Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Deal Finder unter Windows 8 entfernen (https://www.trojaner-board.de/139666-deal-finder-windows-8-entfernen.html)

antepe 11.08.2013 18:33
Deal Finder unter Windows 8 entfernen
 
Hallo,

ich habe ein Laptop mit Windows 8 seit Mai 2013. Seit ca. 4-6 Wochen bekomme ich unter Amazon, Bücher de, Ebay und anderen Seiten den Deal Finder in den Text oder Bilder und Get Deal an der Seite. Seit ca. 2 Wochen bekomme ich, wenn ich Google aufrufe einzelne Wort in grün und unterstrichen, klicke ich darauf kommt ein Button, klicke ich dann darauf kommt hxxp://click.sureonlinefind.com :teufel3:

Folgende Schritte haben wir schon unternommen um diese Plagen loszuwerden.

Wir haben Firefox auf den Ursprung zurück gesetzt, den Spybot gelöscht. Java 6 gelöscht sowie Iminent gelöscht. Unter Firefox den ABG Werbeblocker aktiviert und Norton Security installiert. Aber trotzdem besteht die Probleme weiterhin.

Ich bedanke mich für eine Antwort

antepe

schrauber 11.08.2013 18:56
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


antepe 11.08.2013 20:33
Hallo Schrauber,
anbei die gewünschten txt`s.FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2013
Ran by Petra at 2013-08-11 21:26:42
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
CCleaner (Version: 4.01)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (Version: 07/11/2012 2.3.13.3)
Intel AppUp(R) center (x32 Version: 43952)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 17 (64-bit) (Version: 7.0.170)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 17.0.8)
Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8)
Nero 12 Essentials Toshiba (x32 Version: 12.0.00600)
Nero BackItUp (x32 Version: 12.0.3000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)
Nero Blu-ray Player (x32 Version: 12.0.17500)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero BurnRights (x32 Version: 12.0.5000)
Nero BurnRights Help (CHM) (x32 Version: 12.0.5000)
Nero ControlCenter (x32 Version: 11.0.15300)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)
Nero Core Components (x32 Version: 11.0.18200)
Nero Express (x32 Version: 12.0.20000)
Nero Express Help (CHM) (x32 Version: 12.0.5000)
Nero Kwik Media (x32 Version: 1.18.18900)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero Launcher (x32 Version: 12.2.6000)
Nero RescueAgent (x32 Version: 12.0.9000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Norton Internet Security (x32 Version: 20.4.0.40)
PaperPort Image Printer (Version: 1.00.0000)
Plus-HD-2.6 (x32 Version: 1.27.153.5)
Premium Sound HD (Version: 1.12.5000)
Prerequisite installer (x32 Version: 12.0.0002)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6738)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136)
Realtek WLAN Driver (x32 Version: 2.00.0020)
ScanSoft PaperPort 11 (x32 Version: 11.1.0000)
Shared C Run-time for x64 (Version: 10.0.0)
Synaptics Pointing Device Driver (Version: 16.2.10.5)
TOSHIBA Desktop Assist (Version: 1.00.08.6402)
TOSHIBA eco Utility (Version: 2.0.0.6415)
TOSHIBA Function Key (Version: 1.00.6626.6406)
TOSHIBA Manuals (x32 Version: 10.10)
Toshiba Password Utility (x32 Version: 2.00.972)
TOSHIBA PC Health Monitor (Version: 1.8.17.640104)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00)
TOSHIBA Service Station (Version: 2.4.4)
TOSHIBA System Driver (x32 Version: 1.00.0015)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002)
Toshiba TEMPRO (x32 Version: 4.2.2)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Welcome App (Start-up experience) (x32 Version: 12.0.14000)
WinZip 17.5 (Version: 17.5.10480)

==================== Restore Points  =========================

02-08-2013 14:46:33 Windows Update
07-08-2013 20:31:59 Removed AVG 2013

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0DF8CE98-4190-4850-BAD8-08A0CDCAE90F} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-28] (TOSHIBA Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {12AD1669-09EE-4D45-8532-98EB6BB0109A} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {14179BD3-E859-4FEC-BC42-2D397B7C14D4} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {1D5E5F55-32FC-45AF-BAE8-424DEEC024A4} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1029107914-2842320804-1689382664-1001
Task: {1D9F9CA6-1316-4E98-8B39-5DD9FEC7BED2} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {2A1BCDBF-5998-49AA-B3EA-074ED06B6787} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {360591BE-ECBF-494E-A70F-FD2C019E446B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16] (Synaptics Incorporated)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {37C46720-740E-4BA3-833D-482857C251EC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {476553E5-CB3D-458F-94C3-7D518D8F79D5} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6B18737B-5E60-4306-AF9F-E3E523CE8CB9} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {7E0EE0D5-87B3-4DBD-89A1-1ADF29CEBA09} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1029107914-2842320804-1689382664-500
Task: {7E44E7CF-36AD-47D6-A83C-9408D34E996F} - System32\Tasks\Plus-HD-2.6-codedownloader => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe [2013-05-29] (Plus HD)
Task: {842F36D4-E03A-4D38-BB0C-7DDD122F25C3} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8FB41266-4E85-4DF7-BD09-8AEFE0D786F4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {9593491C-AC66-403B-9AFD-1F662B155ADD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {968BEE80-EE1A-4748-A162-289568246CE9} - System32\Tasks\Plus-HD-2.6-updater => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe [2013-05-29] (Plus HD)
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B8F05AAC-21C0-4166-B6E2-E35B06C25B2D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D962DCF4-98E3-42BB-A3A1-A0E0FAEE6A9C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F0917EB7-F5D8-4266-8CBA-FD1F9D19EC9D} - System32\Tasks\Plus-HD-2.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe [2013-05-29] (Plus HD)
Task: {F7ADB391-0813-445F-AE0D-26512A2EC618} - System32\Tasks\Plus-HD-2.6-enabler => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-enabler.exe [2013-05-29] (Plus HD)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\Plus-HD-2.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe
Task: C:\windows\Tasks\Plus-HD-2.6-enabler.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-enabler.exe
Task: C:\windows\Tasks\Plus-HD-2.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe
Task: C:\windows\Tasks\Plus-HD-2.6-updater.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2013 09:44:43 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/11/2013 09:44:24 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/11/2013 09:11:23 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/09/2013 05:17:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/09/2013 05:16:22 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (08/08/2013 09:16:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: RAFFAUF)
Description: Bei der Aktivierung der App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/08/2013 09:16:10 PM) (Source: Application Hang) (User: )
Description: Programm wwahost.exe, Version 6.2.9200.16420 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 110c

Startzeit: 01ce946bae160d00

Endzeit: 4294967295

Anwendungspfad: C:\windows\system32\wwahost.exe

Berichts-ID: f58a5243-005e-11e3-be88-c0d9622692b9

Vollständiger Name des fehlerhaften Pakets: Microsoft.BingNews_2.0.0.273_x64__8wekyb3d8bbwe

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: AppexNews

Error: (08/08/2013 09:16:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: RAFFAUF)
Description: Die App „Microsoft.BingNews_8wekyb3d8bbwe!AppexNews“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (08/08/2013 03:15:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: RAFFAUF)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (08/05/2013 04:30:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.


System errors:
=============
Error: (08/06/2013 11:27:55 PM) (Source: DCOM) (User: RAFFAUF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/06/2013 11:27:55 PM) (Source: DCOM) (User: RAFFAUF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (08/02/2013 09:11:56 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (08/02/2013 08:14:38 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (07/31/2013 05:33:31 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (07/31/2013 05:33:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (07/30/2013 07:13:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVG Firewall Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/30/2013 07:13:27 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "AVG Firewall Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (07/29/2013 09:46:55 PM) (Source: DCOM) (User: RAFFAUF)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (07/17/2013 10:19:26 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5


Microsoft Office Sessions:
=========================
Error: (08/11/2013 09:44:43 AM) (Source: SideBySide)(User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (08/11/2013 09:44:24 AM) (Source: SideBySide)(User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (08/11/2013 09:11:23 AM) (Source: SideBySide)(User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (08/09/2013 05:17:28 PM) (Source: SideBySide)(User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (08/09/2013 05:16:22 PM) (Source: SideBySide)(User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2

Error: (08/08/2013 09:16:10 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: RAFFAUF)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews-2144927142

Error: (08/08/2013 09:16:10 PM) (Source: Application Hang)(User: )
Description: wwahost.exe6.2.9200.16420110c01ce946bae160d004294967295C:\windows\system32\wwahost.exef58a5243-005e-11e3-be88-c0d9622692b9Microsoft.BingNews_2.0.0.273_x64__8wekyb3d8bbweAppexNews

Error: (08/08/2013 09:16:00 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: RAFFAUF)
Description: Microsoft.BingNews_8wekyb3d8bbwe!AppexNews

Error: (08/08/2013 03:15:42 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: RAFFAUF)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (08/05/2013 04:30:46 PM) (Source: SideBySide)(User: )
Description: c:\program files\WinZip\adxloader.dll.Manifestc:\program files\WinZip\adxloader.dll.Manifest2


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 8073.22 MB
Available physical RAM: 5748.99 MB
Total Pagefile: 9289.22 MB
Available Pagefile: 6920.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows 8) (Fixed) (Total:228.01 GB) (Free:189.28 GB) NTFS (Disk=0 Partition=4)
Drive e: (Volume) (Fixed) (Total:226.91 GB) (Free:226.75 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================
--- --- ---

schrauber 12.08.2013 08:07
FRST.txt fehlt :)

antepe 12.08.2013 21:48
Hallo Schrauber,

oh sorry, anbei die FRST.txt. Ist das jetzt so okay ?

Vielen Dank
Antepe
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-08-2013
Ran by Petra (administrator) on 11-08-2013 21:26:11
Running from C:\Users\Petra\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\windows\system32\wwahost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2611112 2012-09-05] ()
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223242 2012-08-20] ()
MountPoints2: {6c67dd1b-5c17-11e2-be73-806e6f6e6963} - "D:\Start.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-04-15] (Intel Corporation)
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [7148032 2012-10-31] (Pegatron Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [30248 2007-01-29] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [46632 2007-01-29] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort11reminder] - C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [255528 2007-02-01] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Intel AppUp(R) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-04-15] (Intel Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope {5F7386F2-50D9-4E1C-9ECA-65DD0810F5D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {5F7386F2-50D9-4E1C-9ECA-65DD0810F5D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {5F7386F2-50D9-4E1C-9ECA-65DD0810F5D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {5F7386F2-50D9-4E1C-9ECA-65DD0810F5D5} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {5F7386F2-50D9-4E1C-9ECA-65DD0810F5D5} URL =
SearchScopes: HKCU - {5F7386F2-50D9-4E1C-9ECA-65DD0810F5D5} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho.dll (Plus HD)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\91zz7y4u.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\coFFPlgn\
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-14] ()
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-20] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-17] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-10-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-08-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130809.001\IDSvia64.sys [513184 2013-08-07] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\IPSDefs\20130809.001\IDSvia64.sys [513184 2013-08-07] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130810.005\ENG64.SYS [126040 2013-08-07] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130810.005\ENG64.SYS [126040 2013-08-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130810.005\EX64.SYS [2098776 2013-08-07] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.0.19\Definitions\VirusDefs\20130810.005\EX64.SYS [2098776 2013-08-07] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-12] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                          )
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation                          )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-09-06] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2012-09-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-11 21:24 - 2013-08-11 21:24 - 01575102 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2013-08-08 21:47 - 2013-08-11 21:23 - 00385706 _____ C:\windows\WindowsUpdate.log
2013-08-08 21:30 - 2013-08-08 21:30 - 00017806 _____ C:\Users\Petra\Documents\cc_20130808_213047.reg
2013-08-08 20:45 - 2013-08-08 20:45 - 00000000 ____D C:\Users\Petra\Desktop\Alte Firefox-Daten-1
2013-08-07 22:45 - 2013-08-07 22:45 - 00910752 _____ (Symantec Corporation) C:\Users\Petra\Downloads\AutoDetectPkg.exe
2013-08-07 22:41 - 2013-08-07 22:41 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2013-08-07 22:41 - 2013-08-07 22:41 - 00000000 ____D C:\Users\Petra\Documents\Symantec
2013-08-07 22:40 - 2013-08-07 22:40 - 00177312 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-07 22:40 - 2013-08-07 22:40 - 00007631 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-07 22:40 - 2013-08-07 22:40 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2013-08-07 22:40 - 2013-08-07 22:40 - 00002586 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-08-07 22:40 - 2013-08-07 22:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-07 22:38 - 2013-08-07 22:40 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2013-08-07 22:38 - 2013-08-07 22:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-08-07 22:30 - 2013-08-07 22:40 - 00000000 ____D C:\ProgramData\Norton
2013-08-07 21:03 - 2013-08-07 21:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-02 21:09 - 2013-08-02 21:09 - 02543616 _____ C:\Users\Petra\Downloads\00latest-x64.msi
2013-08-02 15:19 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-08-02 15:19 - 2013-06-01 13:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-02 15:19 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-02 15:19 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-08-02 15:19 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-08-02 15:19 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-08-02 15:19 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-08-02 15:19 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-08-02 15:19 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-08-02 15:19 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-08-02 15:19 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-08-02 15:19 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-08-02 15:19 - 2013-05-20 02:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-08-02 15:18 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-08-02 15:18 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-08-02 15:18 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-08-02 15:18 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-08-02 15:18 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-08-02 15:18 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-08-02 15:18 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-08-02 15:18 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-08-02 15:18 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-08-02 15:18 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-08-02 15:18 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-08-02 15:18 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-08-02 15:18 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-08-02 15:18 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-08-02 15:18 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-08-02 15:18 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-08-02 15:18 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-08-02 15:18 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-08-02 15:18 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-08-02 15:18 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-08-02 15:18 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-08-02 15:18 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-29 21:22 - 2013-07-29 21:22 - 00002274 _____ C:\Users\Public\Desktop\Intel AppUp(R) center.lnk
2013-07-29 21:14 - 2013-07-29 21:14 - 00000000 ____D C:\Users\Petra\Documents\Eigene PaperPort-Dokumente
2013-07-29 21:14 - 2013-07-29 21:14 - 00000000 ____D C:\Users\Petra\AppData\Roaming\ScanSoft
2013-07-17 23:01 - 2013-07-17 23:01 - 00000000 ____D C:\Users\Petra\Desktop\Alte Firefox-Daten
2013-07-17 21:39 - 2013-07-17 21:39 - 00015664 _____ C:\Users\Petra\Documents\cc_20130717_213924.reg
2013-07-15 00:04 - 2013-07-15 00:05 - 00358024 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-13 14:05 - 2013-07-13 14:05 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-13 14:05 - 2013-07-13 14:05 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-13 14:05 - 2013-07-13 14:05 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-13 14:05 - 2013-07-13 14:05 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-13 14:05 - 2013-05-09 10:58 - 00287840 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2013-07-13 14:03 - 2013-07-13 14:03 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-13 14:01 - 2013-07-13 14:03 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-13 13:58 - 2013-07-13 14:01 - 142369424 _____ C:\Users\Petra\Downloads\avast_pro_antivirus_setup.exe
2013-07-13 13:56 - 2013-07-13 13:58 - 64998780 _____ C:\Users\Petra\Downloads\setup_av_pro(2).exe.part
2013-07-13 13:56 - 2013-07-13 13:56 - 00000000 _____ C:\Users\Petra\Downloads\setup_av_pro(2).exe
2013-07-13 13:55 - 2013-07-13 13:58 - 91987104 _____ C:\Users\Petra\Downloads\setup_av_pro(1).exe.part
2013-07-13 13:55 - 2013-07-13 13:58 - 122469520 _____ C:\Users\Petra\Downloads\setup_av_pro.exe
2013-07-13 13:55 - 2013-07-13 13:55 - 00000000 _____ C:\Users\Petra\Downloads\setup_av_pro(1).exe
2013-07-13 13:39 - 2013-07-13 13:39 - 00817973 _____ C:\Users\Petra\Downloads\adblock_plus-2.2.2.xpi
2013-07-13 13:25 - 2013-08-08 21:11 - 00001629 _____ C:\windows\wininit.ini

==================== One Month Modified Files and Folders =======

2013-08-11 21:24 - 2013-08-11 21:24 - 01575102 _____ (Farbar) C:\Users\Petra\Desktop\FRST64.exe
2013-08-11 21:23 - 2013-08-08 21:47 - 00385706 _____ C:\windows\WindowsUpdate.log
2013-08-11 21:21 - 2013-05-29 15:16 - 00001846 _____ C:\windows\Tasks\Plus-HD-2.6-firefoxinstaller.job
2013-08-11 21:16 - 2013-05-29 15:16 - 00001214 _____ C:\windows\Tasks\Plus-HD-2.6-codedownloader.job
2013-08-11 21:16 - 2013-05-29 15:16 - 00001210 _____ C:\windows\Tasks\Plus-HD-2.6-updater.job
2013-08-11 21:16 - 2013-05-29 15:16 - 00001114 _____ C:\windows\Tasks\Plus-HD-2.6-enabler.job
2013-08-11 21:13 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-08-11 19:40 - 2013-05-29 22:29 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-11 17:59 - 2013-01-11 19:49 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2013-08-11 17:59 - 2013-01-11 19:48 - 00000000 ____D C:\ProgramData\WildTangent
2013-08-09 17:14 - 2013-05-23 12:10 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1029107914-2842320804-1689382664-1001
2013-08-08 21:57 - 2012-07-26 10:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-08-08 21:32 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-08 21:30 - 2013-08-08 21:30 - 00017806 _____ C:\Users\Petra\Documents\cc_20130808_213047.reg
2013-08-08 21:28 - 2013-05-30 00:36 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-08-08 21:28 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-08-08 21:27 - 2013-05-29 23:17 - 00000000 ____D C:\Program Files\Java
2013-08-08 21:24 - 2013-05-30 00:36 - 00000898 _____ C:\windows\SysWOW64\InstallUtil.InstallLog
2013-08-08 21:12 - 2013-05-25 10:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-08-08 21:11 - 2013-07-13 13:25 - 00001629 _____ C:\windows\wininit.ini
2013-08-08 20:45 - 2013-08-08 20:45 - 00000000 ____D C:\Users\Petra\Desktop\Alte Firefox-Daten-1
2013-08-08 06:28 - 2013-06-02 21:47 - 00000425 _____ C:\windows\BRWMARK.INI
2013-08-07 22:45 - 2013-08-07 22:45 - 00910752 _____ (Symantec Corporation) C:\Users\Petra\Downloads\AutoDetectPkg.exe
2013-08-07 22:42 - 2012-08-01 18:38 - 00753134 _____ C:\windows\system32\perfh007.dat
2013-08-07 22:42 - 2012-08-01 18:38 - 00155826 _____ C:\windows\system32\perfc007.dat
2013-08-07 22:42 - 2012-07-26 09:28 - 01745416 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-07 22:41 - 2013-08-07 22:41 - 00000000 ____D C:\windows\System32\Tasks\Norton Internet Security
2013-08-07 22:41 - 2013-08-07 22:41 - 00000000 ____D C:\Users\Petra\Documents\Symantec
2013-08-07 22:40 - 2013-08-07 22:40 - 00177312 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2013-08-07 22:40 - 2013-08-07 22:40 - 00007631 _____ C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2013-08-07 22:40 - 2013-08-07 22:40 - 00003234 _____ C:\windows\System32\Tasks\Norton WSC Integration
2013-08-07 22:40 - 2013-08-07 22:40 - 00002586 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-08-07 22:40 - 2013-08-07 22:40 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-08-07 22:40 - 2013-08-07 22:38 - 00000000 ____D C:\windows\system32\Drivers\NISx64
2013-08-07 22:40 - 2013-08-07 22:30 - 00000000 ____D C:\ProgramData\Norton
2013-08-07 22:40 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-08-07 22:38 - 2013-08-07 22:38 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2013-08-07 22:34 - 2013-05-23 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-07 22:33 - 2013-06-12 09:25 - 00000000 ____D C:\ProgramData\AVG2013
2013-08-07 22:33 - 2013-06-12 09:23 - 00000000 ____D C:\Users\Petra\AppData\Local\Avg2013
2013-08-07 22:33 - 2013-06-12 09:23 - 00000000 ____D C:\ProgramData\MFAData
2013-08-07 22:32 - 2013-06-12 09:25 - 00000000 ___HD C:\$AVG
2013-08-07 21:22 - 2013-08-07 21:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-08-06 23:27 - 2013-05-23 11:59 - 00000000 ____D C:\Users\Petra
2013-08-06 15:41 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-02 21:54 - 2013-06-09 14:22 - 00000000 ____D C:\ProgramData\WinZip
2013-08-02 21:24 - 2013-06-09 14:23 - 00000000 ____D C:\Users\Petra\AppData\Local\WinZip
2013-08-02 21:09 - 2013-08-02 21:09 - 02543616 _____ C:\Users\Petra\Downloads\00latest-x64.msi
2013-07-29 21:22 - 2013-07-29 21:22 - 00002274 _____ C:\Users\Public\Desktop\Intel AppUp(R) center.lnk
2013-07-29 21:14 - 2013-07-29 21:14 - 00000000 ____D C:\Users\Petra\Documents\Eigene PaperPort-Dokumente
2013-07-29 21:14 - 2013-07-29 21:14 - 00000000 ____D C:\Users\Petra\AppData\Roaming\ScanSoft
2013-07-17 23:01 - 2013-07-17 23:01 - 00000000 ____D C:\Users\Petra\Desktop\Alte Firefox-Daten
2013-07-17 21:39 - 2013-07-17 21:39 - 00015664 _____ C:\Users\Petra\Documents\cc_20130717_213924.reg
2013-07-17 21:19 - 2012-11-13 19:52 - 00000000 ____D C:\ProgramData\McAfee
2013-07-15 00:05 - 2013-07-15 00:04 - 00358024 _____ C:\windows\system32\FNTCACHE.DAT
2013-07-15 00:02 - 2013-06-02 22:12 - 00000000 ____D C:\Program Files (x86)\Brother
2013-07-15 00:01 - 2013-07-04 22:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-15 00:00 - 2013-05-29 15:16 - 00000000 ____D C:\Program Files (x86)\Plus-HD-2.6
2013-07-15 00:00 - 2013-05-24 08:58 - 00000000 ____D C:\Program Files\CCleaner
2013-07-15 00:00 - 2013-01-11 19:35 - 00000000 ____D C:\Program Files (x86)\Realtek WLAN Driver
2013-07-15 00:00 - 2012-11-13 19:50 - 00000000 ____D C:\Program Files (x86)\Toshiba TEMPRO
2013-07-15 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\System
2013-07-15 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-07-15 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-07-15 00:00 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-14 23:59 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Portable Devices
2013-07-14 23:59 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-07-14 23:59 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-14 23:59 - 2012-07-26 09:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-14 23:58 - 2013-06-09 14:22 - 00000000 ____D C:\Program Files\WinZip
2013-07-14 23:58 - 2013-05-25 10:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-07-14 23:58 - 2013-05-23 12:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-14 23:57 - 2013-05-23 13:50 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Thunderbird
2013-07-14 23:57 - 2013-05-23 12:03 - 00000000 ___RD C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-07-14 23:57 - 2013-05-23 12:03 - 00000000 ___RD C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-07-14 23:57 - 2013-05-23 11:59 - 00000000 ___RD C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-07-14 23:57 - 2013-05-23 11:59 - 00000000 ___RD C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-07-14 23:57 - 2013-05-23 11:59 - 00000000 ___RD C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-07-14 23:57 - 2012-07-26 10:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-07-14 23:56 - 2013-05-23 15:26 - 00000000 ___RD C:\windows\BrowserChoice
2013-07-14 23:56 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2013-07-14 23:56 - 2012-07-26 10:12 - 00000000 ____D C:\windows\Cursors
2013-07-14 23:55 - 2012-07-26 10:12 - 00000000 __RSD C:\windows\Media
2013-07-14 23:55 - 2012-07-26 09:52 - 00000000 ____D C:\windows\ShellNew
2013-07-14 23:55 - 2012-07-26 07:37 - 00000000 ____D C:\windows\servicing
2013-07-14 23:54 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\Com
2013-07-14 23:54 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Dism
2013-07-14 23:53 - 2013-05-23 12:16 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-07-14 23:53 - 2013-05-23 12:03 - 00000000 ____D C:\windows\System32\Tasks\WPD
2013-07-14 23:53 - 2012-11-13 19:50 - 00000000 ____D C:\windows\System32\Tasks\Toshiba
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\WinStore
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\SysWOW64\WinMetadata
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\SysWOW64\migwiz
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\SysWOW64\InstallShield
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\SysWOW64\Com
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\WinMetadata
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\SystemResetPlatform
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\restore
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\Recovery
2013-07-14 23:53 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\migwiz
2013-07-14 23:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\SysWOW64\Dism
2013-07-14 23:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Sysprep
2013-07-14 23:53 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-14 23:42 - 2012-07-26 10:12 - 00000000 ____D C:\windows\registration
2013-07-13 14:05 - 2013-07-13 14:05 - 00000175 _____ C:\windows\system32\Drivers\aswVmm.sys.sum
2013-07-13 14:05 - 2013-07-13 14:05 - 00000175 _____ C:\windows\system32\Drivers\aswSP.sys.sum
2013-07-13 14:05 - 2013-07-13 14:05 - 00000175 _____ C:\windows\system32\Drivers\aswSnx.sys.sum
2013-07-13 14:05 - 2013-07-13 14:05 - 00000000 _____ C:\windows\SysWOW64\config.nt
2013-07-13 14:03 - 2013-07-13 14:03 - 00000000 ____D C:\Program Files\AVAST Software
2013-07-13 14:03 - 2013-07-13 14:01 - 00000000 ____D C:\ProgramData\AVAST Software
2013-07-13 14:01 - 2013-07-13 13:58 - 142369424 _____ C:\Users\Petra\Downloads\avast_pro_antivirus_setup.exe
2013-07-13 13:58 - 2013-07-13 13:56 - 64998780 _____ C:\Users\Petra\Downloads\setup_av_pro(2).exe.part
2013-07-13 13:58 - 2013-07-13 13:55 - 91987104 _____ C:\Users\Petra\Downloads\setup_av_pro(1).exe.part
2013-07-13 13:58 - 2013-07-13 13:55 - 122469520 _____ C:\Users\Petra\Downloads\setup_av_pro.exe
2013-07-13 13:56 - 2013-07-13 13:56 - 00000000 _____ C:\Users\Petra\Downloads\setup_av_pro(2).exe
2013-07-13 13:55 - 2013-07-13 13:55 - 00000000 _____ C:\Users\Petra\Downloads\setup_av_pro(1).exe
2013-07-13 13:39 - 2013-07-13 13:39 - 00817973 _____ C:\Users\Petra\Downloads\adblock_plus-2.2.2.xpi

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-10 17:23

==================== End Of Log ============================
--- --- ---

Am 12.08.2013 09:07, schrieb Trojaner-Board:
> Hallo antepe,
>
> schrauber hat auf das Thema 'Deal Finder unter Windows 8 entfernen' im Forum 'Plagegeister aller Art und deren Bekämpfung' bei Trojaner-Board geantwortet.
>
> Dieses Thema ist hier zu finden:
> http://www.trojaner-board.de/139666-...-new-post.html
>
> Dies ist der Beitrag, der gerade geschrieben wurde:
> ***************
> FRST.txt fehlt :)
> ***************
>
>
> Es könnte noch weitere Antworten auf das Thema geben, jedoch erhalten Sie keine zusätzlichen Benachrichtigungen, bis Sie das Forum wieder besucht haben.
>
> Mit freundlichen Grüßen
>
> Trojaner-Board
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Sie erhalten diese E-Mail, da Sie das Thema 'Deal Finder unter Windows 8 entfernen' abonniert haben.
>
> Informationen zur Abbestellung:
>
> Um das Thema abzubestellen, klicken Sie bitte auf diesen Link:
> http://www.trojaner-board.de/subscri...2c656e766fe19b
>
> Um ALLE Themen abzubestellen, klicken Sie bitte auf diesen Link:
> http://www.trojaner-board.de/subscri...n&folderid=all
>

schrauber 13.08.2013 10:16
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:15 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19