Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   LaptopBildschirm leuchtet schwarz (https://www.trojaner-board.de/158169-laptopbildschirm-leuchtet-schwarz.html)

Jana5683 31.08.2014 19:29
LaptopBildschirm leuchtet schwarz
 
Hallo,
Ich kann meinen Laptop nichtmehr starten,er hat Windows 8 und ging bis gestern ohne Probleme,wenn ich ihn jetzt anmache kommt zuerst wie gewohnt das hp Symbol dann mein Willkommenesbildschirm.
Daraufhin wird der Bildschirm aber schwarz er leuchtet zwar noch aber ist schwarz,die Maus kann ich allerdings trotzdem noch sehen und bewegen ich bin ratlos und für jede Hilfe dankbar..
Ich habe schon probiert in den abgesicherten Modus zu gelangen und auch den letzten kofigurationszustand wiederherzustellen beides ohne Erfolg.
Danke schon mal für die Hilfe .
Liebe Grüße

schrauber 31.08.2014 20:30
Hi,

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Jana5683 31.08.2014 21:43
Habs nicht in Code Tags geschafft :daumenrunter:
Hoffe es geht auch soFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by Jana at 2014-08-31 23:29:25
Running from G:\
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserSafeguard (HKLM-x32\...\Browsersafeguard) (Version:  - Browsersafeguard) <==== ATTENTION
Classic Shell (HKLM\...\{98BB5224-BC5D-4028-9D20-536C1C263AA9}) (Version: 4.0.2 - IvoSoft)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.3026 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.4.3026 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.1.3024 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desk 365 (HKLM-x32\...\Desk 365) (Version: 1.15.10 - 337 Technology Limited.) <==== ATTENTION
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
Die Sims™ 3 Design-Garten-Accessoires (HKLM-x32\...\{117B6BF6-82C3-420C-B284-9247C8568E53}) (Version: 7.0.55 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Lebensfreude (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
Die Sims™ 3 Reiseabenteuer (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.9.1 - Ihr Firmenname)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 - Grundlegende Software für das Gerät (HKLM\...\{9086D601-50B7-491D-A143-28193DADE36B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Hilfe (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{1C5BBAD8-4079-4014-8803-751333FBC112}) (Version: 1.0.8 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.11.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.13.0 - HTC)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IePluginService12.27.0.3326 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3224 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.0.1033 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
NVIDIA Grafiktreiber 311.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.70 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 311.70 (Version: 311.70 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version:  - ) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 1.1.9200.15 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.12.0906 - REALTEK Semiconductor Corp.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.16.31.75 - Client Connect LTD) <==== ATTENTION
Spotify (HKCU\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Studie zur Verbesserung von HP Officejet 6700 Produkten (HKLM\...\{4EE2A4CB-47B0-4412-808C-D556E3940598}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SupTab (HKLM-x32\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
topdeal (HKLM-x32\...\{9B149088-3FB6-875E-C1A4-A25A6E9D278D}) (Version:  - teopdEal)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WPM17.8.0.3325 (HKLM-x32\...\WPM) (Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

31-07-2014 00:10:55 Geplanter Prüfpunkt
09-08-2014 20:12:14 Geplanter Prüfpunkt
18-08-2014 17:01:04 Geplanter Prüfpunkt
22-08-2014 13:28:13 Garmin Express
22-08-2014 13:28:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
27-08-2014 20:51:37 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 08:26 - 2012-07-26 08:26 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0698C224-D46A-4C8D-8592-90A71F40ACD8} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {35CDCE26-E67B-4259-A789-74978C496A03} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe [2014-02-24] (337 Technology Limited.) <==== ATTENTION
Task: {37189418-64E2-45E7-A8E8-3B40A769493F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {38DA6E70-F907-48CA-9FF1-61E13180398A} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-30] (Symantec Corporation)
Task: {3C567A11-A66B-49FC-9951-7356F832A27F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {44E09B8E-ADB9-43DE-9524-24E4D0CB99F5} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION
Task: {50AE197C-1328-4F1D-9FB4-4E1FC0C6F8B2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {530C3199-9D35-4538-B066-478BAB1E08BD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-14] (Adobe Systems Incorporated)
Task: {90B91799-A86A-4FE6-8DB3-D2ADF66D7FEB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {976099A0-C9D8-4120-A6E0-22F5A4C6D636} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B6778BEE-4EFF-45B2-BA91-1F01638B29A6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {C606D238-6D5E-484C-8871-21CD71851958} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {C67E34E7-0FFF-45C7-B7D5-419BCF50C92D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D50AB89B-1C2D-4814-8632-B98DB882068C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {DA08B6C3-7D82-4BCD-AADD-428592E6A8E8} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {E0DBAAAB-53CF-4183-B6E7-F12A3F371974} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {E3BF5546-D96C-4A36-989C-02414AE5F518} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {EA6ADA93-FDF0-42D3-9464-937D8E17B5EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F7799F95-3A2A-4935-A556-36E03355A2B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2014 06:08:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/31/2014 05:41:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20391

Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20391

Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8672

Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8672

Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23047

Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23047


System errors:
=============
Error: (08/31/2014 11:28:17 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:23:41 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:23:33 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:23:28 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:22:57 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:20:40 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:20:32 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:20:26 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:20:15 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/31/2014 11:18:17 PM) (Source: DCOM) (EventID: 10005) (User: Notebook)
Description: 1084ShellHWDetectionNicht verfügbar{DD522ACC-F821-461A-A407-50B198B896DC}


Microsoft Office Sessions:
=========================
Error: (08/31/2014 06:08:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (08/31/2014 05:41:44 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 20391

Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 20391

Error: (08/30/2014 07:47:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8672
#

Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8672

Error: (08/28/2014 00:14:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23047

Error: (08/27/2014 11:39:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23047


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 20%
Total physical RAM: 7962.14 MB
Available physical RAM: 6290.55 MB
Total Pagefile: 9178.14 MB
Available Pagefile: 7816.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:444.38 GB) (Free:345.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (KINGSTON) (Removable) (Total:3.73 GB) (Free:2.62 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 298DD091)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0C)

==================== End Of Log ============================
--- --- ---

schrauber 01.09.2014 14:44
da fehlt noch die FRST.txt :)

Jana5683 01.09.2014 19:59
Ists das ?
Also ich hab irgendwie nur FRST keine ahnung obs das selbe ist :x
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by Jana (administrator) on NOTEBOOK on 31-08-2014 23:24:18
Running from G:\
Platform: Windows 8 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\navw32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-05-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [BrowserSafeguard] => C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe [420352 2014-02-21] (BrowserSafeguard)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [Spotify] => C:\Users\Jana\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-26] (Spotify Ltd)
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [Desk 365] => C:\Program Files (x86)\Desk 365\desk365.exe [1013808 2014-02-24] (337 Technology Limited.)
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135160 2014-01-28] (PC Utilities Software Limited)
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [BrowserSafeguard] => "C:\Users\Jana\AppData\Local\BrowserSafeguard\BrowserSafeguard.exe"
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [InetStat] => C:\Users\Jana\AppData\Roaming\InetStat\inetstat.exe [1325536 2014-07-14] ()
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {1c72053d-e1b6-11e3-be8b-a0d3c15ce10c} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {522a3e75-82c2-11e3-be7d-a0d3c15ce10c} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {5ab8fab4-9bbf-11e3-be7f-a0d3c15ce10c} - "F:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2851490820-193321799-296638527-1002\...\MountPoints2: {95577dba-52a0-11e3-be73-806e6f6e6963} - "E:\Autorun.exe"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [232896 2014-08-15] (Client Connect LTD)
AppInit_DLLs:  C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-05-25] (NVIDIA Corporation)
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2681648 2014-02-24] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [187328 2014-08-15] (Client Connect LTD)
AppInit_DLLs-x32:  c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [201576 2013-05-25] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6700 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6700\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:49333;https=127.0.0.1:49333
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = V9
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = V9
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = V9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = V9
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe V9
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
SearchScopes: HKLM-x32 - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=58&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=58&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393266165&from=adks&uid=TOSHIBAXMQ01ABF050_X3C3CQXXTXXX3C3CQXXT&q={searchTerms}
SearchScopes: HKCU - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF ProfilePath: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\3miphcif.default
FF NewTab: hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691
FF DefaultSearchEngine: Trovi search
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=55&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&SSPV=
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\3miphcif.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2014-08-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013-12-24]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\3miphcif.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=55&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=55&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&SSPV="
CHR NewTab: Default -> "chrome-extension://pelmeidfhdlhlbjimpabfcbnnojbboma/index.html"
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultSearchURL: Default -> http:\/\/www.trovi.com\/Results.aspx?gd=&ctid=CT3325376&octid=EB_ORIGINAL_CTID&ISID=M9E8471E4-28B6-434B-B20A-DA1060B36D78&SearchSource=58&CUI=&UM=6&UP=SP5EB57C92-B171-4E93-93FF-57A8D6588691&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http:\/\/suggest.seccint.com\/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Norton Security Toolbar) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc [2014-07-27]
CHR Extension: (YouTube) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (McAfee Security Scan+) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-22]
CHR Extension: (Extended Protection) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2014-02-24]
CHR Extension: (Google Search) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Coupoonpeak) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohnfbdooelajhmfmdddeannkaebodii [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Quick start) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-03-07]
CHR Extension: (Gmail) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
CHR Extension: (Extutil) - C:\Users\Jana\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-07-27]
CHR Extension: (Extended Protection) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml\1.4_0\ [2014-07-27]
CHR Extension: (Managera) - C:\Users\Jana\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-07-27]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-02]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-24]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-02-24] ()
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-14] (Avira Operations GmbH & Co. KG)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2991552 2014-08-15] (Client Connect LTD)
S2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-06-26] (CyberLink)
S2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-26] (CyberLink)
S2 desksvc; C:\Program Files (x86)\Desk 365\deskSvc.exe [425008 2014-02-24] (337 Technology Limited.)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-05-03] (Hewlett-Packard Development Company, L.P.)
S2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-09] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-09] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-18] (Realtek Semiconductor)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
S2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [493568 2014-02-24] (Cherished Technololgy LIMITED) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-06-04] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-24] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-24] (Symantec Corporation) [File not signed]
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S2 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 HtcVCom32; C:\Windows\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-09] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140223.018\ENG64.SYS [126040 2013-12-24] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140223.018\EX64.SYS [2099288 2013-12-24] (Symantec Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [408136 2013-05-09] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2715208 2013-05-29] (Realtek Semiconductor Corporation                          )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-24] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 23:23 - 2014-08-31 23:24 - 00000000 ____D () C:\FRST
2014-08-31 23:06 - 2014-08-31 23:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\dkjpjtlo.sys
2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\wfsfisfw.sys
2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\qwzaihap.sys
2014-08-31 23:04 - 2014-08-31 23:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-27 23:45 - 2014-08-23 09:47 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 23:45 - 2014-07-16 02:03 - 01300992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:45 - 2014-07-12 05:36 - 01023488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-26 23:34 - 2014-08-28 00:10 - 00318720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-22 18:24 - 2014-07-16 01:51 - 00071168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-22 18:11 - 2014-08-02 03:15 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-22 18:11 - 2014-08-02 03:15 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-22 18:04 - 2014-08-22 18:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-22 17:47 - 2014-06-11 01:44 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-22 17:47 - 2014-06-11 01:43 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-22 17:24 - 2014-08-22 17:24 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(2).exe
2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose.exe
2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(1).exe
2014-08-22 17:10 - 2014-06-13 04:57 - 01453400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-22 17:10 - 2014-06-13 04:55 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-22 17:09 - 2014-07-24 15:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-22 17:09 - 2014-07-24 15:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-22 17:09 - 2014-07-24 15:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-22 17:09 - 2014-07-24 15:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-22 17:09 - 2014-07-24 15:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-22 17:09 - 2014-07-24 15:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-22 17:09 - 2014-07-24 15:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-22 17:09 - 2014-07-24 15:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-22 17:09 - 2014-07-24 13:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-22 17:09 - 2014-07-24 13:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-22 17:09 - 2014-07-24 13:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-22 17:09 - 2014-07-24 13:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-22 17:09 - 2014-07-24 13:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-22 17:09 - 2014-07-24 13:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-22 17:09 - 2014-07-24 13:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-22 17:08 - 2014-08-07 09:33 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-22 17:08 - 2014-08-07 06:09 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-22 17:08 - 2014-07-24 15:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-22 17:08 - 2014-07-24 15:10 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-08-22 17:08 - 2014-07-24 15:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-22 17:08 - 2014-07-24 15:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-22 17:08 - 2014-07-24 15:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-22 17:08 - 2014-07-24 13:52 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-22 17:08 - 2014-07-24 13:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-22 17:08 - 2014-07-24 13:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-22 17:08 - 2014-07-24 13:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-22 17:08 - 2014-07-24 13:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-22 17:08 - 2014-07-24 11:03 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-08-22 17:08 - 2014-07-01 01:42 - 00394240 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-08-22 17:08 - 2014-07-01 01:42 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-08-22 16:59 - 2014-06-06 17:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-08-22 16:59 - 2014-06-06 13:17 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-08-22 16:59 - 2014-06-05 20:56 - 00112984 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-22 16:59 - 2014-06-05 20:30 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-22 16:59 - 2014-06-05 20:29 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-22 16:59 - 2014-06-05 20:29 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-22 16:59 - 2014-06-05 20:28 - 02306560 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-22 16:59 - 2014-06-05 20:28 - 02146304 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-22 16:59 - 2014-06-05 16:12 - 08857600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-22 16:59 - 2014-06-05 16:11 - 02416128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-22 16:59 - 2014-06-05 16:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-22 16:59 - 2014-06-05 16:10 - 02037760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-22 16:59 - 2014-06-05 16:10 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-22 16:58 - 2014-06-20 02:35 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-22 16:58 - 2014-06-20 01:24 - 00694272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-22 16:57 - 2014-06-18 02:27 - 01440256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-22 16:57 - 2014-06-18 02:24 - 01557504 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-22 16:57 - 2014-05-29 07:04 - 00094552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2014-08-22 16:57 - 2014-05-08 04:34 - 00328024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-08-22 16:56 - 2014-06-03 01:33 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2014-08-22 16:55 - 2014-05-30 02:31 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-08-22 16:55 - 2014-05-30 02:03 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-08-22 16:55 - 2014-05-30 02:02 - 01281536 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-22 16:55 - 2014-05-30 02:02 - 00439808 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-08-22 16:55 - 2014-05-30 01:24 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-08-22 16:55 - 2014-05-03 09:34 - 06974808 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-22 16:55 - 2014-05-03 09:33 - 01824808 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-08-22 16:55 - 2014-05-03 07:51 - 01408976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-08-22 16:55 - 2014-05-02 01:37 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-22 16:55 - 2014-04-30 01:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2014-08-22 16:55 - 2014-04-30 01:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2014-08-22 16:55 - 2014-04-24 02:51 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-22 16:55 - 2014-04-24 02:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-22 16:55 - 2014-04-24 02:38 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-22 16:55 - 2014-04-24 02:38 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-22 16:33 - 2014-08-22 16:33 - 00000000 ____D () C:\Users\Jana\Documents\Garmin
2014-08-22 16:33 - 2014-05-20 05:33 - 00059416 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 16:33 - 2014-05-20 02:45 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 16:33 - 2014-05-20 02:45 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 16:33 - 2014-05-20 02:24 - 03286528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 16:33 - 2014-05-20 02:24 - 01623040 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 16:33 - 2014-05-20 02:24 - 00773632 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 16:33 - 2014-05-20 02:24 - 00253440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-22 16:33 - 2014-05-20 02:24 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-08-22 16:33 - 2014-05-20 02:24 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Jana\AppData\Local\Garmin
2014-08-22 16:32 - 2014-05-15 01:43 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 16:32 - 2014-05-15 01:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 16:32 - 2014-05-15 01:42 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 16:32 - 2014-05-15 01:42 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Garmin
2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Program Files\DIFX
2014-08-22 16:30 - 2014-08-22 16:32 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-22 16:30 - 2014-08-22 16:31 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-22 16:30 - 2014-08-22 16:30 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-22 16:30 - 2014-08-22 16:30 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-22 16:30 - 2014-08-22 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-22 16:27 - 2014-08-22 16:27 - 36359240 _____ (Garmin Ltd or its subsidiaries) C:\Users\Jana\Downloads\GarminExpress.exe
2014-08-14 13:42 - 2014-08-14 13:50 - 00034160 _____ () C:\Users\Jana\Documents\W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt
2014-08-14 13:42 - 2014-08-14 13:50 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt#
2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W-Seminar Vorpräsentation.odt#
2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Expose Juni 2014.odt#
2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Arbeitt.odt#
2014-08-12 14:35 - 2014-08-12 14:35 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\NVIDIA

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-31 23:24 - 2014-08-31 23:23 - 00000000 ____D () C:\FRST
2014-08-31 23:23 - 2013-07-22 20:32 - 00829916 _____ () C:\Windows\system32\perfh007.dat
2014-08-31 23:23 - 2013-07-22 20:32 - 00188554 _____ () C:\Windows\system32\perfc007.dat
2014-08-31 23:23 - 2012-07-26 10:28 - 01952918 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-31 23:06 - 2014-08-31 23:06 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\dkjpjtlo.sys
2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\wfsfisfw.sys
2014-08-31 23:05 - 2014-08-31 23:05 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\qwzaihap.sys
2014-08-31 23:04 - 2014-08-31 23:04 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-31 23:01 - 2013-12-21 20:23 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\ClassicShell
2014-08-31 22:38 - 2014-02-16 23:22 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-31 22:38 - 2014-02-16 23:22 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-31 22:37 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\system32\sru
2014-08-31 21:05 - 2013-12-25 12:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-31 21:04 - 2014-02-24 21:24 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-08-31 21:01 - 2012-07-26 10:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-31 19:57 - 2013-12-21 20:20 - 01212359 _____ () C:\Windows\WindowsUpdate.log
2014-08-30 19:43 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-08-28 00:10 - 2014-08-26 23:34 - 00318720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 23:53 - 2012-07-26 10:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 23:44 - 2013-12-25 01:51 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Spotify
2014-08-27 00:44 - 2014-07-14 15:33 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-08-26 23:40 - 2013-12-21 20:22 - 00000000 ____D () C:\Users\Jana\Documents\Youcam
2014-08-26 23:39 - 2014-03-31 22:06 - 00000000 ____D () C:\Users\Jana\AppData\Local\HTC MediaHub
2014-08-26 23:39 - 2013-12-25 01:51 - 00000000 ____D () C:\Users\Jana\AppData\Local\Spotify
2014-08-23 09:47 - 2014-08-27 23:45 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 18:49 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\rescache
2014-08-22 18:07 - 2012-07-26 08:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-22 18:05 - 2012-07-26 11:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-22 18:05 - 2012-07-26 11:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-22 18:05 - 2012-07-26 10:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-22 18:04 - 2014-08-22 18:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-22 18:04 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\WinStore
2014-08-22 18:03 - 2012-07-26 11:12 - 00000000 ___RD () C:\Windows\ToastData
2014-08-22 17:59 - 2013-12-25 22:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-22 17:29 - 2012-08-04 01:23 - 00120134 _____ () C:\Windows\PFRO.log
2014-08-22 17:24 - 2014-08-22 17:24 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(2).exe
2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose.exe
2014-08-22 17:23 - 2014-08-22 17:23 - 01286520 _____ (Netviewer AG) C:\Users\Jana\Downloads\diagnose(1).exe
2014-08-22 17:11 - 2012-07-26 11:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-08-22 16:33 - 2014-08-22 16:33 - 00000000 ____D () C:\Users\Jana\Documents\Garmin
2014-08-22 16:32 - 2014-08-22 16:32 - 00000000 ____D () C:\Users\Jana\AppData\Local\Garmin
2014-08-22 16:32 - 2014-08-22 16:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Garmin
2014-08-22 16:31 - 2014-08-22 16:31 - 00000000 ____D () C:\Program Files\DIFX
2014-08-22 16:31 - 2014-08-22 16:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-22 16:31 - 2013-11-21 12:56 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-22 16:30 - 2014-08-22 16:30 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-22 16:30 - 2014-08-22 16:30 - 00001895 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-22 16:30 - 2014-08-22 16:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-22 16:27 - 2014-08-22 16:27 - 36359240 _____ (Garmin Ltd or its subsidiaries) C:\Users\Jana\Downloads\GarminExpress.exe
2014-08-22 16:26 - 2012-07-26 10:21 - 00054090 _____ () C:\Windows\setupact.log
2014-08-14 13:50 - 2014-08-14 13:42 - 00034160 _____ () C:\Users\Jana\Documents\W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt
2014-08-14 13:50 - 2014-08-14 13:42 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar-Stephen Kings Motiviation zu Roman Carrie.odt#
2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W-Seminar Vorpräsentation.odt#
2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Expose Juni 2014.odt#
2014-08-13 15:56 - 2014-08-13 15:56 - 00000097 ____H () C:\Users\Jana\Documents\.~lock.W Seminar Arbeitt.odt#
2014-08-12 15:25 - 2014-01-19 00:40 - 00202240 ___SH () C:\Users\Jana\Downloads\Thumbs.db
2014-08-12 14:35 - 2014-08-12 14:35 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\NVIDIA
2014-08-09 20:42 - 2014-05-16 15:24 - 00000000 ____D () C:\Users\Jana\Desktop\W Seminar
2014-08-09 19:11 - 2013-12-24 21:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-07 09:33 - 2014-08-22 17:08 - 00712192 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 06:09 - 2014-08-22 17:08 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 03:15 - 2014-08-22 18:11 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 03:15 - 2014-08-22 18:11 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\avgnt.exe
C:\Users\Jana\AppData\Local\Temp\COMAP.EXE
C:\Users\Jana\AppData\Local\Temp\EADFAAA.exe
C:\Users\Jana\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Jana\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Jana\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Jana\AppData\Local\Temp\GoogleSetup.exe
C:\Users\Jana\AppData\Local\Temp\nslDD13.exe
C:\Users\Jana\AppData\Local\Temp\nsnE070.exe
C:\Users\Jana\AppData\Local\Temp\nspB321.exe
C:\Users\Jana\AppData\Local\Temp\nsvA999.exe
C:\Users\Jana\AppData\Local\Temp\nsyAFB5.exe
C:\Users\Jana\AppData\Local\Temp\nsyE3BC.exe
C:\Users\Jana\AppData\Local\Temp\nvvistaservice.exe
C:\Users\Jana\AppData\Local\Temp\setup_292.exe
C:\Users\Jana\AppData\Local\Temp\shmcapture.exe
C:\Users\Jana\AppData\Local\Temp\SHSetup.exe
C:\Users\Jana\AppData\Local\Temp\SPSetup.exe
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite23753.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite26251.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite30209.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite31304.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite34827.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite35277.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite36360.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite39978.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite42443.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite43416.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite62500.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite63562.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite65235.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite65452.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite66299.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite67019.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite68180.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite69607.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite78204.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite87323.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite89320.dll
C:\Users\Jana\AppData\Local\Temp\System.Data.SQLite93625.dll
C:\Users\Jana\AppData\Local\Temp\UninstallEADM.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-27 23:52

==================== End Of Log ============================
--- --- ---

schrauber 02.09.2014 12:06
hi,

Adware & Co. deinstallieren




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jana5683 02.09.2014 13:39
Ich hoffe das ist das richtige :D

Combofix Logfile:
Code:
ComboFix 14-08-31.01 - Jana 02.09.2014  14:25:49.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.49.1031.18.7962.5782 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\ClearThink_iels
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-08-02 bis 2014-09-02  ))))))))))))))))))))))))))))))
.
.
2014-09-02 12:30 . 2014-09-02 12:30        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-09-02 12:00 . 2014-09-02 12:00        17536        ----a-w-        c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-09-02 11:44 . 2014-09-02 11:44        --------        d-----w-        c:\program files (x86)\VS Revo Group
2014-09-02 10:44 . 2014-09-02 10:44        --------        d-----w-        C:\sources
2014-09-02 08:26 . 2014-05-15 01:02        59424        ----a-w-        c:\windows\system32\wuauclt.exe
2014-09-02 08:26 . 2014-05-14 22:43        3286528        ----a-w-        c:\windows\system32\wuaueng.dll
2014-09-02 08:26 . 2014-05-14 22:43        253440        ----a-w-        c:\windows\system32\WUSettingsProvider.dll
2014-09-02 08:26 . 2014-05-14 22:43        1623040        ----a-w-        c:\windows\system32\wucltux.dll
2014-09-02 08:26 . 2014-05-14 22:42        176640        ----a-w-        c:\windows\system32\storewuauth.dll
2014-09-02 08:26 . 2014-09-01 14:38        61072        ----a-w-        c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-02 08:25 . 2013-08-16 05:21        49152        ----a-w-        c:\windows\system32\wups2.dll
2014-09-02 08:25 . 2014-09-02 08:25        --------        d-----w-        c:\program files\Google
2014-09-02 08:24 . 2014-09-02 10:44        --------        d-----w-        c:\program files (x86)\ClearThink
2014-09-02 08:23 . 2014-09-02 08:25        --------        d-----w-        c:\program files (x86)\Google
2014-09-02 08:23 . 2014-09-02 08:23        --------        d-----w-        c:\program files (x86)\WSE_Astromenda
2014-09-02 08:23 . 2014-08-05 17:14        20328        ----a-w-        c:\windows\system32\roboot64.exe
2014-09-02 08:22 . 2014-09-02 08:25        427360        ----a-w-        c:\windows\system32\drivers\aswsp.sys
2014-09-02 08:09 . 2014-09-02 10:41        --------        d-----w-        c:\users\Jana
2014-09-01 23:12 . 2014-09-01 23:12        --------        d-----w-        c:\programdata\Synaptics
2014-09-01 23:03 . 2014-09-01 23:03        --------        d-----w-        c:\program files (x86)\Common Files\Nikon
2014-09-01 22:58 . 2014-09-01 22:58        --------        dc----w-        c:\windows\system32\DRVSTORE
2014-09-01 22:58 . 2013-03-05 10:01        91712        ----a-w-        c:\windows\system32\drivers\CLVirtualDrive.sys
2014-09-01 22:58 . 2014-09-01 22:58        --------        d-----w-        c:\program files (x86)\Common Files\CyberLink
2014-09-01 22:57 . 2014-09-01 23:06        --------        d-----w-        c:\users\Public\CyberLink
2014-09-01 22:54 . 2013-03-05 06:22        41408        ----a-w-        c:\windows\system32\drivers\clwvd.sys
2014-09-01 22:53 . 2014-09-01 23:12        --------        d-----w-        c:\programdata\CyberLink
2014-09-01 22:52 . 2014-09-01 23:03        --------        d-----w-        c:\program files (x86)\CyberLink
2014-09-01 22:51 . 2014-09-01 23:03        --------        d-----w-        c:\programdata\install_clap
2014-09-01 22:48 . 2014-09-01 22:48        --------        d-----w-        c:\programdata\{4A268D42-77A5-4E91-AE73-470ED3BD9CA8}
2014-09-01 22:40 . 2014-09-01 22:40        --------        d-----w-        c:\windows\Hewlett-Packard
2014-09-01 22:40 . 2014-09-01 22:40        --------        d-----w-        c:\programdata\Package Cache
2014-09-01 22:40 . 2014-09-02 11:46        --------        d-----w-        c:\program files (x86)\Hewlett-Packard
2014-09-01 22:39 . 2014-09-01 22:39        --------        d-----w-        c:\programdata\Apple
2014-09-01 22:39 . 2014-09-01 22:39        --------        d-----w-        c:\program files\Bonjour
2014-09-01 22:39 . 2014-09-01 22:39        --------        d-----w-        c:\program files (x86)\Bonjour
2014-09-01 22:39 . 2012-12-01 21:16        390144        ----a-w-        c:\windows\system32\hpbrprtmon.dll
2014-09-01 22:39 . 2012-12-01 21:16        365568        ----a-w-        c:\windows\system32\hpbprtmon.dll
2014-09-01 22:39 . 2012-12-01 21:14        189440        ----a-w-        c:\windows\system32\hpbprtmonui.dll
2014-09-01 22:39 . 2014-09-01 23:05        --------        d-----w-        c:\programdata\Hewlett-Packard
2014-09-01 22:39 . 2013-05-28 21:41        2715208        ----a-w-        c:\windows\system32\drivers\rtwlane.sys
2014-09-01 22:39 . 2012-02-14 17:37        594432        ----a-w-        c:\windows\system32\Rtlihvs.dll
2014-09-01 22:39 . 2010-12-01 07:31        451072        ----a-w-        c:\windows\SysWow64\ISSRemoveSP.exe
2014-09-01 22:39 . 2014-09-01 22:39        --------        d-----w-        c:\program files (x86)\Common Files\Intel Corporation
2014-09-01 22:37 . 2014-09-01 22:37        --------        d-----w-        c:\programdata\NVIDIA Corporation
2014-09-01 22:36 . 2013-06-03 17:38        64000        ----a-w-        c:\windows\system32\OpenCL.DLL
2014-09-01 22:36 . 2013-06-03 17:38        60416        ----a-w-        c:\windows\SysWow64\OpenCL.DLL
2014-09-01 22:35 . 2013-04-10 19:09        801864        ----a-w-        c:\windows\system32\drivers\Rt630x64.sys
2014-09-01 22:35 . 2013-04-10 19:09        73800        ----a-w-        c:\windows\system32\RtNicProp64.dll
2014-09-01 22:32 . 2014-09-01 22:32        --------        d-----w-        c:\windows\SysWow64\sda
2014-09-01 22:32 . 2014-09-01 23:03        --------        d--h--w-        c:\program files (x86)\InstallShield Installation Information
2014-09-01 22:32 . 2013-05-16 19:29        288840        ----a-w-        c:\windows\system32\drivers\RtsP2Stor.sys
2014-09-01 22:32 . 2013-05-08 23:35        408136        ----a-w-        c:\windows\system32\drivers\RtsPer.sys
2014-09-01 22:32 . 2014-09-01 22:39        --------        d-----w-        c:\program files (x86)\Realtek
2014-09-01 22:32 . 2013-05-21 18:45        8192        ----a-w-        c:\windows\system32\drivers\IntelMEFWVer.dll
2014-09-01 22:32 . 2014-09-01 22:38        --------        d-----w-        c:\programdata\Intel
2014-09-01 22:32 . 2014-09-01 22:38        --------        d-----w-        c:\program files\Intel
2014-09-01 22:31 . 2014-09-01 22:31        --------        d-----w-        c:\program files (x86)\Common Files\postureAgent
2014-09-01 22:31 . 2014-09-01 22:31        --------        d-----w-        c:\program files\Synaptics
2014-09-01 22:30 . 2014-09-01 22:36        --------        d-----w-        c:\program files (x86)\Intel
2014-09-01 22:30 . 2013-02-27 23:37        53248        ----a-w-        c:\windows\SysWow64\CSVer.dll
2014-09-01 22:30 . 2014-09-01 22:30        --------        d-----w-        C:\Intel
2014-09-01 22:27 . 2014-09-01 22:27        --------        d-----w-        C:\Recovery
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-02 08:09 . 2012-07-26 08:13        23256        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7e6d4e3e-fc66-4036-9799-ce5c625c4c56}]
2014-09-02 08:24        250096        ----a-w-        c:\program files (x86)\ClearThink\ClearThinkbho.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BRS"="c:\program files (x86)\WSE_Astromenda\BRS\brs.exe" [2014-09-02 1072128]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-09-02 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AccelerometerSysTrayApplet"="c:\program files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe" [2013-03-01 77088]
"HPMessageService"="c:\program files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe" [2013-05-03 1045304]
"YouCam Service"="c:\program files (x86)\CyberLink\YouCam\YouCamService.exe" [2013-05-22 267224]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-02 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys;c:\windows\SYSNATIVE\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE;c:\program files\Realtek\Audio\HDA\AERTSr64.EXE [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [x]
S2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe;c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 Update ClearThink;Update ClearThink;c:\program files (x86)\ClearThink\updateClearThink.exe;c:\program files (x86)\ClearThink\updateClearThink.exe [x]
S2 Util ClearThink;Util ClearThink;c:\program files (x86)\ClearThink\bin\utilClearThink.exe;c:\program files (x86)\ClearThink\bin\utilClearThink.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost        REG_MULTI_SZ          apphostsvc
iissvcs        REG_MULTI_SZ          w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-02 08:24        1096520        ----a-w-        c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 08:23]
.
2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 08:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-02 08:22        634872        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-05-28 7188552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-07-03 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-07-03 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-07-03 444400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\62ogzq68.default\
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{C88F84E5-AE23-44BD-922C-2ABEACACAF7A} - c:\program files (x86)\InstallShield Installation Information\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Zeit der Fertigstellung: 2014-09-02  14:32:41
ComboFix-quarantined-files.txt  2014-09-02 12:32
.
Vor Suchlauf: 11 Verzeichnis(se), 437.850.660.864 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 437.704.470.528 Bytes frei
.
- - End Of File - - D63919489D41F2999842F516F32FEA7E
--- --- ---
5FB38429D5D77768867C76DCBDB35194

schrauber 03.09.2014 09:54
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131