2010-10-08 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-03-15 22:52 - 2012-05-28 14:09 - 00000000 ____D () C:\Users\******\Documents\Studium
2014-03-15 21:33 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Local\FilesFrog Update Checker
2014-03-15 20:09 - 2013-10-21 14:28 - 00000000 ____D () C:\Users\******\Documents\Bier
2014-03-15 12:41 - 2014-03-15 09:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-15 11:53 - 2009-07-14 05:45 - 00422576 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-13 20:40 - 2014-03-13 20:40 - 00004534 _____ () C:\windows\System32\Tasks\hdtotal1.1-updater
2014-03-13 20:40 - 2014-03-13 20:40 - 00004488 _____ () C:\windows\System32\Tasks\hdtotal1.1-codedownloader
2014-03-13 20:40 - 2014-03-13 20:40 - 00004388 _____ () C:\windows\System32\Tasks\hdtotal1.1-enabler
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:40 - 2014-03-13 20:40 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-12 10:30 - 2012-07-28 17:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:30 - 2012-04-24 19:51 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:30 - 2011-07-18 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 23:10 - 2014-02-02 17:19 - 00000000 ____D () C:\Users\******\AppData\Local\JDownloader v2.0
2014-03-06 23:03 - 2011-07-17 13:08 - 00000000 ____D () C:\Users\******\Downloads\jdownloader
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-06 09:50 - 00114018 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-03-01 10:47 - 2010-10-09 19:10 - 01612384 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-14 10:41 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 10:41 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 10:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 10:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 10:41 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 10:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 10:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 10:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 10:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 10:41 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 10:41 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 10:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 10:41 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 10:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 10:41 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 10:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 10:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 10:41 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 10:41 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 10:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 10:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 10:41 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 10:41 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 10:41 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 10:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 10:41 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 10:41 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 10:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 10:41 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 10:41 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 10:41 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 10:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 10:41 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-25 13:49 - 2010-10-01 01:06 - 00000000 ____D () C:\windows\rescache
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip

Files to move or delete:
====================
C:\Users\******\ptw12.exe


Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\setup.exe
C:\Users\******\AppData\Local\Temp\UpdateCheckerSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-22 15:11

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by ***** at 2014-03-23 17:38:22
Running from C:\Users\*****\Documents\Toolsammlung_fuer_Virusscan
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Acronis*True*Image*Home (HKLM-x32\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9646.4 - Acronis)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.32.18 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Album Art Downloader XUI 0.45 (HKLM-x32\...\Album Art Downloader XUI) (Version: 0.45 - hxxp://sourceforge.net/projects/album-art)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Cambridge Advanced Learner's Dictionary - 2nd edition (HKLM-x32\...\cald2) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.36 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.2.3442 - CDBurnerXP)
Cisco AnyConnect VPN Client (HKLM-x32\...\{835A6F5F-BC13-48DF-BEBE-8D80B419D145}) (Version: 2.5.0217 - Cisco Systems, Inc.)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{DC4BC0CC-A928-4C48-BA40-AC24784F46E5}) (Version:  - Microsoft)
Drive Encryption for HP ProtectTools (HKLM\...\{D6782B98-BDC0-45F4-A046-9D26C475CBF8}) (Version: 5.0.2.10 - Hewlett-Packard)
Duplicate Music Files Finder 1.5.5 (HKLM-x32\...\Duplicate Music Files Finder_is1) (Version:  - LC IBros Solutions S.R.L.)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
Ekahau HeatMapper (HKLM\...\${PRODUCT_ID}-1.1.1.37697) (Version: 1.1.1.37697 - Ekahau Inc.)
FilesFrog Update Checker (HKLM-x32\...\FilesFrog Update Checker) (Version:  - ) <==== ATTENTION
Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
hdtotal1.1 (HKLM-x32\...\hdtotal1.1) (Version: 1.34.3.6 - hdtotal)
Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP 3D DriveGuard (HKLM\...\{7B4DEBE1-E3E3-45BD-88E6-6C3CA9EEED36}) (Version: 4.1.16.1 - Hewlett-Packard Company)
HP Business Card Reader (HKLM-x32\...\{FD8234FF-A70D-4632-B146-F41AB37C0B24}) (Version: 0.6.3.0 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.3 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{62272D4E-78E9-4BAD-B7AA-63072D06AAA9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{B1FE3DA1-15C1-4AEB-85A6-883F8C4AFD42}) (Version: 2.0.2.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{BD7AB0B9-4491-4642-B6BB-2560648A0A22}) (Version: 1.0.2.4 - Hewlett-Packard)
HP Power Data (HKLM\...\{DC80F597-39DD-4C32-923E-EDF332E02820}) (Version: 1.0.5.74 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 10.7.9.0 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{E6BEE2A9-04CF-42FF-B95B-BB70FAD2DC3E}) (Version: 3.3.1.4 - Hewlett-Packard Company)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F484B}) (Version: 1.0.1.48 - DeviceVM, Inc.)
HP Setup (HKLM-x32\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SkyRoom (HKLM-x32\...\InstallShield_{17DA6412-EC90-42D1-A9A4-661416750025}) (Version: 1.1.4.4794. - Hewlett-Packard)
HP SkyRoom (x32 Version: 1.1.4.4794. - Hewlett-Packard) Hidden
HP SoftPaq Download Manager (HKLM-x32\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{18F4179A-385F-40EE-AE2D-FA0E1BE62753}) (Version: 4.5.12.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.5 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HP Wallpaper (HKLM-x32\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM-x32\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.26.3 - Roxio)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50009.6 - Sonix)
HP Wireless Assistant (HKLM\...\{518C838E-A21C-40BE-B844-648040C2491D}) (Version: 4.0.2.4 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6257.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 16.3 - Intel)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
iTunes (HKLM\...\{B613A9BB-2B34-4824-A4BE-2427653D59D6}) (Version: 10.4.0.80 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
KaloMa 4.78 (HKLM-x32\...\KaloMa_is1) (Version:  - Frank Böpple)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.4.0.5 - Logitech) Hidden
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Project Professional 2010 (HKLM\...\Office14.PRJPROR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 8.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
Mp3tag v2.46a (HKLM-x32\...\Mp3tag) (Version: v2.46a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.1.0.18 - Symantec Corporation)
NVIDIA Grafiktreiber 296.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.67 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA nView 136.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 136.28 - NVIDIA Corporation)
NVIDIA Systemsteuerung 296.67 (Version: 296.67 - NVIDIA Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.0 - Frank Heindörfer, Philip Chinery)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.4 - Power Software Ltd)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Private Tax 2011 1.5 (HKLM-x32\...\4095-7861-2728-4611) (Version: 1.5 - Information Factory AG)
Private Tax 2012 2.7 (HKLM-x32\...\6753-7911-9438-6061) (Version: 2.7 - Information Factory AG)
Private Tax 2013 1.3.0 (HKLM-x32\...\0579-4231-5684-8562) (Version: 1.3.0 - Information Factory AG)
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QUICKfind (HKLM-x32\...\{593AFFA4-D08E-4272-BABB-420949D32A10}) (Version:  - )
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Receiver (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
Remote Graphics Sender (HKLM-x32\...\{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Sender (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM-x32\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.13.00.05 - RICOH)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.1.13105_5 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SEB Windows 1.9.1 (HKLM-x32\...\{8CFB86C5-1505-4044-B10B-2790CBFB8C3E}) (Version: 1.9.1 - ETH Zuerich)
Secure Download Manager (HKLM-x32\...\{C58626D6-7EBD-460D-8B6C-75B3C3464879}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{DC528101-617D-4E9F-B131-F8F8C52E649B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
Solid Converter PDF (HKLM-x32\...\{56BFAA6E-2BCC-4AED-9233-84731E66B205}) (Version: 7.3.1541.0 - SolidDocuments)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.10.0 - Synaptics Incorporated)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version:  - )
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{99A0DB9A-71FC-4F98-BC1F-78A18195C677}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.VISIOR_{64D96F30-CF4C-4CCE-AAF2-F8909348BF35}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{9F6507AC-7D8F-46C1-B90F-59C7828E0E0D}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PRJPROR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{A9C4BE58-07E0-473D-AE68-ECBA13FBF77E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{8A6BDA63-4D23-4485-A466-8979E10BCF49}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{BEA3259E-14B5-4D89-87FF-ED9F1D0D81C8}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{BE1D254A-E5CD-4E76-9BE8-7B2E5FDBA6AF}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PRJPROR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{04DED3FB-DDB2-4C1E-A057-2A1FB97BE42D}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{DF33B92A-5381-4F03-AB54-2D67086B357E}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A82E26EF-680E-427D-B7D0-FD7997DDC217}) (Version:  - Microsoft)
Validity Fingerprint Driver (HKLM\...\{DD966CEF-5EA9-4BA2-B210-490FEBC27EA7}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
Virtual WiFi Router version 3.0 (HKLM-x32\...\{F5F33265-5CAA-4F12-AA8F-7F8384BF2A57}_is1) (Version: 3.0 - Virtual WiFi Router, Inc.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinSCP 5.1.7 (HKLM-x32\...\winscp3_is1) (Version: 5.1.7 - Martin Prikryl)
XLSTAT 2013 (HKLM-x32\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 15.2.06.755 - Addinsoft)

==================== Restore Points  =========================

15-03-2014 08:19:47 Windows Update
19-03-2014 07:41:03 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1CA58B1F-2360-4945-A411-831DB15DE130} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3422D09C-92E9-4EAB-888B-57314CAEAF4D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {375B520F-240F-4DA9-AE3A-C82889182FD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {452A4DBB-C41B-4966-B439-63E2BD931246} - System32\Tasks\hdtotal1.1-firefoxinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe [2014-03-13] (hdtotal)
Task: {596EAFF8-346A-4F4C-8CCA-58E0C2018305} - System32\Tasks\hdtotal1.1-enabler => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe [2014-03-13] (hdtotal)
Task: {5C13A787-1E8D-46FD-91D6-F5B69D7B2300} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\*****\AppData\Local\FilesFrog Update Checker\update_checker.exe [2013-10-17] (Somoto) <==== ATTENTION
Task: {645AD520-1C63-4B2D-A2B8-5F24A1AAE587} - System32\Tasks\hdtotal1.1-chromeinstaller => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe [2014-03-13] (hdtotal)
Task: {769B666A-6BED-4222-B7A0-3320FAA67A1D} - System32\Tasks\hdtotal1.1-codedownloader => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe [2014-03-13] (hdtotal)
Task: {770E6956-822B-407A-8687-7040078A5754} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A3627E6A-73BC-43C8-8649-0BDDDA336C21} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {A48CC206-0C44-4EC0-BA63-94E7E73426F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20] (Google Inc.)
Task: {A9A92F0C-2200-41A9-9E25-6E60B046A59B} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard)
Task: {B76BAB7C-26C4-4837-A847-7695AE2AA6F4} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {B8F34854-B014-4987-8851-3772EE8209B9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {E131F5D2-257E-4882-8D6C-B49CCD8B04EF} - System32\Tasks\hdtotal1.1-updater => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe [2014-03-13] (hdtotal)
Task: {F8324986-122F-4DCF-8D8B-C15FC68D62B5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job => C:\Users\*****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\hdtotal1.1-chromeinstaller.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe
Task: C:\windows\Tasks\hdtotal1.1-codedownloader.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe
Task: C:\windows\Tasks\hdtotal1.1-enabler.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe
Task: C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe
Task: C:\windows\Tasks\hdtotal1.1-updater.job => C:\Program Files (x86)\hdtotal1.1\hdtotal1.1-updater.exe

==================== Loaded Modules (whitelisted) =============

2012-10-23 16:24 - 2012-09-10 20:47 - 00030576 _____ () C:\windows\System32\solidlocalmon.dll
2010-04-20 08:10 - 2010-04-20 08:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2009-09-04 21:35 - 2009-09-04 21:35 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-11-19 23:14 - 2009-11-19 23:14 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HardwareAccess.dll
2009-11-19 23:14 - 2009-11-19 23:14 - 00055352 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\Graphs.dll
2009-11-19 23:11 - 2009-11-19 23:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2009-11-19 23:11 - 2009-11-19 23:11 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2009-07-01 23:44 - 2009-07-01 23:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2009-06-19 17:21 - 2009-06-19 17:21 - 01249280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\ice32.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00159744 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\iceutil32.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00065536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\bzip2.dll
2009-06-19 17:21 - 2009-06-19 17:21 - 00167936 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\IceSSL32.dll
2010-09-03 23:24 - 2009-07-24 20:10 - 02199552 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
2010-09-03 23:24 - 2009-07-24 20:10 - 08024064 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
2010-09-03 23:24 - 2008-01-09 19:08 - 01245184 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
2010-09-03 23:24 - 2008-01-09 19:10 - 00159744 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
2010-09-03 23:24 - 2008-01-09 19:06 - 00065536 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll
2010-09-03 23:24 - 2008-01-09 19:10 - 00167936 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\IceSSL32.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\*****\AppData\Roaming\Dropbox\bin\libcef.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\ice32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\iceutil32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\bzip2.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\IceSSL32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\ice32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\iceutil32.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\bzip2.dll
2010-09-03 23:24 - 2009-06-19 17:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\IceSSL32.dll
2013-12-18 19:42 - 2013-12-18 19:42 - 00057344 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_de\brdlang32.DEU
2012-10-07 21:14 - 2014-02-13 20:44 - 09490944 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_rdlang32.deu
2013-12-18 19:42 - 2013-12-18 19:42 - 00305520 _____ () C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
2012-10-08 19:57 - 2014-02-13 20:45 - 00014336 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Updater.DEU
2012-10-08 20:20 - 2014-02-13 20:44 - 00045568 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_weblink.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 00100352 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_EScript.DEU
2012-12-08 10:27 - 2014-02-12 22:22 - 00025600 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_SaveAsRTF.DEU
2012-10-09 18:55 - 2014-02-13 20:44 - 00053248 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Search.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 03065856 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Annots.DEU
2012-10-09 15:29 - 2014-02-13 20:45 - 00075264 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_Accessibility.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 01319424 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_AcroForm.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 00316416 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_DigSig.DEU
2012-10-08 19:57 - 2014-02-13 20:44 - 01180160 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PPKLite.DEU
2012-10-09 19:02 - 2014-02-19 12:57 - 00012800 _____ () C:\Users\*****\AppData\Local\Adobe\Acrobat\10.0\Cache\RdLang_PDDom.DEU
2014-02-16 11:55 - 2014-02-16 11:55 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\*****\Desktop\Video Sushi.mov:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: TrueImageMonitor.exe => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 06:20:29 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 06:20:28 PM) (Source: Bonjour Service) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


System errors:
=============
Error: (03/23/2014 05:06:21 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/23/2014 02:18:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/23/2014 01:42:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/23/2014 01:30:17 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/23/2014 01:18:18 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (03/23/2014 01:08:24 PM) (Source: ipnathlp) (User: )
Description: 

Error: (03/23/2014 01:07:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/23/2014 01:07:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/23/2014 01:07:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR4 gefunden.

Error: (03/23/2014 01:06:20 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ANNAHP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/23/2014 11:35:04 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 03:55:27 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/22/2014 09:12:53 AM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 10:56:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 06:20:29 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)

Error: (03/21/2014 06:20:28 PM) (Source: Bonjour Service)(User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 3953.8 MB
Available physical RAM: 1712.85 MB
Total Pagefile: 7905.79 MB
Available Pagefile: 4606.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:448.46 GB) (Free:33.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:7.49 GB) (Free:4.29 GB) FAT32
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 350C3B39)
Partition 1: (Active) - (Size=298 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=448 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-23 17:54:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.0006 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\******\AppData\Local\Temp\fwrdrpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                               fffff800035b0000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG  C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                               fffff800035b002f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- Processes - GMER 2.1 ----

Library   C:\Users\******\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2014-01-03 00:45:04)                          0000000004180000
Library   C:\Users\******\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980](2013-10-18 23:55:02)                                000000006a110000
Library   C:\Users\******\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe [4980] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)  00000000724f0000

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395825769                                                                                                                      
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395825769@000d44dd9493                                                                                                         0xF7 0xD6 0x99 0x36 ...
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395825769 (not active ControlSet)                                                                                                  
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395825769@000d44dd9493                                                                                                             0xF7 0xD6 0x99 0x36 ...

---- EOF - GMER 2.1 ----
         

Alt 24.03.2014, 00:17   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Hallo und

Zitat:
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Ist das ein gewerblich genutzter Rechner? Rein privat scheint mit doch gerade das Office Pro Plus übertrieben zu sein.

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!
__________________

__________________

Alt 24.03.2014, 07:26   #3
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Hi und vielen Dank für die rasche Antwort

Nein das ist kein gewerblich genutzter Rechner. Wir können die vergünstigt über die Schule beziehen und die werden dann mit Software ausgestattet.

Sonst habe ich keine Logs mehr. Das letzte Mal als Norton etwas gefunden hatte war im letzten Sept.(wahrscheinlich zeus).
In den letzten Tagen wurde mir eben nur diese Cloud-Meldung angezeigt, kurz bevor ich dann auch das Addon hatte.
Ich hab dir einfach einmal den Log aus der Nortonhistorie dazugepostet. Der sagt aber wahrscheinlich nicht viel aus.

Norton

Code:
ATTFilter
Kategorie: Norton Community Watch
Datum/Uhrzeit,Risiko,Aktivität,Status,Empfohlene Aktion,Aktualisierungsdatum,Übertragen von,Beschreibung,Übertragungsdetails
13.03.2014 22:24:26,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:26,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:24:03,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:03,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:24:03,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:03,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................  <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^.....  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:24:00,Infos,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:24:00,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,___________  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 77 09 00 00 CD 7C EE .........w....|.  <br>A7 A8 55 3E 06 00 00 00 00 60 1F F5 21 04 03 00 ..U>.....`..!...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:23:59,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:59,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:23:59,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:59,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:23:58,Infos,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:58,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,_________  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 C2 57 53 ..............WS  <br>70 65 F4 08 CB 00 00 00 00 EE AD 3F A1 04 03 00 pe.........?....  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 22:23:57,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,13.03.2014 22:23:57,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................  <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^.....  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
13.03.2014 20:42:40,Infos,Beispielübermittlung: Suspicious.Cloud.9,Ausstehend,Keine Aktion erforderlich,13.03.2014 20:42:40,Norton Internet Security,Beispielübermittlung: Suspicious.Cloud.9,CSIDL_PROGRAM_FILES\hdtotal1.1\utils.exe
13.03.2014 20:40:08,Infos,Statistische Übermittlung: Suspicious.Cloud.9,Ausstehend,Keine Aktion erforderlich,13.03.2014 20:40:08,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9,CSIDL_PROGRAM_FILES\hdtotal1.1\utils.exeDetection Digest:  <br>03 00 EA AF 0F 01 00 03 00 53 B0 21 00 CE 8B C8 .........S.!....  <br>9C 3A 5F E6 A7 00 00 00 00 36 33 A6 67 04 03 00 .:_......63.g...  <br>00 C8 19 03 06 00 01 02 03 0E 01 00 05 4E 00 5C .............N.\  <br>44 65 76 69 63 65 5C 48 61 72 64 64 69 73 6B 56 Device\HarddiskV  <br>6F 6C 75 6D 65 32 5C 55 73 65 72 73 5C 6D 61 72 olume2\Users\mar  <br>69 75 73 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 ius\AppData\Loca  <br>6C 5C 54 65 6D 70 5C 6E 73 6B 39 33 33 43 2E 74 l\Temp\nsk933C.t  <br>6D 70 5C 41 76 6F 68 79 70 2E 65 78 65          mp\Avohyp.exe     <br>
11.03.2014 18:12:46,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:12:46,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................  <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^.....  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 18:07:40,Infos,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:07:40,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.L Entlastet,___________  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 77 09 00 00 CD 7C EE .........w....|.  <br>A7 A8 55 3E 06 00 00 00 00 60 1F F5 21 04 03 00 ..U>.....`..!...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 18:06:24,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:06:24,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 18:05:23,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:05:23,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 18:02:18,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:02:18,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 18:02:12,Infos,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:02:12,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.7.F Entlastet,______  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 52 2B F7 .............R+.  <br>F7 B4 F8 08 7D 00 00 00 00 4E 07 00 2A 04 03 00 ....}....N..*...  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 18:01:03,Infos,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 18:01:03,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.5 Entlastet,_________  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 C2 57 53 ..............WS  <br>70 65 F4 08 CB 00 00 00 00 EE AD 3F A1 04 03 00 pe.........?....  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
11.03.2014 17:26:40,Infos,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,Ausstehend,Keine Aktion erforderlich,11.03.2014 17:26:40,Norton Internet Security,Statistische Übermittlung: Suspicious.Cloud.9 Entlastet,_8408c25eebdc690b7fb36c5d82a0c981  <br>Detection Digest:  <br>03 00 EA AF 0F 01 00 02 00 00 00 00 00 CE 8B C8 ................  <br>9C 7C 29 A5 07 00 00 00 00 6C 5E A1 B8 04 03 00 .|)......l^.....  <br>00 C8 19 03 06 00 01 02 03 00 00 00             ............      <br>
         
Gruss Tomte
__________________

Alt 24.03.2014, 10:18   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.03.2014, 15:26   #5
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Code:
ATTFilter
ComboFix 14-03-24.01 - ****** 24.03.2014  15:42:46.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.41.1031.18.3954.2409 [GMT 1:00]
ausgeführt von:: c:\users\******\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\******.V2\prfE4DE.tmp
c:\users\******\AppData\Roaming\Microsoft\Windows\Recent\Mein DVD Sammel-Thread.url
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome.manifest
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\asyncDB.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\background.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\browserAction.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\contextMenu.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\dbManager.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\dom_bg.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\fileManager.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\firefox.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\firefoxNotifications.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\firefoxOmnibox.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\message.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\pageAction.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\request.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\tabs.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\webRequest.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\api\windowsMessagingHandler.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\background.html
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\baseObject.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\browser.xul
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\addressBarChangeObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\console.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\consts.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\delegate.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\extensionDataStore.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\folderIOWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\httpObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\IDBWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\installer.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\logFile.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\prefs.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\progressListenerObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\registry.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\reloadObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\reports.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\requestObject.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\searchSettings.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\uninstallObserver.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\updateManager.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\utils.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\core\xhr.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\dialog.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\ffCoreFilesIndex.txt
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\main.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\options.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\options.xul
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\platformVersion.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\chrome\content\search_dialog.xul
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\defaults\preferences\prefs.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\manifest.xml
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins.json
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\1_base.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\102_dealply_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\103_intext_5_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\104_jollywallet_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\119_similar_web_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\123_intext_adv_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\17_jQuery.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\182_openUrl.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\183_tabsWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\190_pops_5_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\191_ciuvo_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\207_dbWrapper.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\21_debug.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\22_resources.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\220_icm_base_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\221_icm_downloads_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\223_imonomy_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\226_set_campaign_id_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\231_revizer_ws_dynamic_2_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\232_revizer_p_dynamic_2_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\246_setup.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\28_initializer.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\47_resources_background.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\64_appApiMessage.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\7_hooks.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\72_appApiValidation.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\9_search_engine_hook.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\91_monetizationLoader.js.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\plugins\98_omniCommands.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\userCode\background.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\extensionData\userCode\extension.js
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\install.rdf
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\locale\en-US\translations.dtd
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button1.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button2.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button3.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button4.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\button5.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\crossrider_statusbar.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon128.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon16.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon24.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\icon48.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\panelarrow-up.png
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\popup.html
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\skin.css
c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\extensions\9ee595b4-f5ec-4afb-bea5-3c873daf5e4a@9725de39-97db-467b-bf84-04c276190009.com\skin\update.css
c:\users\******\ptw12.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vpnagent
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-02-24 bis 2014-03-24  ))))))))))))))))))))))))))))))
.
.
2014-03-23 16:37 . 2014-03-23 16:39	--------	d-----w-	C:\FRST
2014-03-19 19:37 . 2014-03-19 19:37	--------	d-----w-	c:\users\******\AppData\Roaming\Skype
2014-03-19 17:45 . 2014-03-19 21:57	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2014-03-19 07:50 . 2014-03-19 07:51	--------	d-----w-	c:\windows\system32\drivers\NISx64\1502000.026
2014-03-14 06:45 . 2014-01-28 02:32	228864	----a-w-	c:\windows\system32\wwansvc.dll
2014-03-14 06:45 . 2014-02-04 02:32	624128	----a-w-	c:\windows\system32\qedit.dll
2014-03-14 06:45 . 2014-02-04 02:04	509440	----a-w-	c:\windows\SysWow64\qedit.dll
2014-03-14 06:45 . 2014-01-29 02:32	484864	----a-w-	c:\windows\system32\wer.dll
2014-03-14 06:45 . 2014-01-29 02:06	381440	----a-w-	c:\windows\SysWow64\wer.dll
2014-03-14 06:45 . 2014-02-07 01:23	3156480	----a-w-	c:\windows\system32\win32k.sys
2014-03-14 06:44 . 2014-02-04 02:32	1424384	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-14 06:44 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\SysWow64\WindowsCodecs.dll
2014-03-13 19:40 . 2014-03-15 20:33	--------	d-----w-	c:\users\******\AppData\Local\FilesFrog Update Checker
2014-03-13 19:40 . 2014-03-18 13:41	--------	d-----w-	c:\program files (x86)\hdtotal1.1
2014-03-13 19:39 . 2014-03-23 11:43	--------	d-----w-	c:\program files (x86)\Virtual WiFi Router
2014-02-28 10:50 . 2014-02-28 10:50	--------	d-----w-	c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 07:42 . 2010-10-05 20:46	90015360	----a-w-	c:\windows\system32\MRT.exe
2014-03-12 09:30 . 2012-04-24 18:51	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 09:30 . 2011-07-18 17:44	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-26 13:43 . 2013-12-26 13:45	31040	----a-w-	c:\windows\system32\nvhdap64.dll
2013-12-26 13:43 . 2013-12-26 13:45	188224	----a-w-	c:\windows\system32\drivers\nvhda64v.sys
2013-12-26 13:43 . 2013-12-26 13:45	1451840	----a-w-	c:\windows\system32\nvhdagenco6420103.dll
2013-12-26 13:43 . 2013-12-26 13:46	68928	----a-w-	c:\windows\system32\OpenCL.dll
2013-12-26 13:43 . 2013-12-26 13:46	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-12-26 13:43 . 2013-12-26 13:45	7734592	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-12-26 13:43 . 2009-12-08 03:54	9740608	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-12-26 13:43 . 2013-12-26 13:45	25569088	----a-w-	c:\windows\system32\nvoglv64.dll
2013-12-26 13:43 . 2013-12-26 13:45	19468096	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-12-26 13:43 . 2013-12-26 13:45	14388032	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-12-26 13:43 . 2013-12-26 13:45	8046912	----a-w-	c:\windows\system32\nvcuda.dll
2013-12-26 13:43 . 2013-12-26 13:45	5924672	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-12-26 13:43 . 2013-12-26 13:45	2873664	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-12-26 13:43 . 2013-12-26 13:45	2673984	----a-w-	c:\windows\system32\nvcuvid.dll
2013-12-26 13:43 . 2013-12-26 13:45	2518336	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-12-26 13:43 . 2013-12-26 13:45	2438464	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-12-26 13:43 . 2013-12-26 13:45	17543488	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-12-26 13:43 . 2013-12-26 13:45	1737536	----a-w-	c:\windows\system32\nvdispco64.dll
2013-12-26 13:43 . 2013-12-26 13:45	1466176	----a-w-	c:\windows\system32\nvgenco64.dll
2013-12-26 13:43 . 2009-12-08 03:54	17674048	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-12-26 13:43 . 2009-12-08 03:54	15035200	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-12-26 13:43 . 2013-12-26 13:45	25222464	----a-w-	c:\windows\system32\nvcompiler.dll
2013-12-26 13:43 . 2013-12-26 13:45	2324288	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-12-26 13:43 . 2009-12-08 03:54	2685760	----a-w-	c:\windows\system32\nvapi64.dll
2013-12-24 23:09 . 2014-02-13 18:16	1987584	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-13 18:16	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-11-04 111640]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"Smart File Advisor"="c:\program files (x86)\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-08-17 336992]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-10-28 311152]
.
c:\users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 rgsender;Remote Graphics Sender Service;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [x]
R2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
R2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
R2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [x]
S1 RsvLock;RsvLock; [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;c:\windows\system32\DRIVERS\ekaprot6.sys;c:\windows\SYSNATIVE\DRIVERS\ekaprot6.sys [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 Hp.Skyroom.Windows.Service;HP SkyRoom;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe;c:\program files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x]
S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe;c:\program files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [x]
S2 SebWindowsService;SEB Windows Service;c:\program files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe;c:\program files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys;c:\windows\SYSNATIVE\DRIVERS\rismcx64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 09:30]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20 09:57]
.
2014-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
- c:\users\******\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-20 09:57]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-chromeinstaller.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-chromeinstaller.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-codedownloader.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-codedownloader.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-enabler.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-enabler.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-firefoxinstaller.exe [2014-03-13 19:40]
.
2014-03-24 c:\windows\Tasks\hdtotal1.1-updater.job
- c:\program files (x86)\hdtotal1.1\hdtotal1.1-updater.exe [2014-03-13 19:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-04-05 186904]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2009-11-19 1690680]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" [2009-11-19 363064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-11-18 487424]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-12-26 1694016]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: NameServer = 10.148.96.2,10.156.33.53
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\
FF - prefs.js: browser.startup.homepage - www.google.ch
FF - user.js: general.useragent.extra.brc - 
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3034626353-47612434-3097707952-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d0,b6,35,59,2b,5f,11,80,19,72,0a,f2,02,71,fa,f2,54,fa,72,4b,a5,07,ef,
   05,98,fe,19,3b,c2,14,ca,b0,53,8c,cb,29,22,33,2f,a7,4b,f5,c8,a0,27,1b,ae,0a,\
"??"=hex:4d,49,2a,fc,53,56,e3,6b,79,cd,07,aa,fd,c3,df,2d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\users\******\AppData\Local\FilesFrog Update Checker\update_checker.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-03-24  16:10:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-03-24 15:10
.
Vor Suchlauf: 19 Verzeichnis(se), 36'797'706'240 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 36'080'119'808 Bytes frei
.
- - End Of File - - 3E6DAE0A401C98D4DE378E292013F4BB
A36C5E4F47E84449FF07ED3517B43A31
         


Alt 24.03.2014, 15:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> HD-Total Addware in Firefox

Alt 24.03.2014, 16:24   #7
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Hier schon mal der Log vom AdwCleaner (Die anderen reiche ich nach). Beim Neustart bekam ich zwei Meldungen:

-Ich wurde gefragt, ob ich Smart File Advisor installieren will.
-Und eine Meldung: "EFS den Schlüssel für die Dateiverschlüsselung sichern"

AdwCleaner

Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 24/03/2014 um 16:41:03
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : ***** - R108016
# Gestartet von : C:\Users\*****\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\hdtotal1.1
Ordner Gelöscht : C:\Users\*****\AppData\Local\FilesFrog Update Checker 
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker 
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\user.js
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-chromeinstaller.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-chromeinstaller
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-codedownloader.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-codedownloader
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-enabler.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-enabler
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-firefoxinstaller.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-firefoxinstaller
Datei Gelöscht : C:\windows\Tasks\hdtotal1.1-updater.job
Datei Gelöscht : C:\windows\System32\Tasks\hdtotal1.1-updater

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053360.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522332260}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555335560}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566336660}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544334460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33da5299-b84d-46d5-870a-ba0c43fa824a}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc8b46a8-e1fd-46cc-8b5d-a314995585b2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522332260}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555335560}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566336660}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33da5299-b84d-46d5-870a-ba0c43fa824a}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc8b46a8-e1fd-46cc-8b5d-a314995585b2}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Somoto
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\hdtotal1.1
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\hdtotal1.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hdtotal1.1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.InstallationThankYouPage", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.InstallationTime", 1394739595);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360_dbWasSet_FF25_FIX", true[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.active", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.addressbar", "NA");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.addressbarenhanced", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncdb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncdb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncdb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncinternaldb.was_copied", "true");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncinternaldb_dbWasSet", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.asyncinternaldb_dbWasSet_FF25_FIX", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.backgroundver", 1);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.certdomaininstaller", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.changeprevious", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallationTime.value", "%221394739595%22");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.cookie.InstallerParams.value", "%7B%22source_id%22%3A%22001278%22%2C%22sub_id%22%3A%220%22%2C%22uz[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.description", "HD-Total is an add-on for your Internet browser that enhances your online experienc[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.domain", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.enablesearch", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.homepage", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.iframe", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2290542B159C8B462A9C73638973E1E[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParams.value", "%7B%22source_id%22%3A%22001278%22%2C%22sub_id%22%3A%220%22%2C%[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParamsCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerParamsCache.value", "%7B%22source_id%22%3A%22001278%22%2C%22sub_id%22%3A%220%2[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerUserIdentifiersCache.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.InstallerUserIdentifiersCache.value", "%7B%22installer_bic%22%3A%2290542B159C8B462A9C73[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_appVer.value", "32");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_lastVersion.value", "1");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_meta.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_nextCheck.expiration", "Mon Mar 24 2014 21:14:03 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_nextCheck.value", "true");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_queue.value", "%7B%7D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_remote_resources.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.Resources_remote_resources.value", "%7B%22remoteId%22%3A0%7D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.__defualt_browser__.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.__defualt_browser__.value", "%22ff%22");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%2290542B15[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledUrls.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledWithHash.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_bundledWithHash.value", "null");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_notBundledArr_.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.internaldb.monetization_plugin_notBundledArr_.value", "%5B%5D");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.lastDailyReport", "1395670442065");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.lastUpdate", "1395670443956");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.manifesturl", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.name", "HD-Total-1.1");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.newtab", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.opensearch", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/53360/plugins/094/ff/plugins.json");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.pluginsversion", 27);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.publisher", "HQ-Video");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.searchstatus", 0);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.setnewtab", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.thankyou", "");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.updateinterval", 360);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.53360.ver", 32);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.FilesValidatorDueTime", "1395670496775");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.apps", "53360");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.bic", "144bcf8bdf2ad5f7ed9a8f085f3d59b4");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.cid", 53360);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.firstrun", false);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.hadappinstalled", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.installationdate", 1394881354);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.modetype", "production");
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.reportInstall", true);
Zeile gelöscht : user_pref("extensions.a9ee595b4f5ec4afbbea53c873daf5e4a9725de3997db467bbf8404c276190009com53360.statsDailyCounter", 10);
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144bcf8bdf2ad5f7ed9a8f085f3d59b4");

*************************

AdwCleaner[R0].txt - [19888 octets] - [24/03/2014 16:39:37]
AdwCleaner[S0].txt - [18410 octets] - [24/03/2014 16:41:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18471 octets] ##########
         
JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x64
Ran by ****** on 24.03.2014 at 16:58:30.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\o3tb5dj0.default\minidumps [110 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.03.2014 at 17:05:40.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by ****** (administrator) on R108016 on 24-03-2014 17:13:18
Running from C:\Users\******\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe
(Hewlett-Packard Company) C:\windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Microsoft Corporation) C:\windows\system32\efsui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Hewlett-Packard Company) c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Solid Documents, LLC) C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe
(ETH Zurich) C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard, Inc.) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(McAfee, Inc.) c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Lens\Hp.SkyRoom.Windows.RgsPlugin.Lens.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Licensing\Hp.SkyRoom.Windows.RgsPlugin.Licensing.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-04-05] (Intel Corporation)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [1690680 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2009-11-19] (Hewlett-Packard)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-11-18] (IDT, Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1694016 2013-12-26] ()
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Smart File Advisor] - C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-08-17] (Power Software Ltd)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-10-28] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/16
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll ()
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Tcpip\..\Interfaces\{06B69ADD-44EC-49C3-AB37-7508C9DBFDCD}: [NameServer]10.148.96.2,10.156.33.53

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default
FF Homepage: www.google.ch
FF NetworkProxy: "autoconfig_url", "hxxp://pac.zhaw.ch/proxy.pac"
FF NetworkProxy: "backup.ftp", "46.163.66.107"
FF NetworkProxy: "backup.ftp_port", 1080
FF NetworkProxy: "backup.socks", "46.163.66.107"
FF NetworkProxy: "backup.socks_port", 1080
FF NetworkProxy: "backup.ssl", "46.163.66.107"
FF NetworkProxy: "backup.ssl_port", 1080
FF NetworkProxy: "ftp", "212.144.254.123"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "http", "212.144.254.123"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "212.144.254.123"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "212.144.254.123"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Copy Links - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{76C80A11-FAD4-406c-8246-F5ED4F9367B5} [2011-08-09]
FF Extension: WOT - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-28]
FF Extension: Proxy-Listen.de - Proxyswitcher - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\admin@proxy-listen.de.xpi [2013-01-19]
FF Extension: Flagfox - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-03-09]
FF Extension: NoScript - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-12-20]
FF Extension: BugMeNot Plugin - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-01-02]
FF Extension: DownThemAll! - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\o3tb5dj0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-23]

==================== Services (Whitelisted) =================

R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R3 DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2009-11-11] (McAfee, Inc.)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P)
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124984 2009-11-20] (Hewlett-Packard)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [277096 2009-11-11] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [275696 2013-10-08] (Symantec Corporation)
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.)
R2 SCPDFReadSpool; C:\Program Files (x86)\SolidDocuments\Solid Converter PDF\SCPDF\SolidConverterPDFServicex64.exe [193392 2012-09-10] (Solid Documents, LLC)
R2 SebWindowsService; C:\Program Files (x86)\ETH Zuerich\SEB Windows 1.9.1\SebWindowsService\SebWindowsService.exe [32256 2012-12-19] (ETH Zurich)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_c06efa65923f756e\STacSV64.exe [244224 2009-11-18] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
R2 EkaProt6; C:\Windows\System32\DRIVERS\ekaprot6.sys [27288 2010-10-18] (Ekahau Inc.)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140321.001\IDSvia64.sys [524504 2014-03-06] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\ENG64.SYS [126040 2014-03-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140322.002\EX64.SYS [2099288 2014-03-14] (Symantec Corporation)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [19032 2013-07-01] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [12384 2013-07-01] ()
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2009-11-11] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2009-11-11] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2009-11-11] ()
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2009-11-11] (McAfee, Inc.)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2009-11-11] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2009-11-11] (McAfee, Inc.)
R0 snapman380; C:\Windows\System32\DRIVERS\snman380.sys [237600 2010-10-11] (Acronis)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2010-06-03] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R0 tdrpman174; C:\Windows\System32\DRIVERS\tdrpm174.sys [1581088 2010-10-11] (Acronis)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-24 17:13 - 2014-03-24 17:13 - 00022455 _____ () C:\Users\******\Desktop\FRST.txt
2014-03-24 17:05 - 2014-03-24 17:05 - 00000760 _____ () C:\Users\******\Desktop\JRT.txt
2014-03-24 16:58 - 2014-03-24 16:58 - 00000000 ____D () C:\windows\ERUNT
2014-03-24 16:56 - 2014-03-24 16:56 - 01038974 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-03-24 16:39 - 2014-03-24 16:41 - 00000000 ____D () C:\AdwCleaner
2014-03-24 16:37 - 2014-03-24 16:37 - 01950720 _____ () C:\Users\******\Desktop\adwcleaner.exe
2014-03-24 16:14 - 2014-03-24 16:14 - 00050619 _____ () C:\Users\******\Desktop\combo.txt
2014-03-24 16:10 - 2014-03-24 16:10 - 00050619 _____ () C:\ComboFix.txt
2014-03-24 15:39 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-03-24 15:39 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-03-24 15:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-03-24 15:39 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-03-24 15:29 - 2014-03-24 16:10 - 00000000 ____D () C:\Qoobox
2014-03-24 15:29 - 2014-03-24 16:07 - 00000000 ____D () C:\windows\erdnt
2014-03-24 15:26 - 2014-03-24 15:26 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-24 15:24 - 2014-03-24 15:24 - 05192353 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-03-23 18:20 - 2014-03-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 17:37 - 2014-03-24 17:13 - 00000000 ____D () C:\FRST
2014-03-23 17:35 - 2014-03-23 17:36 - 02157056 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-03-23 17:33 - 2014-03-24 17:12 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:45 - 2014-03-19 22:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-15 09:38 - 2014-03-23 18:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-14 10:41 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-14 10:41 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-14 10:41 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-14 10:41 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-14 10:41 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-14 10:41 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-14 10:41 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-14 10:41 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-14 10:41 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-14 10:41 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-14 10:41 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-14 10:41 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-14 10:41 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-14 10:41 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-14 10:41 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-14 10:41 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-14 10:41 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-14 10:41 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-14 10:41 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-14 10:41 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-14 10:41 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-14 10:41 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-14 10:41 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-14 10:41 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-14 10:41 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-14 10:41 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-14 10:41 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-14 10:41 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-14 07:45 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-14 07:45 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-14 07:45 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-14 07:45 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-14 07:45 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-14 07:45 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-14 07:44 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-14 07:44 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-13 20:49 - 2014-03-23 13:08 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:39 - 2014-03-23 12:43 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-06 09:51 - 2014-03-24 16:42 - 00000560 _____ () C:\windows\setupact.log
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:50 - 2014-03-24 15:57 - 00114564 _____ () C:\windows\PFRO.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip

==================== One Month Modified Files and Folders =======

2014-03-24 17:13 - 2014-03-24 17:13 - 00022455 _____ () C:\Users\******\Desktop\FRST.txt
2014-03-24 17:13 - 2014-03-23 17:37 - 00000000 ____D () C:\FRST
2014-03-24 17:12 - 2014-03-23 17:33 - 00000000 ____D () C:\Users\******\Documents\Toolsammlung_fuer_Virusscan
2014-03-24 17:05 - 2014-03-24 17:05 - 00000760 _____ () C:\Users\******\Desktop\JRT.txt
2014-03-24 17:02 - 2013-01-20 10:57 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001UA.job
2014-03-24 16:58 - 2014-03-24 16:58 - 00000000 ____D () C:\windows\ERUNT
2014-03-24 16:56 - 2014-03-24 16:56 - 01038974 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-03-24 16:51 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-24 16:51 - 2009-07-14 05:45 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-24 16:47 - 2010-09-03 21:29 - 00723100 _____ () C:\windows\system32\perfh007.dat
2014-03-24 16:47 - 2010-09-03 21:29 - 00158370 _____ () C:\windows\system32\perfc007.dat
2014-03-24 16:47 - 2009-07-14 06:13 - 01667084 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-24 16:43 - 2012-03-11 15:40 - 00000000 ___RD () C:\Users\******\Dropbox
2014-03-24 16:43 - 2012-03-11 15:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-03-24 16:43 - 2010-09-03 21:30 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-03-24 16:42 - 2014-03-06 09:51 - 00000560 _____ () C:\windows\setupact.log
2014-03-24 16:42 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-24 16:41 - 2014-03-24 16:39 - 00000000 ____D () C:\AdwCleaner
2014-03-24 16:41 - 2010-09-03 23:09 - 01075711 _____ () C:\windows\WindowsUpdate.log
2014-03-24 16:37 - 2014-03-24 16:37 - 01950720 _____ () C:\Users\******\Desktop\adwcleaner.exe
2014-03-24 16:29 - 2012-07-28 17:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-24 16:14 - 2014-03-24 16:14 - 00050619 _____ () C:\Users\******\Desktop\combo.txt
2014-03-24 16:10 - 2014-03-24 16:10 - 00050619 _____ () C:\ComboFix.txt
2014-03-24 16:10 - 2014-03-24 15:29 - 00000000 ____D () C:\Qoobox
2014-03-24 16:10 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-03-24 16:07 - 2014-03-24 15:29 - 00000000 ____D () C:\windows\erdnt
2014-03-24 15:58 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-03-24 15:57 - 2014-03-06 09:50 - 00114564 _____ () C:\windows\PFRO.log
2014-03-24 15:57 - 2013-01-20 10:57 - 00000860 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3034626353-47612434-3097707952-1001Core.job
2014-03-24 15:57 - 2012-05-08 19:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 15:56 - 2009-07-14 03:34 - 91226112 _____ () C:\windows\system32\config\SOFTWARE.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 24379392 _____ () C:\windows\system32\config\SYSTEM.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 01048576 _____ () C:\windows\system32\config\DEFAULT.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak
2014-03-24 15:56 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak
2014-03-24 15:49 - 2010-11-10 18:04 - 00000000 ____D () C:\Users\******.V2
2014-03-24 15:49 - 2010-09-30 16:14 - 00000000 ____D () C:\Users\******
2014-03-24 15:26 - 2014-03-24 15:26 - 00000000 _____ () C:\Users\******\defogger_reenable
2014-03-24 15:24 - 2014-03-24 15:24 - 05192353 ____R (Swearware) C:\Users\******\Desktop\ComboFix.exe
2014-03-23 18:59 - 2012-04-22 09:48 - 00000000 ____D () C:\Users\******\AppData\Local\CrashDumps
2014-03-23 18:38 - 2014-03-15 09:38 - 00000000 ____D () C:\Users\******\Desktop\Scan_13.3.14
2014-03-23 18:20 - 2014-03-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-23 17:36 - 2014-03-23 17:35 - 02157056 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2014-03-23 13:08 - 2014-03-13 20:49 - 00000515 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-03-23 12:43 - 2014-03-13 20:39 - 00000000 ____D () C:\Program Files (x86)\Virtual WiFi Router
2014-03-22 01:22 - 2012-04-20 17:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\vlc
2014-03-20 18:51 - 2014-03-20 18:51 - 06659584 _____ () C:\Users\******\Downloads\SS 2013.zip
2014-03-20 15:43 - 2014-03-20 15:43 - 00009404 _____ () C:\Users\******\Desktop\Stundenplan.xlsx
2014-03-20 15:40 - 2012-09-10 12:44 - 00001370 _____ () C:\Users\******\AppData\Roaming\MobileToolAnyConnectV3.ini
2014-03-20 08:37 - 2013-05-17 11:02 - 00000000 ____D () C:\Users\******\Documents\Kochen
2014-03-19 22:57 - 2014-03-19 18:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-03-19 20:37 - 2014-03-19 20:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Skype
2014-03-19 18:06 - 2013-10-03 20:44 - 00000000 ____D () C:\Users\******\Documents\Arbeitspläne, Erzbierschof
2014-03-19 08:50 - 2010-09-30 16:44 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-03-19 08:46 - 2012-12-07 15:25 - 00000039 _____ () C:\windows\vbaddin.ini
2014-03-19 08:46 - 2012-09-08 14:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 08:45 - 2013-07-28 20:59 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 08:42 - 2010-10-05 21:46 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-18 08:04 - 2011-11-08 21:29 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-18 08:04 - 2010-10-08 16:54 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-03-15 22:52 - 2012-05-28 14:09 - 00000000 ____D () C:\Users\******\Documents\Studium
2014-03-15 20:09 - 2013-10-21 14:28 - 00000000 ____D () C:\Users\******\Documents\Bier
2014-03-15 11:53 - 2009-07-14 05:45 - 00422576 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 11:52 - 2013-03-21 08:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 10:20 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-03-13 20:40 - 2014-03-13 20:40 - 00003250 _____ () C:\windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-03-13 20:39 - 2014-03-13 20:39 - 00001139 _____ () C:\Users\Public\Desktop\Virtual WiFi Router.lnk
2014-03-13 20:37 - 2014-03-13 20:37 - 01081214 _____ (Virtual WiFi Router, Inc. ) C:\Users\******\Downloads\Virtual_WiFi_Router_3.0.1.1_Setup.exe
2014-03-12 10:30 - 2012-07-28 17:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 10:30 - 2012-04-24 19:51 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:30 - 2011-07-18 18:44 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-06 23:10 - 2014-02-02 17:19 - 00000000 ____D () C:\Users\******\AppData\Local\JDownloader v2.0
2014-03-06 23:03 - 2011-07-17 13:08 - 00000000 ____D () C:\Users\******\Downloads\jdownloader
2014-03-06 09:51 - 2014-03-06 09:51 - 00000000 _____ () C:\windows\setuperr.log
2014-03-06 09:19 - 2014-03-06 09:19 - 00029106 _____ () C:\Users\******\Desktop\cc_20140306_091848.reg
2014-03-01 10:47 - 2010-10-09 19:10 - 01612384 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-14 10:41 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 10:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 10:41 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 10:41 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 10:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 10:41 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 10:41 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 10:41 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 10:41 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 10:41 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 10:41 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 10:41 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 10:41 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 10:41 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 10:41 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 10:41 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 10:41 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 10:41 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 10:41 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 10:41 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 10:41 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 10:41 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 10:41 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 10:41 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 10:41 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 10:41 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 10:41 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 10:41 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 10:41 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 10:41 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 10:41 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 10:41 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 10:41 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 10:41 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 10:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 10:41 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 10:41 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-25 13:49 - 2010-10-01 01:06 - 00000000 ____D () C:\windows\rescache
2014-02-24 13:22 - 2014-02-24 13:22 - 00947381 _____ () C:\Users\******\Downloads\Willkommen_in_Freising_-_Welcome_to_Freising!.zip

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-22 15:11

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

Alt 24.03.2014, 21:33   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.03.2014, 21:17   #9
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Den Scan mit Malwarebytes habe ich bereits gemacht (2 Überbleibsel). ESET musste ich leider abbrechen, weil er über 2h dauerte und ich den Computer benötigte. Hoffentlich schaffe ich es morgen den Computer so lange zu entbehren.
Ist das eigentlich ungefährlich den Scan ohne Firewall durchzuführen? Kann ich mir da nicht was übers LAN einfangen?

MBAM

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 25.03.2014
Scan Time: 08:08:37
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.0.1000
Malware Database: v2014.03.25.02
Rootkit Database: v2014.03.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ******

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 297955
Time Elapsed: 13 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.HDTotal.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\hdtotal1.1, Quarantined, [9cdabc4b4e2d86b05ee6dab732d1926e], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\******\AppData\Roaming\PowerISO\Upgrade\PowerISO5.exe, Quarantined, [1363d235a7d476c09e8efd288e76926e], 

Physical Sectors: 0
(No malicious items detected)


(end)
         

Alt 26.03.2014, 00:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Zitat:
Kann ich mir da nicht was übers LAN einfangen?
Wenn man alles falsch macht, sämtliche Geräte in sein LAN lässt und sein Windows nie updated, ja dann bin ich mir sicher, dass man ne größere Chance hat sowas wie Netzwerkwürmer auf sein System zu lassen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2014, 11:25   #11
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



So, hier noch der ESET-Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=808212b3e3b5c047b23fdca067af711d
# engine=17600
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-25 08:25:07
# local_time=2014-03-25 09:25:07 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 3070789 158332492 0 0
# compatibility_mode=5893 16776574 66 85 21222235 147365757 0 0
# scanned=53798
# found=0
# cleaned=0
# scan_time=3611
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=808212b3e3b5c047b23fdca067af711d
# engine=17612
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-25 09:03:06
# local_time=2014-03-25 10:03:06 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 3112668 158377971 0 0
# compatibility_mode=5893 16776574 66 85 21267714 147411236 0 0
# scanned=159702
# found=0
# cleaned=0
# scan_time=9146
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=808212b3e3b5c047b23fdca067af711d
# engine=17624
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-26 10:12:22
# local_time=2014-03-26 11:12:22 (+0100, Mitteleuropäische Zeit)
# country="Switzerland"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 88 3163624 158425327 0 0
# compatibility_mode=5893 16776574 66 85 21315070 147458592 0 0
# scanned=247969
# found=0
# cleaned=0
# scan_time=9841
         

Alt 26.03.2014, 11:32   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



TFC - Temp File Cleaner

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.




Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.03.2014, 17:56   #13
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Hi cosinus

Vielen Dank für die Tipps. Ich hatte bis jetzt eigentlich einfach NoScript als Addon und den Browser auf privaten Modus eingestellt.

Folgende Probleme/Fragen hätte ich noch:

-Ich habe einen VPN-Client (Cisco AnyClient) installiert, welcher jetzt nicht mehr funktioniert. Das Programm antwortet nicht und man soll es in 1 Minute nochmals versuchen. Neu installieren und konfigurieren?

-Den Virtual Wifi Router kann ich bedenkenlos nutzen oder? Also im Sinne von, dass er auch das tut was er soll.

-Beim Neutstart krieg ich die Meldung das ich den Schlüssel für die Dateiverschlüsselung sichern soll. Ist das normal? Einfach ausführen und auf extern HD speichern?

Sonst alles top! Browser ist wieder sauber und ich zufrieden. Schon mal ein dickes

Alt 26.03.2014, 21:15   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Zitat:
-Ich habe einen VPN-Client (Cisco AnyClient) installiert, welcher jetzt nicht mehr funktioniert. Das Programm antwortet nicht und man soll es in 1 Minute nochmals versuchen. Neu installieren und konfigurieren?
Ausprobieren. Ich kann dir leider keine Auskunft und Support für jedes Programm auf der Welt geben

Zitat:
-Den Virtual Wifi Router kann ich bedenkenlos nutzen oder? Also im Sinne von, dass er auch das tut was er soll.
Was auch immer wovon das sein mag
Zitat:
-Beim Neutstart krieg ich die Meldung das ich den Schlüssel für die Dateiverschlüsselung sichern soll. Ist das normal? Einfach ausführen und auf extern HD speichern?
Wer genau sagt das?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.03.2014, 14:49   #15
Tomte21
 
HD-Total Addware in Firefox - Standard

HD-Total Addware in Firefox



Zitat:
-Beim Neutstart krieg ich die Meldung das ich den Schlüssel für die Dateiverschlüsselung sichern soll. Ist das normal? Einfach ausführen und auf extern HD speichern?
Wer genau sagt das?
Die Meldung kommt in der Windowstaskleiste und heisst "EFS Schlüssel für Dateiverschlüsselung sichern"
Hat sich aber erledigt. Ich habe in der cmd mal nachgeschaut welche verschlüsselten Dateien ich habe. Das sind nur einige Dateien die von einem Mac importiert wurden.

Sonst alles i.O.

Antwort

Themen zu HD-Total Addware in Firefox
acrobat update, bho, bonjour, browser, desktop, device driver, email, firefox, flash player, helper, hijack, hijackthis, homepage, internet, internet explorer, launch, logfile, monitor, mozilla, object, poweriso, programm, scan, security, software, svchost.exe, symantec, usb, windows



Ähnliche Themen: HD-Total Addware in Firefox


  1. Positive Finds addware...
    Plagegeister aller Art und deren Bekämpfung - 13.02.2015 (5)
  2. Verdacht auf malware oder addware!
    Log-Analyse und Auswertung - 03.07.2014 (8)
  3. PC nicht ganz sauber nach ib.adnxs.com addware
    Log-Analyse und Auswertung - 21.05.2014 (17)
  4. Addware (Intelitxt ähnlich)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2014 (10)
  5. BetterSurf Addware nur halb entfernt
    Plagegeister aller Art und deren Bekämpfung - 22.02.2014 (35)
  6. Mein Firefox und meine Maus spinnt total! Möglicherweise ein Virus?
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (1)
  7. Firefox CPU-Auslastung immer 50% - Rechner total lahm
    Log-Analyse und Auswertung - 29.06.2011 (8)
  8. Firefox total langsam / Chrome läuft gut /Antivir mehrere Funde
    Log-Analyse und Auswertung - 22.08.2010 (3)
  9. Firefox CPU-Auslastung immer 50% - Rechner total lahm
    Netzwerk und Hardware - 31.12.2009 (32)
  10. Internet Explorer poppt auf - Trojaner? AddWare?
    Log-Analyse und Auswertung - 14.05.2009 (4)
  11. Firefox is total langsam
    Log-Analyse und Auswertung - 23.02.2009 (4)
  12. Ratlos hier sitze Firefox total langsam
    Mülltonne - 14.11.2008 (0)
  13. Ich bin nur noch am verzweifeln, firefox spinnt total wegen security-notifications...
    Mülltonne - 08.09.2008 (0)
  14. Firefox total lahm und IE stürzt ständig ab, bin total unbeholfen und keine Ahnung
    Plagegeister aller Art und deren Bekämpfung - 05.06.2008 (30)
  15. mozilla firefox spinnt total!viren?
    Netzwerk und Hardware - 23.04.2008 (12)
  16. firefox öffnet sich selbstständig , nervt total da auch bei tastendruck...
    Mülltonne - 26.02.2007 (2)
  17. Firefox spinnt total!
    Alles rund um Windows - 02.01.2006 (1)

Zum Thema HD-Total Addware in Firefox - Hallo Als ich mich vor gut einer Woche via Kabel mit dem Internet verbunden habe, hat Norton Alarm geschlagen (suspicious Cloud 9). Ich hatte mir das Programm Virtual Wifi Router - HD-Total Addware in Firefox...
Archiv
Du betrachtest: HD-Total Addware in Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.