Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows 7 32bit - weißer Bildschirm nach Anmeldung

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.06.2014, 18:41   #1
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Hallo,
ich habe Windows 7, 32bit.
Nach dem hochfahren und dem Anmelden erscheint ein weißer Bildschirm mit dem der Text "Kann keine Verbindung aufbauen".
Norton Scurity ist installiert.
Von einem zweiten Rechner kann ich auf freigegebene Ordner ohne weiteres über das Netzwerk zugreifen.
Der Trojaner möchte irgendwie auf obsession.co.ua zugreifen.
Habe hier gesucht und es wurde jedesmal geschrieben, man soll nicht selbständig irgend etwas unternehmen. Um die Zeit etwas zu verkürzen habe ich OTLPE geladen und auf eine CD gebrannt. Nach dem hochfahren des Rechners startet das Programm OTLPE - hier das erste Problem:
Ich bekomme mein Windows nicht ausgewählt,
System reserviert c:
Boot -< geht nicht, Fehlermeldung
de-de -> geht nicht, Fehlermeldung
System Volume Information -> geht nicht, Fehlermeldung
Die Fehlermeldung ist immer, kein Windows 2000 oder later gefunden

Bitte, kann mir einer helfen ??
Vielen Dank erst einmal im Voraus :-)

Alt 22.06.2014, 21:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

__________________

__________________

Alt 23.06.2014, 20:31   #3
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Hallo,
erst einmal vielen Dank für die schnelle Antwort, hier das Ergebnis des Test:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-06-2014 01
Ran by SYSTEM on MININT-V10F65H on 23-06-2014 21:12:19
Running from G:\
Platform: Windows 7 Professional (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [RestartNeroSetup] => C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe [2589992 2008-11-06] (Nero AG) <===== ATTENTION
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-10-27] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AllShareAgent] => C:\Program Files\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-04-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\Andreas\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-04-01] (Sony)
HKU\Andreas\...\Run: [SkyDrive] => C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-16] (Microsoft Corporation)
HKU\Andreas\...\Run: [AusweisApp] => C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKU\Andreas\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe [844464 2014-04-23] (Adobe Systems Incorporated)
HKU\Andreas\...\Winlogon: [Userinit] C:\Users\Andreas\AppData\Roaming\loadit.exe [696678 2014-06-19] ()
HKU\Andreas\...\Winlogon: [Shell] C:\Users\Andreas\AppData\Roaming\loadit.exe [696678 2014-06-19] () <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk ->  (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

========================== Services (Whitelisted) =================

S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
S2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG)
S2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-04-27] ()
S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133184 2014-06-03] (McAfee, Inc.)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
S2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

S2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
S1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
S1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28664 2012-09-04] (REINER SCT)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-13] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.)
S1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140620.001\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
S3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140621.001\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140621.001\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
S2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies)
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 SCL01132; C:\Windows\System32\DRIVERS\SCL01132.sys [61824 2010-05-07] (SCM Microsystems Inc.)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-11] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2014-02-11] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-03-08] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 21:10 - 2014-06-23 21:12 - 00000000 ____D () C:\FRST
2014-06-19 04:08 - 2014-06-19 04:08 - 00696678 _____ () C:\Users\Andreas\AppData\Roaming\loadit.exe
2014-06-14 16:53 - 2014-06-14 17:05 - 00000000 ____D () C:\Raspberry Pi
2014-06-13 19:32 - 2014-05-30 10:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-06-13 19:32 - 2014-05-30 10:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-06-13 19:32 - 2014-05-30 10:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-06-13 19:32 - 2014-05-30 09:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-06-13 19:32 - 2014-05-30 09:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-06-13 19:32 - 2014-05-30 09:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-06-13 19:32 - 2014-05-30 09:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-06-13 19:32 - 2014-05-30 09:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-06-13 19:32 - 2014-05-30 09:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-06-13 19:32 - 2014-05-30 09:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-06-13 19:32 - 2014-05-30 09:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-06-13 19:32 - 2014-05-30 09:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-06-13 19:32 - 2014-05-30 09:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-06-13 19:32 - 2014-05-30 09:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-13 19:32 - 2014-05-30 09:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-06-13 19:32 - 2014-05-30 09:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-13 19:32 - 2014-05-30 09:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-06-13 19:32 - 2014-05-30 09:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-06-13 19:32 - 2014-05-30 09:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-06-13 19:32 - 2014-05-30 08:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-06-13 19:32 - 2014-05-30 08:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-06-13 19:32 - 2014-05-30 08:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-06-13 19:32 - 2014-05-30 08:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-06-13 19:32 - 2014-05-30 08:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-06-13 19:32 - 2014-05-30 08:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-06-13 19:32 - 2014-05-30 08:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-06-13 19:32 - 2014-05-30 08:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-06-13 19:32 - 2014-05-30 08:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-06-13 19:30 - 2014-04-05 03:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2014-06-13 19:30 - 2014-04-05 03:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2014-06-13 19:30 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2014-06-13 19:30 - 2014-03-26 15:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-06-13 19:30 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2014-06-13 19:30 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-06-13 19:29 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\System32\usp10.dll
2014-06-13 04:19 - 2014-05-08 10:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-06-13 04:19 - 2014-05-08 10:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-05-25 00:03 - 2014-06-02 18:05 - 00000000 ____D () C:\Program Files\SearchProtect
2014-05-25 00:03 - 2014-05-25 00:03 - 00000000 ____D () C:\Users\Andreas\AppData\Local\SearchProtect
2014-05-24 18:45 - 2014-05-24 18:45 - 00540184 _____ () C:\Windows\Minidump\052414-66035-01.dmp

==================== One Month Modified Files and Folders =======

2014-06-23 21:12 - 2014-06-23 21:10 - 00000000 ____D () C:\FRST
2014-06-23 19:58 - 2009-07-14 05:39 - 00006775 _____ () C:\Windows\setupact.log
2014-06-22 14:20 - 2009-10-29 19:22 - 01619284 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-06-22 14:14 - 2009-10-29 19:06 - 01654468 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 14:14 - 2009-07-14 05:34 - 00014816 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 14:14 - 2009-07-14 05:34 - 00014816 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-21 19:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-06-21 15:52 - 2010-02-12 17:11 - 00458866 _____ () C:\Windows\PFRO.log
2014-06-19 19:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 19:26 - 2013-02-01 21:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 04:14 - 2013-12-21 09:48 - 00000000 ____D () C:\Program Files\McAfee
2014-06-19 04:11 - 2013-02-01 22:02 - 00000000 ___RD () C:\Users\Andreas\SkyDrive
2014-06-19 04:10 - 2014-04-18 19:19 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\UseNeXT
2014-06-19 04:08 - 2014-06-19 04:08 - 00696678 _____ () C:\Users\Andreas\AppData\Roaming\loadit.exe
2014-06-15 14:08 - 2014-04-18 19:19 - 00000000 ____D () C:\Program Files\UseNeXT
2014-06-15 14:07 - 2013-03-07 19:49 - 00000000 ____D () C:\Program Files\AusweisApp
2014-06-14 18:04 - 2013-10-03 09:36 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-06-14 17:43 - 2014-04-18 20:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\QuickPar
2014-06-14 17:05 - 2014-06-14 16:53 - 00000000 ____D () C:\Raspberry Pi
2014-06-14 16:44 - 2010-04-24 21:39 - 00054784 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-14 07:30 - 2013-03-07 19:49 - 00000000 ____D () C:\Users\Andreas\.ausweisapp
2014-06-13 22:12 - 2013-08-15 19:21 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-13 22:09 - 2009-11-01 10:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-06-13 04:37 - 2013-02-01 20:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 04:17 - 2014-04-16 04:12 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-06-09 09:02 - 2010-09-18 19:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\FreePDF_XP
2014-06-09 09:01 - 2010-09-18 19:35 - 00013560 _____ () C:\fpRedmon.log
2014-06-02 18:05 - 2014-05-25 00:03 - 00000000 ____D () C:\Program Files\SearchProtect
2014-05-30 10:18 - 2014-06-13 19:32 - 17271296 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-30 10:02 - 2014-06-13 19:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-30 10:02 - 2014-06-13 19:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-05-30 09:44 - 2014-06-13 19:32 - 00455168 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-05-30 09:43 - 2014-06-13 19:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-05-30 09:42 - 2014-06-13 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-05-30 09:38 - 2014-06-13 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-05-30 09:34 - 2014-06-13 19:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-05-30 09:33 - 2014-06-13 19:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-05-30 09:30 - 2014-06-13 19:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-05-30 09:28 - 2014-06-13 19:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-05-30 09:28 - 2014-06-13 19:32 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-05-30 09:27 - 2014-06-13 19:32 - 00592896 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-05-30 09:21 - 2014-06-13 19:32 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-05-30 09:16 - 2014-06-13 19:32 - 00368128 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-05-30 09:10 - 2014-06-13 19:32 - 00032256 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-05-30 09:06 - 2014-06-13 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-05-30 09:04 - 2014-06-13 19:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-30 09:02 - 2014-06-13 19:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-05-30 08:57 - 2014-06-13 19:32 - 00595968 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-05-30 08:56 - 2014-06-13 19:32 - 04244992 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-05-30 08:54 - 2014-06-13 19:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-05-30 08:50 - 2014-06-13 19:32 - 01068032 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-05-30 08:49 - 2014-06-13 19:32 - 01964544 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-05-30 08:40 - 2014-06-13 19:32 - 11725312 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-05-30 08:21 - 2014-06-13 19:32 - 01790976 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-05-30 08:15 - 2014-06-13 19:32 - 01143296 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-05-30 08:13 - 2014-06-13 19:32 - 00704512 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-05-27 19:02 - 2014-03-26 04:58 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-27 19:02 - 2009-12-29 17:22 - 01004954 _____ () C:\Windows\DPINST.LOG
2014-05-27 19:01 - 2009-11-08 16:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-25 22:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-05-25 00:03 - 2014-05-25 00:03 - 00000000 ____D () C:\Users\Andreas\AppData\Local\SearchProtect
2014-05-24 18:46 - 2014-03-08 10:19 - 00002423 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-24 18:46 - 2014-03-08 10:19 - 00000000 ____D () C:\Windows\System32\Drivers\NIS
2014-05-24 18:45 - 2014-05-24 18:45 - 00540184 _____ () C:\Windows\Minidump\052414-66035-01.dmp
2014-05-24 18:45 - 2011-01-16 15:14 - 00000000 ____D () C:\Windows\Minidump
2014-05-24 18:44 - 2011-01-16 15:13 - 393204406 _____ () C:\Windows\MEMORY.DMP

Files to move or delete:
====================
C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe


Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\atl.exe
C:\Users\Andreas\AppData\Local\Temp\BackupSetup.exe
C:\Users\Andreas\AppData\Local\Temp\bitool.dll
C:\Users\Andreas\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Andreas\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Andreas\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Andreas\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Andreas\AppData\Local\Temp\FLVPlayerUpdate_downloader_by_FLVPlayerUpdate.exe
C:\Users\Andreas\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Andreas\AppData\Local\Temp\hcwclear.exe
C:\Users\Andreas\AppData\Local\Temp\incredibar_install.exe
C:\Users\Andreas\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Andreas\AppData\Local\Temp\IR32.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u23-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Andreas\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Andreas\AppData\Local\Temp\mgxfonts.exe
C:\Users\Andreas\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Andreas\AppData\Local\Temp\nss327F.exe
C:\Users\Andreas\AppData\Local\Temp\nsx2E59.exe
C:\Users\Andreas\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Andreas\AppData\Local\Temp\ose00000.exe
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe
C:\Users\Andreas\AppData\Local\Temp\run.exe
C:\Users\Andreas\AppData\Local\Temp\sdpupdater.exe
C:\Users\Andreas\AppData\Local\Temp\siqAusweisAppUpdate.exe
C:\Users\Andreas\AppData\Local\Temp\sizlsearch_ad.exe
C:\Users\Andreas\AppData\Local\Temp\Softonic_Deutsch.exe
C:\Users\Andreas\AppData\Local\Temp\sp-downloader.exe
C:\Users\Andreas\AppData\Local\Temp\SPSetup.exe
C:\Users\Andreas\AppData\Local\Temp\suprasavings.exe
C:\Users\Andreas\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-1.1.0-win32.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.0.5-win32.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Andreas\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\Andreas\AppData\Local\Temp\wmaudio.exe
C:\Users\Andreas\AppData\Local\Temp\wmf9.exe
C:\Users\Andreas\AppData\Local\Temp\wmpcdcs8.exe
C:\Users\Andreas\AppData\Local\Temp\wrar420.exe
C:\Users\Andreas\AppData\Local\Temp\_is7BC4.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-06-01 18:00:34
Restore point made on: 2014-06-08 18:00:27
Restore point made on: 2014-06-13 04:30:08
Restore point made on: 2014-06-13 22:09:23
Restore point made on: 2014-06-17 04:09:44

==================== Memory info =========================== 

Percentage of memory in use: 13%
Total physical RAM: 4095.55 MB
Available physical RAM: 3559.78 MB
Total Pagefile: 4093.83 MB
Available Pagefile: 3562.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:368 GB) (Free:261.75 GB) NTFS
Drive d: () (Fixed) (Total:97.56 GB) (Free:20.21 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:3.65 GB) (Free:3.3 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A4730CF7)
Partition 1: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00563D98)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2014-06-21 19:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 24.06.2014, 09:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RestartNeroSetup] => C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe [2589992 2008-11-06] (Nero AG) <===== ATTENTION
HKU\Andreas\...\Winlogon: [Userinit] C:\Users\Andreas\AppData\Roaming\loadit.exe [696678 2014-06-19] ()
HKU\Andreas\...\Winlogon: [Shell] C:\Users\Andreas\AppData\Roaming\loadit.exe [696678 2014-06-19] () <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk ->  (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\Andreas\AppData\Local\Temp\*.exe
C:\Users\Andreas\AppData\Local\SearchProtect
C:\Users\Andreas\AppData\Roaming\loadit.exe
C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8
C:\Program Files\SearchProtect
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.06.2014, 05:26   #5
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Vielen Dank - hier das Ergebnis:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-06-2014 01
Ran by SYSTEM at 2014-06-25 06:20:15 Run:1
Running from G:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RestartNeroSetup] => C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8\SetupXu.exe [2589992 2008-11-06] (Nero AG) <===== ATTENTION
HKU\Andreas\...\Winlogon: [Userinit] C:\Users\Andreas\AppData\Roaming\loadit.exe [696678 2014-06-19] ()
HKU\Andreas\...\Winlogon: [Shell] C:\Users\Andreas\AppData\Roaming\loadit.exe [696678 2014-06-19] () <==== ATTENTION 
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk ->  (No File)
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
ShortcutTarget: ja.lnk ->  (No File)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\Users\Andreas\AppData\Local\Temp\*.exe
C:\Users\Andreas\AppData\Local\SearchProtect
C:\Users\Andreas\AppData\Roaming\loadit.exe
C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8
C:\Program Files\SearchProtect
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\RestartNeroSetup => value deleted successfully.
HKU\Andreas\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Userinit => value deleted successfully.
HKU\Andreas\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.
"C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data removed successfully.
C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoStarter.lnk => Moved successfully.
C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk => Moved successfully.
ShortcutTarget: Facebook Messenger.lnk ->  (No File) not found.
C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk => Moved successfully.
ShortcutTarget: ja.lnk ->  (No File) not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}'=> Key not found.
'HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3' => Key deleted successfully.
'HKLM\Software\Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}'=> Key not found.
C:\Windows\System32\GroupPolicy\Machine => Moved successfully.
C:\Windows\System32\GroupPolicy\GPT.ini => Moved successfully.
C:\Users\Andreas\AppData\Local\Temp\*.exe => Moved successfully.
C:\Users\Andreas\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Andreas\AppData\Roaming\loadit.exe => Moved successfully.
C:\Users\Andreas\AppData\Local\Temp\OnlineUpdate8 => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.

==== End of Fixlog ====
         


Alt 25.06.2014, 09:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Startet Windows wieder normal?
__________________
--> Windows 7 32bit - weißer Bildschirm nach Anmeldung

Alt 25.06.2014, 20:41   #7
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Super - ja : Es startet wieder Normal.
Vielen Dank :-)

Kannst Du mir sagen, was da jetzt passiert ist und warum der weiße Bildschirm da war ??
Ich glaube, das da ein Programm auf das Internet zugreifen wollte und Norton hat es nicht zugelassen.

Vielen Dank im Voraus :-)

Alt 26.06.2014, 09:53   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.06.2014, 20:40   #9
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Da kann man ja eine ganze Menge sehen.
Frage: bekomme ich hiermit dann auch die ganze b...e Werbung aus Firefox raus ??

Danke im Voraus :-)

FRST.txt

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Andreas (administrator) on LINUX2 on 26-06-2014 20:24:11
Running from \\nas\andreas\Programme\Farbar Recovery Scan Tool FRST
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(OpenLimit SignCubes AG) C:\Program Files\AusweisApp\siqBootLoader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Hewlett-Packard Development Co. L.P.) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
(Farbar) \\nas\andreas\Programme\Farbar Recovery Scan Tool FRST\FRST.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DATA BECKER Update Service.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-10-27] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AllShareAgent] => C:\Program Files\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-04-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [SkyDrive] => C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-16] (Microsoft Corporation)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [AusweisApp] => C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe [844464 2014-04-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\MountPoints2: {9405add1-4b5d-11e1-8bc2-00241d6d9db6} - F:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=55&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&SSPV=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=58&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=58&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {E394EAAF-29E9-4B54-B7DE-AB2D118BF2EE} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A012DE80003&p={SearchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} hxxp://192.168.178.201/IPCamPluginMegaDM.cab
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://chipkarte.santanderbank.de/Estatico/ALP_EBANDE_SmartCardPres_E/Recursos/SantanderChipcardPlugin2610.cab
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} hxxp://192.168.178.200/IPCamPluginMJPEG.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D55A763D-4C44-4F15-A638-0DB2B4501A4D}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andreas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-14]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\Extensions\staged [2014-01-01]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\oq3o2keu.default-1380787718069\Extensions\staged [2014-01-01]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1lcvfgco.default-1380792794989\Extensions\staged [2014-01-01]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\de_DE@dicts.j3e.de [2014-03-25]
FF Extension: YouuTouAdBloCkEr - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\ejkz@kckxwmoh.co.uk [2014-02-03]
FF Extension: Santander Chipcard Plugin - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{fd639891-5cc6-45ae-9055-a7a6abb5a7a9} [2014-01-28]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-06-25]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.good-results.info/"
CHR Extension: (DealExpreSs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiijkoelbenaknjgegmdjikdkgpfipgj [2014-01-01]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenohbfjcenmfafhfjhcipfmmccihdpj [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkdnahkjopoflldbenccidlpiimmicp [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-02-23]
CHR Extension: (ExxstraSavIngs) - C:\ProgramData\olphdlcdaclhmigmaogcoljdepkihcan\ [2014-02-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-06-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-04-27] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133184 2014-06-03] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-01-19] (Samsung Electronics Co., Ltd.)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28664 2012-09-04] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-13] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140625.002\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 SCL01132; C:\Windows\System32\DRIVERS\SCL01132.sys [61824 2010-05-07] (SCM Microsystems Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-03-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 22:10 - 2014-06-26 20:24 - 00000000 ____D () C:\FRST
2014-06-14 17:53 - 2014-06-14 18:05 - 00000000 ____D () C:\Raspberry Pi
2014-06-13 20:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 20:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 20:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 20:32 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 20:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 20:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 20:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 20:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 20:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 20:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 20:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 20:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 20:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 20:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 20:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 20:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 20:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 20:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 20:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 20:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 20:32 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 20:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 20:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 20:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 20:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 20:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 20:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 20:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 20:30 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 20:30 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 20:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 20:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 20:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-06-26 20:24 - 2014-06-23 22:10 - 00000000 ____D () C:\FRST
2014-06-26 20:23 - 2011-07-24 21:45 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 20:21 - 2009-10-29 20:22 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 20:20 - 2014-03-30 15:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-26 20:18 - 2013-10-03 10:36 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-06-26 20:17 - 2014-04-18 20:19 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\UseNeXT
2014-06-26 20:17 - 2009-10-29 20:06 - 01669269 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 05:11 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 05:11 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 05:03 - 2011-07-24 21:45 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 20:52 - 2014-02-03 06:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-25 20:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 20:51 - 2009-07-14 06:39 - 00006831 _____ () C:\Windows\setupact.log
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-25 20:20 - 2013-03-07 20:49 - 00000000 ____D () C:\Program Files\AusweisApp
2014-06-25 20:00 - 2009-12-29 18:22 - 01018206 _____ () C:\Windows\DPINST.LOG
2014-06-25 19:59 - 2014-03-26 05:58 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-25 19:59 - 2012-03-09 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-25 19:59 - 2009-11-08 17:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-25 19:57 - 2013-02-01 23:02 - 00000000 ___RD () C:\Users\Andreas\SkyDrive
2014-06-25 19:56 - 2013-03-07 20:49 - 00000000 ____D () C:\Users\Andreas\.ausweisapp
2014-06-25 07:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-21 20:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-21 16:52 - 2010-02-12 18:11 - 00458866 _____ () C:\Windows\PFRO.log
2014-06-19 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 20:26 - 2013-02-01 22:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 05:14 - 2013-12-21 10:48 - 00000000 ____D () C:\Program Files\McAfee
2014-06-15 15:08 - 2014-04-18 20:19 - 00000000 ____D () C:\Program Files\UseNeXT
2014-06-14 18:43 - 2014-04-18 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\QuickPar
2014-06-14 18:05 - 2014-06-14 17:53 - 00000000 ____D () C:\Raspberry Pi
2014-06-14 17:44 - 2010-04-24 22:39 - 00054784 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 23:12 - 2013-08-15 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 23:09 - 2009-11-01 11:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 05:37 - 2013-02-01 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 05:17 - 2014-04-16 05:12 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-06-09 10:02 - 2010-09-18 20:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\FreePDF_XP
2014-06-09 10:01 - 2010-09-18 20:35 - 00013560 _____ () C:\fpRedmon.log
2014-05-30 11:18 - 2014-06-13 20:32 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-13 20:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-13 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-13 20:32 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-13 20:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-13 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-13 20:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-13 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-13 20:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-13 20:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-13 20:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-13 20:32 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-13 20:32 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-13 20:32 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-13 20:32 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-13 20:32 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-13 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-13 20:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-13 20:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-13 20:32 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-13 20:32 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-13 20:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-13 20:32 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-13 20:32 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-13 20:32 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-13 20:32 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-13 20:32 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-13 20:32 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\bitool.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 20:12

==================== End Of Log ============================
         
--- --- ---


Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by Andreas at 2014-06-26 20:27:32
Running from \\nas\andreas\Programme\Farbar Recovery Scan Tool FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

2600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
2600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AusweisApp (HKLM\...\{6E2E92F9-A81B-426F-8F35-4F3718A7D0AF}) (Version: 1.11.0 - OpenLimit SignCubes AG)
BlazePhoto 2.0 (HKLM\...\BlazePhoto 2.0_is1) (Version:  - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
DATA BECKER BeckerCAD 7 (HKLM\...\BeckerCAD 7_is1) (Version: 7.0.0.1 - DATA BECKER GmbH & Co. KG)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.0.0.0 - devolo AG)
dLAN Cockpit (HKLM\...\Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1) (Version: 3 (23.12.2010) - devolo AG)
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DVDFab 9.0.1.1 (23/11/2012) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.2.0 - Steuerverwaltung des Bundes und der Länder)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
ExxstraSavIngs (HKLM\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version:  - ExsoTrAASaavings) <==== ATTENTION
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Gini! (HKCU\...\93edd1682ad811a0) (Version: 1.0.73.0 - AVM Berlin)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.0.28315 - Hauppauge Computer Works)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPCam Admin v3.0.14 (HKLM\...\IPCam Admin Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
IPCam Surveillance Software 3.0.3.0 (HKLM\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MAGIX Foto Clinic 4.5 (D) (HKLM\...\MAGIX Foto Clinic 4.5 D) (Version: 4.5.4.0 - MAGIX AG)
MAGIX Foto Manager 10 (HKLM\...\MAGIX_{EC91F93F-D4C2-4789-9DDE-F6C08EACD610}) (Version: 8.0.2.184 - MAGIX AG)
MAGIX Foto Manager 10 (Version: 8.0.2.184 - MAGIX AG) Hidden
MAGIX Foto Manager 2006 (D) (HKLM\...\MAGIX Foto Manager 2006 D) (Version: 3.0.1.84 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (HKLM\...\MAGIX_{4A34F4CA-B59D-4C45-A52C-DD5BEA10378C}) (Version: 10.0.5.3 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (Version: 10.0.5.3 - MAGIX AG) Hidden
MAGIX Music Manager (D) (HKLM\...\MAGIX Music Manager D) (Version: 1.1.1.692 - MAGIX AG)
MAGIX Online Druck Service (HKLM\...\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.1.0-478 - myphotobook GmbH)
MAGIX Online Druck Service (HKLM\...\MAGIX Online Druck Service) (Version:  - Silverwire Software GmbH)
MAGIX Online Druck Service (Version: 1.1.0 - myphotobook GmbH) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{58B05670-41E7-4FB0-BBBB-BF9029C99330}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{60C49E39-ABD6-49FC-B2EB-77A732EC465B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deLuxe 2006 PLUS (D) (HKLM\...\MAGIX Video deLuxe 2006 PLUS D) (Version: 5.5.0.31 - MAGIX AG)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Menu Templates - Pack 1 (Version: 9.4.6.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Nero 9 Essentials (HKLM\...\{2b60dc9c-df16-42a2-a9c0-0629b661ef20}) (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.27.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Move it (HKLM\...\{a166ed6c-480b-4e6e-b3cc-042506878343}) (Version:  - Nero AG)
Nero Move it (Version: 1.2.0.0 - Nero AG) Hidden
Nero Move it Help (Version: 1.0.0.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden
Nero RescueAgent Help (Version: 2.4.4.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.27.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NSU (HKLM\...\{A3EA81D6-07A2-4116-9EA3-60B741572FD6}) (Version: 2.02.1030 - ZyXEL)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.2 (HKLM\...\{51E3EA78-FD3E-4400-9D34-1383E3F18FDA}) (Version: 4.2.2 - Oracle Corporation)
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QCAD Professional Trial 3.0.0 RC5b (HKLM\...\QCAD Professional Trial) (Version: 3.0.0 RC5b - RibbonSoft GmbH)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Rossmann Fotowelt Software 4.12.1 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.)
Samsung AllShare (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SCL011 Contactless Reader (HKLM\...\{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}) (Version: 1.01 - SCM Microsystems)
SDFormatter (HKLM\...\{5A347920-4AFC-11D5-9FB0-800649886934}) (Version:  - )
Search Protect (HKLM\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.7.201306141231 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
TippKönigin Demo 5.5 (HKLM\...\TippKönigin Demo_is1) (Version:  - Giletech e.K.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

08-06-2014 17:00:18 Windows-Sicherung
13-06-2014 03:28:58 Windows Update
13-06-2014 21:09:07 Windows Update
17-06-2014 03:09:38 Windows-Sicherung
25-06-2014 18:00:31 Sony PC Companion
26-06-2014 03:04:59 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-25 20:51 - 01187090 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adcash.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {187F486D-B012-4EEE-8A50-413E16668116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {50C02562-3968-4C1A-8E55-6D24FB7CB5EA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {6E3EC02A-EF39-4E59-B3E6-0D76EDF952BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-19] (Microsoft Corporation)
Task: {839C5F7C-F35A-4016-9EC9-8C1E7B28D8AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {90EF61AB-12DF-4100-9147-ED459A109729} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B75EEAB7-02C8-4287-BB4F-0E0E96052E5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {C29F164F-9C2C-4764-B3DD-90065334BFCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {C3126B15-0F75-4CB1-8635-79F6C159F56D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C6BB1AC7-7EFC-413A-B68A-1151F3ECBAF9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D4ABE6BA-213D-4914-B940-F13BBF3E71A3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Linux2-Andreas Linux2 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-16 07:24 - 2005-01-06 19:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-12-17 20:19 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2014-03-30 09:58 - 2013-10-31 18:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2011-01-15 22:39 - 2010-11-10 19:58 - 00019456 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 01135616 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00655872 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00105472 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00098816 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00077312 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00520234 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00450560 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 05717504 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00029184 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00147456 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00012288 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 04671488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00070656 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00686080 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00152064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00027648 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00063488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00366592 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\tag.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00289792 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00023040 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00017920 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00017920 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00133120 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00290304 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00024064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00012288 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00024064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00399826 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00013824 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00031232 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00054784 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00044032 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\us.dll
2014-04-27 18:30 - 2014-04-27 18:30 - 00302961 _____ () C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2014-06-19 20:21 - 2014-06-19 20:21 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2011-05-03 18:19 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2011-05-03 18:19 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2012-09-10 16:11 - 2012-09-10 16:11 - 00589312 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2011-05-03 18:19 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2012-02-13 09:53 - 2012-02-13 09:53 - 00086016 _____ () C:\Program Files\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files\Sony\Sony PC Companion\CAgdLNotes.dll
2012-03-16 12:51 - 2012-03-16 12:51 - 00188416 _____ () C:\Program Files\Sony\Sony PC Companion\CAgdOutlook.dll
2010-09-14 15:01 - 2010-09-14 15:01 - 00212992 _____ () C:\Program Files\Sony\Sony PC Companion\VistaCalendar.dll
2011-05-03 18:19 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-06-19 20:21 - 2014-06-19 20:21 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-06-25 20:35 - 2014-06-25 20:35 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-23 11:32 - 2014-04-23 11:32 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Photosmart 2600 series
Description: Photosmart 2600 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2014 08:24:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/26/2014 08:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037c9f
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (06/26/2014 05:13:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"

Error: (06/25/2014 08:04:47 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/22/2014 02:19:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:18:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/21/2014 05:03:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:48:10 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 07:38:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 05:09:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231


System errors:
=============
Error: (06/26/2014 08:18:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2014 08:17:21 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/26/2014 05:03:51 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/25/2014 08:41:44 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (06/25/2014 08:52:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/25/2014 08:52:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/25/2014 08:52:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (06/25/2014 08:51:25 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/25/2014 08:51:25 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/23/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
%%1062


Microsoft Office Sessions:
=========================
Error: (06/26/2014 08:24:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/26/2014 08:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c000000500037c9fa6801cf90a68d4405d0C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll3d538df0-fd5e-11e3-9a1b-f33eb4c78d13

Error: (06/26/2014 05:13:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)

Error: (06/25/2014 08:04:47 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/22/2014 02:19:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:18:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (06/21/2014 05:03:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:48:10 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 07:38:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 05:09:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231


==================== Memory info =========================== 

Percentage of memory in use: 49%
Total physical RAM: 3583.55 MB
Available physical RAM: 1814.84 MB
Total Pagefile: 7165.4 MB
Available Pagefile: 4687.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.29 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:368 GB) (Free:262.36 GB) NTFS
Drive d: () (Fixed) (Total:97.56 GB) (Free:20.15 GB) NTFS
Drive g: (SUSANNE2GO) (Removable) (Total:14.95 GB) (Free:11.11 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A4730CF7)
Partition 1: (Not Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 26.06.2014, 23:04   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Zitat:
Ran by Andreas (administrator) on LINUX2 on 26-06-2014 20:24:11
Running from \\nas\andreas\Programme\Farbar Recovery Scan Tool FRST
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Eine Windows-Kiste mit dem Hostnamen LINUX2 zu versehen muss ich nicht verstehen, aber warum hast du dich nicht an die Anleitung gehalten, oder steht das so unscheinbar da, dass FRST auf deinen Desktop und nicht irgendwo hin soll?
Die Anleitungen geben Anweisungen, die alle Voraussetzen, dass du Spezialtools wie FRST auch auf den Desktop ablegst und nicht nach TEMP, irgendeinem Netzlaufwerk oder sonstwo hin

Wo wir gerade bei NAS und Windows7 Professional sind, ist das ein gewerblich genutztes System?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2014, 05:38   #11
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Moin,

Linux - weil da eigentich Linux aufgespielt werde sollte.
FRST nicht Desktop - weil ich das Programm schon einmal mit einen Zweitrechner ( auch nicht gewerblich genutzt ) geladen hatte und es auf meinem Netzwerkspeicher abgelegt hatte. Ich möchte meinen Desktop zu voll spielen.
NAS - ist doch ein gebräuchlicher Name , oder ??
warum soll ich einen Namen der aus drei einfachen Buchstaben besteht in einen längeren umbenennen ??
Gewerblich - absolut nicht.
Wie kommt man darauf, das es gewerblich ist - nur weil ich meinen NAS mit "NAS" bezeichnet habe ???
Oder weil ich einen NAS überhaupt habe ???


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Andreas (administrator) on LINUX2 on 27-06-2014 05:22:19
Running from C:\Users\Andreas\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(OpenLimit SignCubes AG) C:\Program Files\AusweisApp\siqBootLoader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Hewlett-Packard Development Co. L.P.) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-10-27] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AllShareAgent] => C:\Program Files\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-04-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [SkyDrive] => C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-16] (Microsoft Corporation)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [AusweisApp] => C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe [844464 2014-04-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\MountPoints2: {9405add1-4b5d-11e1-8bc2-00241d6d9db6} - F:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=55&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&SSPV=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=58&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=58&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {E394EAAF-29E9-4B54-B7DE-AB2D118BF2EE} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A012DE80003&p={SearchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} hxxp://192.168.178.201/IPCamPluginMegaDM.cab
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://chipkarte.santanderbank.de/Estatico/ALP_EBANDE_SmartCardPres_E/Recursos/SantanderChipcardPlugin2610.cab
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} hxxp://192.168.178.200/IPCamPluginMJPEG.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D55A763D-4C44-4F15-A638-0DB2B4501A4D}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andreas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-14]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\Extensions\staged [2014-01-01]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\oq3o2keu.default-1380787718069\Extensions\staged [2014-01-01]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1lcvfgco.default-1380792794989\Extensions\staged [2014-01-01]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\de_DE@dicts.j3e.de [2014-03-25]
FF Extension: YouuTouAdBloCkEr - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\ejkz@kckxwmoh.co.uk [2014-02-03]
FF Extension: Santander Chipcard Plugin - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{fd639891-5cc6-45ae-9055-a7a6abb5a7a9} [2014-01-28]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-06-25]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.good-results.info/"
CHR Extension: (DealExpreSs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiijkoelbenaknjgegmdjikdkgpfipgj [2014-01-01]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenohbfjcenmfafhfjhcipfmmccihdpj [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkdnahkjopoflldbenccidlpiimmicp [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-02-23]
CHR Extension: (ExxstraSavIngs) - C:\ProgramData\olphdlcdaclhmigmaogcoljdepkihcan\ [2014-02-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-06-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-04-27] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133184 2014-06-03] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-01-19] (Samsung Electronics Co., Ltd.)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28664 2012-09-04] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-13] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140625.002\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 SCL01132; C:\Windows\System32\DRIVERS\SCL01132.sys [61824 2010-05-07] (SCM Microsystems Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-03-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-27 05:22 - 2014-06-27 05:22 - 00023478 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-06-27 05:21 - 2014-06-26 20:19 - 01073152 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 22:10 - 2014-06-27 05:22 - 00000000 ____D () C:\FRST
2014-06-14 17:53 - 2014-06-14 18:05 - 00000000 ____D () C:\Raspberry Pi
2014-06-13 20:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 20:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 20:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 20:32 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 20:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 20:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 20:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 20:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 20:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 20:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 20:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 20:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 20:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 20:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 20:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 20:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 20:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 20:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 20:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 20:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 20:32 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 20:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 20:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 20:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 20:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 20:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 20:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 20:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 20:30 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 20:30 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 20:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 20:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 20:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-06-27 05:23 - 2011-07-24 21:45 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 05:22 - 2014-06-27 05:22 - 00023478 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-06-27 05:22 - 2014-06-23 22:10 - 00000000 ____D () C:\FRST
2014-06-27 05:21 - 2013-10-03 10:36 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-06-27 05:04 - 2011-07-24 21:45 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 05:04 - 2009-10-29 20:06 - 01681067 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 20:21 - 2009-10-29 20:22 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 20:20 - 2014-03-30 15:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-26 20:19 - 2014-06-27 05:21 - 01073152 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-06-26 20:17 - 2014-04-18 20:19 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\UseNeXT
2014-06-26 05:11 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 05:11 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 20:52 - 2014-02-03 06:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-25 20:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 20:51 - 2009-07-14 06:39 - 00006831 _____ () C:\Windows\setupact.log
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-25 20:20 - 2013-03-07 20:49 - 00000000 ____D () C:\Program Files\AusweisApp
2014-06-25 20:00 - 2009-12-29 18:22 - 01018206 _____ () C:\Windows\DPINST.LOG
2014-06-25 19:59 - 2014-03-26 05:58 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-25 19:59 - 2012-03-09 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-25 19:59 - 2009-11-08 17:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-25 19:57 - 2013-02-01 23:02 - 00000000 ___RD () C:\Users\Andreas\SkyDrive
2014-06-25 19:56 - 2013-03-07 20:49 - 00000000 ____D () C:\Users\Andreas\.ausweisapp
2014-06-25 07:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-21 20:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-21 16:52 - 2010-02-12 18:11 - 00458866 _____ () C:\Windows\PFRO.log
2014-06-19 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 20:26 - 2013-02-01 22:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 05:14 - 2013-12-21 10:48 - 00000000 ____D () C:\Program Files\McAfee
2014-06-15 15:08 - 2014-04-18 20:19 - 00000000 ____D () C:\Program Files\UseNeXT
2014-06-14 18:43 - 2014-04-18 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\QuickPar
2014-06-14 18:05 - 2014-06-14 17:53 - 00000000 ____D () C:\Raspberry Pi
2014-06-14 17:44 - 2010-04-24 22:39 - 00054784 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 23:12 - 2013-08-15 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 23:09 - 2009-11-01 11:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 05:37 - 2013-02-01 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 05:17 - 2014-04-16 05:12 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-06-09 10:02 - 2010-09-18 20:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\FreePDF_XP
2014-06-09 10:01 - 2010-09-18 20:35 - 00013560 _____ () C:\fpRedmon.log
2014-05-30 11:18 - 2014-06-13 20:32 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-13 20:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-13 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-13 20:32 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-13 20:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-13 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-13 20:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-13 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-13 20:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-13 20:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-13 20:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-13 20:32 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-13 20:32 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-13 20:32 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-13 20:32 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-13 20:32 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-13 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-13 20:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-13 20:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-13 20:32 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-13 20:32 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-13 20:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-13 20:32 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-13 20:32 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-13 20:32 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-13 20:32 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-13 20:32 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-13 20:32 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\bitool.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 20:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Moin,

Linux - weil da eigentich Linux aufgespielt werde sollte.
FRST nicht Desktop - weil ich das Programm schon einmal mit einen Zweitrechner ( auch nicht gewerblich genutzt ) geladen hatte und es auf meinem Netzwerkspeicher abgelegt hatte. Ich möchte meinen Desktop zu voll spielen.
NAS - ist doch ein gebräuchlicher Name , oder ??
warum soll ich einen Namen der aus drei einfachen Buchstaben besteht in einen längeren umbenennen ??
Gewerblich - absolut nicht.
Wie kommt man darauf, das es gewerblich ist - nur weil ich meinen NAS mit "NAS" bezeichnet habe ???
Oder weil ich einen NAS überhaupt habe ???


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Andreas (administrator) on LINUX2 on 27-06-2014 05:26:47
Running from C:\Users\Andreas\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(OpenLimit SignCubes AG) C:\Program Files\AusweisApp\siqBootLoader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
(Hewlett-Packard Development Co. L.P.) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-10-27] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AllShareAgent] => C:\Program Files\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-04-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [SkyDrive] => C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-16] (Microsoft Corporation)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [AusweisApp] => C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe [844464 2014-04-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\MountPoints2: {9405add1-4b5d-11e1-8bc2-00241d6d9db6} - F:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=55&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&SSPV=
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=58&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=58&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {E394EAAF-29E9-4B54-B7DE-AB2D118BF2EE} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A012DE80003&p={SearchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} hxxp://192.168.178.201/IPCamPluginMegaDM.cab
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://chipkarte.santanderbank.de/Estatico/ALP_EBANDE_SmartCardPres_E/Recursos/SantanderChipcardPlugin2610.cab
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} hxxp://192.168.178.200/IPCamPluginMJPEG.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D55A763D-4C44-4F15-A638-0DB2B4501A4D}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401F-B106-27BBAFCF836C
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andreas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-14]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\Extensions\staged [2014-01-01]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\oq3o2keu.default-1380787718069\Extensions\staged [2014-01-01]
FF Extension: No Name - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1lcvfgco.default-1380792794989\Extensions\staged [2014-01-01]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\de_DE@dicts.j3e.de [2014-03-25]
FF Extension: YouuTouAdBloCkEr - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\ejkz@kckxwmoh.co.uk [2014-02-03]
FF Extension: Santander Chipcard Plugin - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{fd639891-5cc6-45ae-9055-a7a6abb5a7a9} [2014-01-28]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-06-25]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.good-results.info/"
CHR Extension: (DealExpreSs) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiijkoelbenaknjgegmdjikdkgpfipgj [2014-01-01]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenohbfjcenmfafhfjhcipfmmccihdpj [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkdnahkjopoflldbenccidlpiimmicp [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-02-23]
CHR Extension: (ExxstraSavIngs) - C:\ProgramData\olphdlcdaclhmigmaogcoljdepkihcan\ [2014-02-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-06-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-04-27] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133184 2014-06-03] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-01-19] (Samsung Electronics Co., Ltd.)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 CltMngSvc; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [X]

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28664 2012-09-04] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-13] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140625.002\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 SCL01132; C:\Windows\System32\DRIVERS\SCL01132.sys [61824 2010-05-07] (SCM Microsystems Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-03-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-27 05:22 - 2014-06-27 05:26 - 00023478 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-06-27 05:21 - 2014-06-26 20:19 - 01073152 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 22:10 - 2014-06-27 05:26 - 00000000 ____D () C:\FRST
2014-06-14 17:53 - 2014-06-14 18:05 - 00000000 ____D () C:\Raspberry Pi
2014-06-13 20:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 20:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 20:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 20:32 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 20:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 20:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 20:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 20:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 20:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 20:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 20:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 20:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 20:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 20:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 20:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 20:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 20:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 20:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 20:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 20:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 20:32 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 20:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 20:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 20:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 20:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 20:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 20:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 20:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 20:30 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 20:30 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 20:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 20:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 20:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-06-27 05:27 - 2014-06-27 05:22 - 00023478 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-06-27 05:26 - 2014-06-23 22:10 - 00000000 ____D () C:\FRST
2014-06-27 05:23 - 2011-07-24 21:45 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 05:21 - 2013-10-03 10:36 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-06-27 05:15 - 2009-10-29 20:06 - 01681067 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 05:04 - 2011-07-24 21:45 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 20:21 - 2009-10-29 20:22 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 20:20 - 2014-03-30 15:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-26 20:19 - 2014-06-27 05:21 - 01073152 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-06-26 20:17 - 2014-04-18 20:19 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\UseNeXT
2014-06-26 05:11 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 05:11 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 20:52 - 2014-02-03 06:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-25 20:51 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-25 20:51 - 2009-07-14 06:39 - 00006831 _____ () C:\Windows\setupact.log
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-25 20:20 - 2013-03-07 20:49 - 00000000 ____D () C:\Program Files\AusweisApp
2014-06-25 20:00 - 2009-12-29 18:22 - 01018206 _____ () C:\Windows\DPINST.LOG
2014-06-25 19:59 - 2014-03-26 05:58 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-25 19:59 - 2012-03-09 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-25 19:59 - 2009-11-08 17:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-25 19:57 - 2013-02-01 23:02 - 00000000 ___RD () C:\Users\Andreas\SkyDrive
2014-06-25 19:56 - 2013-03-07 20:49 - 00000000 ____D () C:\Users\Andreas\.ausweisapp
2014-06-25 07:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-21 20:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-21 16:52 - 2010-02-12 18:11 - 00458866 _____ () C:\Windows\PFRO.log
2014-06-19 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 20:26 - 2013-02-01 22:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 05:14 - 2013-12-21 10:48 - 00000000 ____D () C:\Program Files\McAfee
2014-06-15 15:08 - 2014-04-18 20:19 - 00000000 ____D () C:\Program Files\UseNeXT
2014-06-14 18:43 - 2014-04-18 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\QuickPar
2014-06-14 18:05 - 2014-06-14 17:53 - 00000000 ____D () C:\Raspberry Pi
2014-06-14 17:44 - 2010-04-24 22:39 - 00054784 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 23:12 - 2013-08-15 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 23:09 - 2009-11-01 11:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 05:37 - 2013-02-01 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 05:17 - 2014-04-16 05:12 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-06-09 10:02 - 2010-09-18 20:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\FreePDF_XP
2014-06-09 10:01 - 2010-09-18 20:35 - 00013560 _____ () C:\fpRedmon.log
2014-05-30 11:18 - 2014-06-13 20:32 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-13 20:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-13 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-13 20:32 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-13 20:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-13 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-13 20:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-13 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-13 20:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-13 20:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-13 20:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-13 20:32 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-13 20:32 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-13 20:32 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-13 20:32 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-13 20:32 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-13 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-13 20:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-13 20:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-13 20:32 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-13 20:32 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-13 20:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-13 20:32 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-13 20:32 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-13 20:32 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-13 20:32 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-13 20:32 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-13 20:32 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\bitool.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 20:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---


Eine Addition.txt wurde nicht erstellt - oder muss ich das Programm auf dem Desktop löschen und es neu aus dem Internet laden ??

Alt 27.06.2014, 09:59   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Zitat:
Linux - weil da eigentich Linux aufgespielt werde sollte.
Wie gesagt ist dein Bier ich finds nur witzig einer Windows-Installation den Hostnamen Linux zu geben, wenn dann hätte ich eher einen Standortbezogenen Namen oder irgendein Pseudonym als Hostname benutzt, der dann auch auf jedem auf diesem Rechner (Host) installiertem OS gleich ist...aber naja

Zitat:
FRST nicht Desktop - weil ich das Programm schon einmal mit einen Zweitrechner ( auch nicht gewerblich genutzt ) geladen hatte und es auf meinem Netzwerkspeicher abgelegt hatte. Ich möchte meinen Desktop zu voll spielen.
Du meinst du willst deinen Desktop nicht zu voll spielen?
Darf man erfahren wovor du Angst hast?
Am Ende der Bereinigung wird die FRST.exe einfach vom Desktop gelöscht und fertig. Da ist nichts mit voll spielen.
Wie ich schon sagte gehen unsere Anleitungen davon aus, dass die Hilfesuchenden sich auch daran halten.
Viele halten sich nicht daran und wundern sich dann warum sie die Logfiles nicht an erwarteter Stelle finden, manche erdreisten sich dann noch sogar zu beschweren deswegen, obwohl sie das selbst verursacht haben.

Zitat:
NAS - ist doch ein gebräuchlicher Name , oder ??
warum soll ich einen Namen der aus drei einfachen Buchstaben besteht in einen längeren umbenennen ??
Gewerblich - absolut nicht.
Wie kommt man darauf, das es gewerblich ist - nur weil ich meinen NAS mit "NAS" bezeichnet habe ???
Oder weil ich einen NAS überhaupt habe ???
Es ist natürlich absurd nur allein weil da ein NAS zu sehen ist von gewebrlicher Nutzung auszugehen.
Aber das hab ich auch nirgendwo behauptet. Ich schrieb zusätzlich auch Windows 7 Professional - Software wie zB

CorelDRAW Graphics Suite 12
DATA BECKER BeckerCAD 7

hast du ebenfalls installiert, deswegen glaub ich nicht, dass meine Nachfrage auf gewerblich Nutzung so unberechtigt ist.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2014, 10:23   #13
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Hallo cosinus,

kannst Du mir dann weiterhelfen, ich finde Deine Antwort hier nicht, die Du mir eben gerade geschrieben hast.
Heute Morgen habe ich auf Antworten geklickt, den text eingefügt und geschrieben, aber ich finde es jetzt hier nicht wieder.

OK - alles in Ordnung - jetzt ist es da -> nachdem ich auf "antworten" geklickt habe.

Meine Frage war: muss ich FRST.exe mir erneut downloaden und ausführen, damit die Datei Addition.txt erstellt wird ??

Corel habe ich drauf, weil ich ( wie man bestimmt sieht ) keine Spiele auf dem Rechner hat -> das ich mein Spiel, hi :-)
Data Becker CAD7 hatte ich nur mal probeweise instelliert - kommt aber nicht an mein AutoCad in der Firma ran.

Alt 27.06.2014, 11:06   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.06.2014, 19:18   #15
Andy_27
 
Windows 7 32bit - weißer Bildschirm nach Anmeldung - Standard

Windows 7 32bit - weißer Bildschirm nach Anmeldung



Hallo cosinus,

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v3.213 - Bericht erstellt am 27/06/2014 um 18:45:02
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Andreas - LINUX2
# Gestartet von : C:\Users\Andreas\Desktop\adwcleaner_3.213.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : CltMngSvc

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\ClickIT
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\SaveAs
Ordner Gelöscht : C:\ProgramData\Search-NewTab
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\DealExpreSs
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
Ordner Gelöscht : C:\Program Files\DealExpreSs
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Temp\sizlsearch
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiijkoelbenaknjgegmdjikdkgpfipgj
Datei Gelöscht : C:\Users\Andreas\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\searchplugins\trovi-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DieeaLExpreess.DieeaLExpreess
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DieeaLExpreess.DieeaLExpreess.2.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB4B0E1D-A74F-9C56-4855-FED2A2D692F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DB4B0E1D-A74F-9C56-4855-FED2A2D692F1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\1lcvfgco.default-1380792794989\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=55&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401[...]

[ Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\e12ng6ow.default-1380787340258\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=55&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401[...]

[ Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\prefs.js ]

Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401[...]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
Zeile gelöscht : user_pref("extensions.rx0yV9d.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo[...]

[ Datei : C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\oq3o2keu.default-1380787718069\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=55&CUI=&UM=5&UP=SP4C8179DA-9D56-401F-B106[...]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MD695AF49-EF23-4180-B79E-765DDAEFA6D7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP4C8179DA-9D56-401[...]

-\\ Google Chrome v

[ Datei : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : aiijkoelbenaknjgegmdjikdkgpfipgj

*************************

AdwCleaner[R0].txt - [32818 octets] - [27/04/2014 11:26:04]
AdwCleaner[R1].txt - [1771 octets] - [27/04/2014 18:30:26]
AdwCleaner[R2].txt - [1765 octets] - [27/04/2014 18:42:54]
AdwCleaner[R3].txt - [1885 octets] - [27/04/2014 19:02:47]
AdwCleaner[R4].txt - [6576 octets] - [27/06/2014 18:41:37]
AdwCleaner[S0].txt - [27978 octets] - [27/04/2014 11:27:28]
AdwCleaner[S1].txt - [1832 octets] - [27/04/2014 18:33:14]
AdwCleaner[S2].txt - [1826 octets] - [27/04/2014 18:44:31]
AdwCleaner[S3].txt - [1946 octets] - [27/04/2014 19:04:07]
AdwCleaner[S4].txt - [6163 octets] - [27/06/2014 18:45:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [6223 octets] ##########
         
Rest folgt :-)

Hier die JRT.txt

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Andreas on 27.06.2014 at 18:55:00,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1515744480-3192567929-633081273-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\superlyricsupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\superlyricsupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\addlyrics1030_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\addlyrics1030_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Andreas\AppData\Roaming\incredibar"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\e12ng6ow.default-1380787340258\extensions\staged
Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\oq3o2keu.default-1380787718069\extensions\staged
Successfully deleted: [Folder] C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\1lcvfgco.default-1380792794989\extensions\staged
Successfully deleted the following from C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\ma9n1ur7.default-1390196850485\prefs.js

user_pref("extensions.rx0yV9d.epoch", "1403974178");
user_pref("extensions.rx0yV9d.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-
user_pref("extensions.rx0yV9d.url", "hxxp://toolkitsetusa.info/sync2/?q=hfZ9oemZC7wMCyVUojaMg708BNmGWj8wmihGheDUojw9rdsErHa9rTnFqihIC7n0rjnEqTs6rjg9pjr8tNhVCT94tMVKhd95qdaFqdk
Emptied folder: C:\Users\Andreas\AppData\Roaming\mozilla\firefox\profiles\ma9n1ur7.default-1390196850485\minidumps [18 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.06.2014 at 18:58:30,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-06-2014
Ran by Andreas (administrator) on LINUX2 on 27-06-2014 19:01:41
Running from C:\Users\Andreas\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(REINER SCT) C:\Windows\System32\cjpcsc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(DATA BECKER GmbH & Co KG) C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe
(devolo AG) C:\Program Files\devolo\dlan\devolonetsvc.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareAgent.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Microsoft Corporation) C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(OpenLimit SignCubes AG) C:\Program Files\AusweisApp\siqBootLoader.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files\WinTV\WinTV7\WinTVTray.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Hewlett-Packard Development Co. L.P.) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [CorelDRAW Graphics Suite 11b] => C:\Program Files\Corel\Corel Graphics 12\Languages\DE\Programs\Registration.exe [733184 2003-11-28] (Corel Corporation)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM\...\Run: [QuickTime Plugin Install] => C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2011-10-27] ()
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [AllShareAgent] => C:\Program Files\Samsung\AllShare\AllShareAgent.exe [285072 2012-01-19] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] => C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-04-27] ()
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466656 2014-05-23] (Sony)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [SkyDrive] => C:\Users\Andreas\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-05-16] (Microsoft Corporation)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\Run: [AusweisApp] => C:\Program Files\AusweisApp\siqBootLoader.exe [2514560 2013-05-27] (OpenLimit SignCubes AG)
HKU\S-1-5-21-1515744480-3192567929-633081273-1000\...\MountPoints2: {9405add1-4b5d-11e1-8bc2-00241d6d9db6} - F:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
ShortcutTarget: AutoStart IR.lnk -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status..lnk
ShortcutTarget: WinTV Recording Status..lnk -> C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.)

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {E394EAAF-29E9-4B54-B7DE-AB2D118BF2EE} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A012DE80003&p={SearchTerms}
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
DPF: {57CD0DF4-DACC-439D-9173-3F6A8EC3FFE3} hxxp://192.168.178.201/IPCamPluginMegaDM.cab
DPF: {65EEE2E1-B8D5-4724-8489-048B551045BF} https://chipkarte.santanderbank.de/Estatico/ALP_EBANDE_SmartCardPres_E/Recursos/SantanderChipcardPlugin2610.cab
DPF: {B015B944-7316-49AE-AC84-ACCA9379EA32} hxxp://192.168.178.200/IPCamPluginMJPEG.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{D55A763D-4C44-4F15-A638-0DB2B4501A4D}: [NameServer]192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @protectdisc.com/NPPDLicenseHelper - C:\Users\Andreas\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Widget context - C:\Users\Andreas\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2014-03-14]
FF Extension: Wörterbuch Deutsch (de-DE), Hunspell-unterstützt - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\de_DE@dicts.j3e.de [2014-03-25]
FF Extension: YouuTouAdBloCkEr - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\ejkz@kckxwmoh.co.uk [2014-02-03]
FF Extension: Santander Chipcard Plugin - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{fd639891-5cc6-45ae-9055-a7a6abb5a7a9} [2014-01-28]
FF Extension: Deutsch (DE) Language Pack - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\langpack-de@firefox.mozilla.org.xpi [2014-02-02]
FF Extension: Adblock Plus - C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\ma9n1ur7.default-1390196850485\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-06]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\IPSFF [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.1.7\coFFPlgn [2014-06-27]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://websearch.good-results.info/"
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiijkoelbenaknjgegmdjikdkgpfipgj [2014-01-01]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenohbfjcenmfafhfjhcipfmmccihdpj [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\edkdnahkjopoflldbenccidlpiimmicp [2013-01-26]
CHR Extension: (No Name) - C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-02-23]
CHR Extension: (ExxstraSavIngs) - C:\ProgramData\olphdlcdaclhmigmaogcoljdepkihcan\ [2014-02-23]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2014-06-14]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 cjpcsc; C:\Windows\system32\cjpcsc.exe [515632 2013-05-21] (REINER SCT)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1565880 2014-05-21] (Microsoft Corporation)
R2 DBService; C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe [2650112 2010-05-28] (DATA BECKER GmbH & Co KG) [File not signed]
R2 DevoloNetworkService; C:\Program Files\devolo\dlan\devolonetsvc.exe [3304768 2010-12-23] (devolo AG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [558592 2010-11-03] (Hauppauge Computer Works) [File not signed]
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-04-27] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [133184 2014-06-03] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 SamsungAllShareV2.0; C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [25504 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 SimpleSlideShowServer; C:\Program Files\Samsung\AllShare\AllShareSlideShowService.exe [27584 2012-01-19] (Samsung Electronics Co., Ltd.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

==================== Drivers (Whitelisted) ====================

R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\BASHDefs\20140606.001\BHDrvx86.sys [1101616 2014-05-10] (Symantec Corporation)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1503000.00C\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28664 2012-09-04] (REINER SCT)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [377648 2014-06-13] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [109872 2014-06-13] (Symantec Corporation)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [573440 2009-07-06] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\System32\DRIVERS\hcw95rc.sys [15616 2009-07-06] (Hauppauge Computer Works, Inc.)
R1 IDSVix86; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\IPSDefs\20140626.002\IDSvix86.sys [395992 2014-03-29] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVENG.SYS [93272 2014-06-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.1.7\Definitions\VirusDefs\20140625.009\NAVEX15.SYS [1612376 2014-06-09] (Symantec Corporation)
R2 NPF_devolo; C:\Windows\system32\drivers\npf_devolo.sys [35840 2010-06-10] (CACE Technologies) [File not signed]
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S3 s116bus; C:\Windows\System32\DRIVERS\s116bus.sys [83336 2007-04-03] (MCCI Corporation)
S3 s116mdfl; C:\Windows\System32\DRIVERS\s116mdfl.sys [15112 2007-04-03] (MCCI Corporation)
S3 s116mdm; C:\Windows\System32\DRIVERS\s116mdm.sys [108680 2007-04-03] (MCCI Corporation)
S3 s116mgmt; C:\Windows\System32\DRIVERS\s116mgmt.sys [100488 2007-04-03] (MCCI Corporation)
S3 s116nd5; C:\Windows\System32\DRIVERS\s116nd5.sys [23176 2007-04-03] (MCCI Corporation)
S3 s116obex; C:\Windows\System32\DRIVERS\s116obex.sys [98696 2007-04-03] (MCCI Corporation)
S3 s116unic; C:\Windows\System32\DRIVERS\s116unic.sys [99080 2007-04-03] (MCCI Corporation)
S3 SCL01132; C:\Windows\System32\DRIVERS\SCL01132.sys [61824 2010-05-07] (SCM Microsystems Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1503000.00C\SRTSP.SYS [664280 2014-02-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1503000.00C\SRTSPX.SYS [32344 2014-02-11] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1503000.00C\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1503000.00C\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-03-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1503000.00C\Ironx86.SYS [206936 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1503000.00C\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-27 19:01 - 2014-06-27 19:01 - 00021364 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-06-27 18:58 - 2014-06-27 18:58 - 00002644 _____ () C:\Users\Andreas\Desktop\JRT.txt
2014-06-27 18:54 - 2014-06-27 18:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 18:38 - 2014-06-27 18:38 - 01073152 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-06-27 18:36 - 2014-06-27 18:36 - 01016261 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
2014-06-27 18:35 - 2014-06-27 18:35 - 01342659 _____ () C:\Users\Andreas\Desktop\adwcleaner_3.213.exe
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 22:10 - 2014-06-27 19:01 - 00000000 ____D () C:\FRST
2014-06-14 17:53 - 2014-06-14 18:05 - 00000000 ____D () C:\Raspberry Pi
2014-06-13 20:32 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 20:32 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 20:32 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 20:32 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 20:32 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 20:32 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 20:32 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 20:32 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 20:32 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 20:32 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 20:32 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 20:32 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 20:32 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 20:32 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 20:32 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 20:32 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 20:32 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 20:32 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 20:32 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 20:32 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 20:32 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 20:32 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 20:32 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 20:32 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 20:32 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 20:32 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 20:32 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 20:32 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 20:30 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 20:30 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 20:30 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 20:30 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 20:30 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 20:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-13 05:19 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll

==================== One Month Modified Files and Folders =======

2014-06-27 19:02 - 2014-06-27 19:01 - 00021364 _____ () C:\Users\Andreas\Desktop\FRST.txt
2014-06-27 19:01 - 2014-06-23 22:10 - 00000000 ____D () C:\FRST
2014-06-27 18:58 - 2014-06-27 18:58 - 00002644 _____ () C:\Users\Andreas\Desktop\JRT.txt
2014-06-27 18:55 - 2014-04-16 05:12 - 00000000 ____D () C:\Users\Andreas\AppData\Local\CrashDumps
2014-06-27 18:55 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 18:55 - 2009-07-14 06:34 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 18:54 - 2014-06-27 18:54 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 18:49 - 2013-03-07 20:49 - 00000000 ____D () C:\Users\Andreas\.ausweisapp
2014-06-27 18:49 - 2013-02-01 23:02 - 00000000 ___RD () C:\Users\Andreas\SkyDrive
2014-06-27 18:47 - 2011-07-24 21:45 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 18:47 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 18:47 - 2009-07-14 06:39 - 00006887 _____ () C:\Windows\setupact.log
2014-06-27 18:46 - 2014-03-30 15:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-27 18:46 - 2010-02-12 18:11 - 00459180 _____ () C:\Windows\PFRO.log
2014-06-27 18:45 - 2014-04-27 11:25 - 00000000 ____D () C:\AdwCleaner
2014-06-27 18:45 - 2009-10-29 20:06 - 01687912 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 18:38 - 2014-06-27 18:38 - 01073152 _____ (Farbar) C:\Users\Andreas\Desktop\FRST.exe
2014-06-27 18:36 - 2014-06-27 18:36 - 01016261 _____ (Thisisu) C:\Users\Andreas\Desktop\JRT.exe
2014-06-27 18:35 - 2014-06-27 18:35 - 01342659 _____ () C:\Users\Andreas\Desktop\adwcleaner_3.213.exe
2014-06-27 18:33 - 2010-04-02 11:04 - 00007611 _____ () C:\Users\Andreas\AppData\Local\Resmon.ResmonCfg
2014-06-27 18:32 - 2011-07-24 21:45 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 05:21 - 2013-10-03 10:36 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\vlc
2014-06-26 20:21 - 2009-10-29 20:22 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 20:17 - 2014-04-18 20:19 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\UseNeXT
2014-06-25 20:52 - 2014-02-03 06:32 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-06-25 20:35 - 2014-06-25 20:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-25 20:20 - 2013-03-07 20:49 - 00000000 ____D () C:\Program Files\AusweisApp
2014-06-25 20:00 - 2009-12-29 18:22 - 01018206 _____ () C:\Windows\DPINST.LOG
2014-06-25 19:59 - 2014-03-26 05:58 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-25 19:59 - 2012-03-09 07:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-25 19:59 - 2009-11-08 17:18 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-25 07:20 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-21 20:28 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-19 20:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-19 20:26 - 2013-02-01 22:08 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 05:14 - 2013-12-21 10:48 - 00000000 ____D () C:\Program Files\McAfee
2014-06-15 15:08 - 2014-04-18 20:19 - 00000000 ____D () C:\Program Files\UseNeXT
2014-06-14 18:43 - 2014-04-18 21:00 - 00000000 ____D () C:\Users\Andreas\AppData\Local\QuickPar
2014-06-14 18:05 - 2014-06-14 17:53 - 00000000 ____D () C:\Raspberry Pi
2014-06-14 17:44 - 2010-04-24 22:39 - 00054784 _____ () C:\Users\Andreas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-13 23:12 - 2013-08-15 20:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 23:09 - 2009-11-01 11:38 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 05:37 - 2013-02-01 21:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-09 10:02 - 2010-09-18 20:35 - 00000000 ____D () C:\Users\Andreas\AppData\Local\FreePDF_XP
2014-06-09 10:01 - 2010-09-18 20:35 - 00013560 _____ () C:\fpRedmon.log
2014-05-30 11:18 - 2014-06-13 20:32 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 11:02 - 2014-06-13 20:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 11:02 - 2014-06-13 20:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 10:44 - 2014-06-13 20:32 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 10:43 - 2014-06-13 20:32 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 10:42 - 2014-06-13 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-13 20:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 10:34 - 2014-06-13 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 10:33 - 2014-06-13 20:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 10:30 - 2014-06-13 20:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 10:28 - 2014-06-13 20:32 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 10:28 - 2014-06-13 20:32 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 10:27 - 2014-06-13 20:32 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 10:21 - 2014-06-13 20:32 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 10:16 - 2014-06-13 20:32 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 10:10 - 2014-06-13 20:32 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-13 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:04 - 2014-06-13 20:32 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:02 - 2014-06-13 20:32 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 09:57 - 2014-06-13 20:32 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 09:56 - 2014-06-13 20:32 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 09:54 - 2014-06-13 20:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 09:50 - 2014-06-13 20:32 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-13 20:32 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 09:40 - 2014-06-13 20:32 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:21 - 2014-06-13 20:32 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:15 - 2014-06-13 20:32 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:13 - 2014-06-13 20:32 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\Andreas\AppData\Local\Temp\bitool.dll
C:\Users\Andreas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-21 20:12

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread

Die Addition.txt finde ich nicht
nur eine von Gestern - ich lösche sie mal und starte FRST neu

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by Andreas at 2014-06-26 20:27:32
Running from \\nas\andreas\Programme\Farbar Recovery Scan Tool FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

2600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
2600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AusweisApp (HKLM\...\{6E2E92F9-A81B-426F-8F35-4F3718A7D0AF}) (Version: 1.11.0 - OpenLimit SignCubes AG)
BlazePhoto 2.0 (HKLM\...\BlazePhoto 2.0_is1) (Version:  - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
DATA BECKER BeckerCAD 7 (HKLM\...\BeckerCAD 7_is1) (Version: 7.0.0.1 - DATA BECKER GmbH & Co. KG)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.0.0.0 - devolo AG)
dLAN Cockpit (HKLM\...\Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1) (Version: 3 (23.12.2010) - devolo AG)
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DVDFab 9.0.1.1 (23/11/2012) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.2.0 - Steuerverwaltung des Bundes und der Länder)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
ExxstraSavIngs (HKLM\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version:  - ExsoTrAASaavings) <==== ATTENTION
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Gini! (HKCU\...\93edd1682ad811a0) (Version: 1.0.73.0 - AVM Berlin)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.0.28315 - Hauppauge Computer Works)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPCam Admin v3.0.14 (HKLM\...\IPCam Admin Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
IPCam Surveillance Software 3.0.3.0 (HKLM\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MAGIX Foto Clinic 4.5 (D) (HKLM\...\MAGIX Foto Clinic 4.5 D) (Version: 4.5.4.0 - MAGIX AG)
MAGIX Foto Manager 10 (HKLM\...\MAGIX_{EC91F93F-D4C2-4789-9DDE-F6C08EACD610}) (Version: 8.0.2.184 - MAGIX AG)
MAGIX Foto Manager 10 (Version: 8.0.2.184 - MAGIX AG) Hidden
MAGIX Foto Manager 2006 (D) (HKLM\...\MAGIX Foto Manager 2006 D) (Version: 3.0.1.84 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (HKLM\...\MAGIX_{4A34F4CA-B59D-4C45-A52C-DD5BEA10378C}) (Version: 10.0.5.3 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (Version: 10.0.5.3 - MAGIX AG) Hidden
MAGIX Music Manager (D) (HKLM\...\MAGIX Music Manager D) (Version: 1.1.1.692 - MAGIX AG)
MAGIX Online Druck Service (HKLM\...\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.1.0-478 - myphotobook GmbH)
MAGIX Online Druck Service (HKLM\...\MAGIX Online Druck Service) (Version:  - Silverwire Software GmbH)
MAGIX Online Druck Service (Version: 1.1.0 - myphotobook GmbH) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{58B05670-41E7-4FB0-BBBB-BF9029C99330}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{60C49E39-ABD6-49FC-B2EB-77A732EC465B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deLuxe 2006 PLUS (D) (HKLM\...\MAGIX Video deLuxe 2006 PLUS D) (Version: 5.5.0.31 - MAGIX AG)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Menu Templates - Pack 1 (Version: 9.4.6.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Nero 9 Essentials (HKLM\...\{2b60dc9c-df16-42a2-a9c0-0629b661ef20}) (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.27.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Move it (HKLM\...\{a166ed6c-480b-4e6e-b3cc-042506878343}) (Version:  - Nero AG)
Nero Move it (Version: 1.2.0.0 - Nero AG) Hidden
Nero Move it Help (Version: 1.0.0.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden
Nero RescueAgent Help (Version: 2.4.4.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.27.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NSU (HKLM\...\{A3EA81D6-07A2-4116-9EA3-60B741572FD6}) (Version: 2.02.1030 - ZyXEL)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.2 (HKLM\...\{51E3EA78-FD3E-4400-9D34-1383E3F18FDA}) (Version: 4.2.2 - Oracle Corporation)
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QCAD Professional Trial 3.0.0 RC5b (HKLM\...\QCAD Professional Trial) (Version: 3.0.0 RC5b - RibbonSoft GmbH)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Rossmann Fotowelt Software 4.12.1 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.)
Samsung AllShare (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SCL011 Contactless Reader (HKLM\...\{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}) (Version: 1.01 - SCM Microsystems)
SDFormatter (HKLM\...\{5A347920-4AFC-11D5-9FB0-800649886934}) (Version:  - )
Search Protect (HKLM\...\SearchProtect) (Version: 2.13.3.38 - Client Connect LTD) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.7.201306141231 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
TippKönigin Demo 5.5 (HKLM\...\TippKönigin Demo_is1) (Version:  - Giletech e.K.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

08-06-2014 17:00:18 Windows-Sicherung
13-06-2014 03:28:58 Windows Update
13-06-2014 21:09:07 Windows Update
17-06-2014 03:09:38 Windows-Sicherung
25-06-2014 18:00:31 Sony PC Companion
26-06-2014 03:04:59 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-25 20:51 - 01187090 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adcash.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {187F486D-B012-4EEE-8A50-413E16668116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {50C02562-3968-4C1A-8E55-6D24FB7CB5EA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {6E3EC02A-EF39-4E59-B3E6-0D76EDF952BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-19] (Microsoft Corporation)
Task: {839C5F7C-F35A-4016-9EC9-8C1E7B28D8AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {90EF61AB-12DF-4100-9147-ED459A109729} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B75EEAB7-02C8-4287-BB4F-0E0E96052E5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {C29F164F-9C2C-4764-B3DD-90065334BFCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {C3126B15-0F75-4CB1-8635-79F6C159F56D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C6BB1AC7-7EFC-413A-B68A-1151F3ECBAF9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D4ABE6BA-213D-4914-B940-F13BBF3E71A3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Linux2-Andreas Linux2 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-16 07:24 - 2005-01-06 19:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2013-12-17 20:19 - 2007-05-31 09:38 - 00167936 ____N () C:\Windows\system32\SerialXP.dll
2014-03-30 09:58 - 2013-10-31 18:14 - 00077992 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2011-01-15 22:39 - 2010-11-10 19:58 - 00019456 _____ () C:\Program Files\WinTV\TVServer\HauppaugeTVServerps.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 01135616 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00655872 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00105472 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00098816 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00077312 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00520234 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00450560 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 05717504 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00029184 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00147456 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00012288 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 04671488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00070656 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00686080 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00152064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00027648 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00063488 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00366592 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\tag.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00289792 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00023040 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00017920 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00017920 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00133120 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00290304 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00024064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00012288 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00024064 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00399826 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00013824 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00031232 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-01-18 17:10 - 2012-01-18 17:10 - 00054784 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-01-06 16:40 - 2012-01-06 16:40 - 00044032 _____ () C:\Program Files\Samsung\AllShare\AllShareDMS\us.dll
2014-04-27 18:30 - 2014-04-27 18:30 - 00302961 _____ () C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2014-06-19 20:21 - 2014-06-19 20:21 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2011-05-03 18:19 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2011-05-03 18:19 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2011-07-07 14:54 - 2011-07-07 14:54 - 00233984 _____ () C:\Program Files\Sony\Sony PC Companion\Report.dll
2012-09-10 16:11 - 2012-09-10 16:11 - 00589312 _____ () C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
2011-05-03 18:19 - 2010-01-11 16:44 - 00053248 _____ () C:\Program Files\Sony\Sony PC Companion\VObject.dll
2012-02-13 09:53 - 2012-02-13 09:53 - 00086016 _____ () C:\Program Files\Sony\Sony PC Companion\CalEngine.dll
2012-04-04 14:33 - 2012-04-04 14:33 - 00139776 _____ () C:\Program Files\Sony\Sony PC Companion\CAgdLNotes.dll
2012-03-16 12:51 - 2012-03-16 12:51 - 00188416 _____ () C:\Program Files\Sony\Sony PC Companion\CAgdOutlook.dll
2010-09-14 15:01 - 2010-09-14 15:01 - 00212992 _____ () C:\Program Files\Sony\Sony PC Companion\VistaCalendar.dll
2011-05-03 18:19 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-06-19 20:21 - 2014-06-19 20:21 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-06-25 20:35 - 2014-06-25 20:35 - 03852912 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-04-23 11:32 - 2014-04-23 11:32 - 16351920 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Photosmart 2600 series
Description: Photosmart 2600 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/26/2014 08:24:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/26/2014 08:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00037c9f
ID des fehlerhaften Prozesses: 0xa68
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0
Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1
Pfad des fehlerhaften Moduls: svchost.exe_SysMain2
Berichtskennung: svchost.exe_SysMain3

Error: (06/26/2014 05:13:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"

Error: (06/25/2014 08:04:47 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/22/2014 02:19:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:18:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/21/2014 05:03:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:48:10 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 07:38:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 05:09:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231


System errors:
=============
Error: (06/26/2014 08:18:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/26/2014 08:17:21 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/26/2014 05:03:51 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/25/2014 08:41:44 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (06/25/2014 08:52:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (06/25/2014 08:52:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HOSTS Anti-PUPs" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (06/25/2014 08:52:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst HOSTS Anti-PUPs erreicht.

Error: (06/25/2014 08:51:25 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (06/25/2014 08:51:25 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (06/23/2014 08:59:28 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Server" wurde mit folgendem Fehler beendet: 
%%1062


Microsoft Office Sessions:
=========================
Error: (06/26/2014 08:24:59 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/26/2014 08:18:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c000000500037c9fa6801cf90a68d4405d0C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll3d538df0-fd5e-11e3-9a1b-f33eb4c78d13

Error: (06/26/2014 05:13:07 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)

Error: (06/25/2014 08:04:47 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/22/2014 02:19:22 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:18:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\Sony\sony pc companion\Drivers\DPInst64.exe

Error: (06/21/2014 05:03:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/21/2014 08:48:10 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 07:38:45 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231

Error: (06/19/2014 05:09:55 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418231
         
Nach langem Suchen doch gefunden :-)
Besser gesagt, nachdem ich FRS neu suchen lassen hatte.
Vielen Dank erst einmal im Voraus :-)

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-06-2014
Ran by Andreas at 2014-06-27 19:15:12
Running from C:\Users\Andreas\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

2600 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
2600_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
2600Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.8.0.870 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.235 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
AFPL Ghostscript 8.54 (HKLM\...\AFPL Ghostscript 8.54) (Version:  - )
AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AusweisApp (HKLM\...\{6E2E92F9-A81B-426F-8F35-4F3718A7D0AF}) (Version: 1.11.0 - OpenLimit SignCubes AG)
BlazePhoto 2.0 (HKLM\...\BlazePhoto 2.0_is1) (Version:  - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version:  - )
CorelDRAW Graphics Suite 12 (HKLM\...\{505AFDC0-5E72-4928-8368-5DEA385E3647}) (Version: 12.0.0.458 - Corel Corporation)
cyberJack Base Components (HKLM\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 6.10.7 - REINER SCT)
DATA BECKER BeckerCAD 7 (HKLM\...\BeckerCAD 7_is1) (Version: 7.0.0.1 - DATA BECKER GmbH & Co. KG)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
devolo dLAN Cockpit (HKLM\...\dlancockpit) (Version: 3.0.0.0 - devolo AG)
dLAN Cockpit (HKLM\...\Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1) (Version: 3 (23.12.2010) - devolo AG)
dLAN Cockpit (Version: 3.23.12 - devolo AG) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DolbyFiles (Version: 2.0 - Nero AG) Hidden
DVDFab 9.0.1.1 (23/11/2012) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 14.4.12044 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008/2009 (HKLM\...\{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}) (Version: 10.3.2.0 - Steuerverwaltung des Bundes und der Länder)
Extended Asian Language font pack for Adobe Reader XI (HKLM\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
ExxstraSavIngs (HKLM\...\{C637A71C-A4B2-4B47-1B2A-1042A8D525A3}) (Version:  - ExsoTrAASaavings) <==== ATTENTION
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Firebird SQL Server - MAGIX Edition (HKLM\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Gini! (HKCU\...\93edd1682ad811a0) (Version: 1.0.73.0 - AVM Berlin)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.0.28315 - Hauppauge Computer Works)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Image Converter (HKLM\...\Image Converter Image Converter) (Version: 1.0.0 - Image Converter)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPCam Admin v3.0.14 (HKLM\...\IPCam Admin Utility_is1) (Version:  - Edimax Technology Co., Ltd.)
IPCam Surveillance Software 3.0.3.0 (HKLM\...\IPCam Surveillance Software_is1) (Version:  - Edimax Technology Co., Ltd.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
MAGIX Foto Clinic 4.5 (D) (HKLM\...\MAGIX Foto Clinic 4.5 D) (Version: 4.5.4.0 - MAGIX AG)
MAGIX Foto Manager 10 (HKLM\...\MAGIX_{EC91F93F-D4C2-4789-9DDE-F6C08EACD610}) (Version: 8.0.2.184 - MAGIX AG)
MAGIX Foto Manager 10 (Version: 8.0.2.184 - MAGIX AG) Hidden
MAGIX Foto Manager 2006 (D) (HKLM\...\MAGIX Foto Manager 2006 D) (Version: 3.0.1.84 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (HKLM\...\MAGIX_{4A34F4CA-B59D-4C45-A52C-DD5BEA10378C}) (Version: 10.0.5.3 - MAGIX AG)
MAGIX Fotos auf CD & DVD 10 (Version: 10.0.5.3 - MAGIX AG) Hidden
MAGIX Music Manager (D) (HKLM\...\MAGIX Music Manager D) (Version: 1.1.1.692 - MAGIX AG)
MAGIX Online Druck Service (HKLM\...\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.1.0-478 - myphotobook GmbH)
MAGIX Online Druck Service (HKLM\...\MAGIX Online Druck Service) (Version:  - Silverwire Software GmbH)
MAGIX Online Druck Service (Version: 1.1.0 - myphotobook GmbH) Hidden
MAGIX Screenshare (HKLM\...\MAGIX_{58B05670-41E7-4FB0-BBBB-BF9029C99330}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (Version: 4.3.6.1987 - MAGIX AG) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{60C49E39-ABD6-49FC-B2EB-77A732EC465B}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deLuxe 2006 PLUS (D) (HKLM\...\MAGIX Video deLuxe 2006 PLUS D) (Version: 5.5.0.31 - MAGIX AG)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.190 - McAfee, Inc.)
Menu Templates - Pack 1 (Version: 9.4.6.0 - Nero AG) Hidden
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel Viewer (HKLM\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft XML Parser (Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Nero 9 Essentials (HKLM\...\{2b60dc9c-df16-42a2-a9c0-0629b661ef20}) (Version:  - Nero AG)
Nero BurnRights (Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (Version: 4.4.12.100 - Nero AG) Hidden
Nero CoverDesigner Help (Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.27.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Move it (HKLM\...\{a166ed6c-480b-4e6e-b3cc-042506878343}) (Version:  - Nero AG)
Nero Move it (Version: 1.2.0.0 - Nero AG) Hidden
Nero Move it Help (Version: 1.0.0.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.14.100 - Nero AG) Hidden
Nero RescueAgent Help (Version: 2.4.4.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (Version: 5.4.21.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.19.100 - Nero AG) Hidden
Nero Vision (Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.27.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Norton Internet Security (HKLM\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
NSU (HKLM\...\{A3EA81D6-07A2-4116-9EA3-60B741572FD6}) (Version: 2.02.1030 - ZyXEL)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 4.2.2 (HKLM\...\{51E3EA78-FD3E-4400-9D34-1383E3F18FDA}) (Version: 4.2.2 - Oracle Corporation)
Protect Disc License Helper 1.0.125 (IE) (HKCU\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QCAD Professional Trial 3.0.0 RC5b (HKLM\...\QCAD Professional Trial) (Version: 3.0.0 RC5b - RibbonSoft GmbH)
QuickPar 0.9 (HKLM\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
ratDVD 0.78.1444 (HKLM\...\ratDVD) (Version: 0.78.1444 - ratDVD)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Rossmann Fotowelt Software 4.12.1 (HKLM\...\Rossmann Fotowelt Software) (Version: 4.12.1 - ORWO Net)
Samsung AllShare (HKLM\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.)
Samsung AllShare (Version: 2.1.0.12013_8 - Samsung Electronics Co., Ltd.) Hidden
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
SCL011 Contactless Reader (HKLM\...\{101A21B2-E102-4F64-A7FA-CEF7182D0E2D}) (Version: 1.01 - SCM Microsystems)
SDFormatter (HKLM\...\{5A347920-4AFC-11D5-9FB0-800649886934}) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Update Engine (HKLM\...\Update Engine) (Version: 2.13.7.201306141231 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.211 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.211 - Sony)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version:  - )
TippKönigin Demo 5.5 (HKLM\...\TippKönigin Demo_is1) (Version:  - Giletech e.K.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
UseNeXT by Tangysoft (HKLM\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )

==================== Restore Points  =========================

08-06-2014 17:00:18 Windows-Sicherung
13-06-2014 03:28:58 Windows Update
13-06-2014 21:09:07 Windows Update
17-06-2014 03:09:38 Windows-Sicherung
25-06-2014 18:00:31 Sony PC Companion
26-06-2014 03:04:59 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:04 - 2014-06-27 18:47 - 01226700 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adcash.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {187F486D-B012-4EEE-8A50-413E16668116} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {50C02562-3968-4C1A-8E55-6D24FB7CB5EA} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-11] (Symantec Corporation)
Task: {6E3EC02A-EF39-4E59-B3E6-0D76EDF952BB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-19] (Microsoft Corporation)
Task: {839C5F7C-F35A-4016-9EC9-8C1E7B28D8AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {90EF61AB-12DF-4100-9147-ED459A109729} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B75EEAB7-02C8-4287-BB4F-0E0E96052E5B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation)
Task: {C29F164F-9C2C-4764-B3DD-90065334BFCF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-07-24] (Google Inc.)
Task: {C3126B15-0F75-4CB1-8635-79F6C159F56D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C6BB1AC7-7EFC-413A-B68A-1151F3ECBAF9} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D4ABE6BA-213D-4914-B940-F13BBF3E71A3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Linux2-Andreas Linux2 => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============
         

Antwort

Themen zu Windows 7 32bit - weißer Bildschirm nach Anmeldung
js/toolbar.crossrider.b, pup.optional.bundleinstaller.a, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.domalq, pup.optional.feven.a, pup.optional.homepageprotector.a, pup.optional.incredibar, pup.optional.incredibar.a, pup.optional.inredibar.a, pup.optional.installbrain.a, pup.optional.lollipop, pup.optional.quickstart.a, pup.optional.scramblepacker.a, pup.optional.searchprotect.a, pup.optional.skytech.a, pup.optional.somoto, pup.optional.somoto.a, pup.optional.suptab.a, pup.optional.wpmanager, system volume information, trojan.sprotector, weißer bildschirm trojaner verbindung wird hergestellt, win32/toolbar.conduit.y, win32/toolbar.crossrider.z



Ähnliche Themen: Windows 7 32bit - weißer Bildschirm nach Anmeldung


  1. Weißer bildschirm nach anmeldung
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (19)
  2. Windows 7 64 Bit Weißer Bildschirm nach der Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (5)
  3. Windows 7: Weißer Bildschirm nach Anmeldung
    Log-Analyse und Auswertung - 05.03.2014 (5)
  4. Weißer Bildschirm nach Anmeldung (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 17.12.2013 (4)
  5. weißer Bildschirm nach Anmeldung, im abges. Modus sofortiger Neustart nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (12)
  6. Weißer Bildschirm nach Windows 7 Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (7)
  7. Windows 7 -weißer Bildschirm nach Anmeldung
    Log-Analyse und Auswertung - 26.10.2013 (9)
  8. Windows 7 (64-Bit) : Weißer Bildschirm nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 14.09.2013 (15)
  9. Weißer Bildschirm nach Anmeldung (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (11)
  10. Weißer Bildschirm nach Windows 7 Anmeldung (Frstlogfile hab ich was nun)
    Log-Analyse und Auswertung - 12.08.2013 (3)
  11. Weißer Bildschirm nach Windows 7 Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 30.07.2013 (11)
  12. Windows XP Weißer Bildschirm nach der Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (25)
  13. Weißer Bildschirm nach Anmeldung, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 08.05.2013 (9)
  14. Weißer Bildschirm nach Anmeldung [Windows 7]
    Plagegeister aller Art und deren Bekämpfung - 05.03.2013 (15)
  15. Windows 7 - Weißer Bildschirm nach Anmeldung - OTLPE funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (8)
  16. Weißer Bildschirm nach Anmeldung, Windows XP Professional
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (6)
  17. Weißer Bildschirm nach Anmeldung bei Windows 7
    Plagegeister aller Art und deren Bekämpfung - 24.08.2012 (2)

Zum Thema Windows 7 32bit - weißer Bildschirm nach Anmeldung - Hallo, ich habe Windows 7, 32bit. Nach dem hochfahren und dem Anmelden erscheint ein weißer Bildschirm mit dem der Text "Kann keine Verbindung aufbauen". Norton Scurity ist installiert. Von einem - Windows 7 32bit - weißer Bildschirm nach Anmeldung...
Archiv
Du betrachtest: Windows 7 32bit - weißer Bildschirm nach Anmeldung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.