Windows 7 Kriege webssearches.com nicht los

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.20.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Florian :: FLORIAN-PC [Administrator]

20.03.2014 20:09:29
mbam-log-2014-03-20 (20-09-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 446416
Laufzeit: 1 Stunde(n), 9 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (PUP.Optional.ReMarkIt.A) -> 2884 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dca61e6f-f420-49bc-9033-10f33061f36b (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\Software\Mozilla\Firefox\Extensions|{9de4648a-524c-4370-be43-9826d3f44208} (PUP.Optional.ReMarkit.A) -> Daten: C:\Program Files (x86)\Re-markit-soft\157.xpi -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Re-markit-soft (PUP.Optional.ReMarkIt.A) -> Löschen bei Neustart.

Infizierte Dateien: 41
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bg.exe.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bho.dll.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-bho64.dll.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-chromeinstaller.exe.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-codedownloader.exe.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-enabler.exe.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-firefoxinstaller.exe.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\HQTotalS-updater.exe.vir (PUP.Optional.HQTotalS.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HQTotalS\utils.exe.vir (PUP.Optional.HQVideoPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir (PUP.Optional.IEPluginService.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir (PUP.Optional.WpManager) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Florian\AppData\Roaming\SupTab\SupTab.dll.vir (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Florian\AppData\Roaming\VOPackage\Uninstall.exe.vir (PUP.Optional.SilenceInstall) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\AdwCleaner\Quarantine\C\Users\Florian\AppData\Roaming\VOPackage\VOPackage.exe.vir (PUP.Optional.SilenceInstall) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IXWDMX0L\SpeedUpMyPC-standalone-setup[1].exe (PUP.Optional.SpeedUpMyPC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\Java.exe (PUP.Optional.DomalQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\71b58e3b-2b97-40b0-b659-7d7a6dbaa7ae\android.exe (Trojan.Android.NSD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\71b58e3b-2b97-40b0-b659-7d7a6dbaa7ae\software\speedupmypc.exe (PUP.Optional.SpeedUpMyPC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\71b58e3b-2b97-40b0-b659-7d7a6dbaa7ae\software\tugs_webssearches.exe (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\71b58e3b-2b97-40b0-b659-7d7a6dbaa7ae\software\VOPackage.exe (PUP.Optional.SilenceInstall) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\android\android.exe (Trojan.Android.NSD) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\fullpackage_temp1395341303\alilog.dll (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\fullpackage_temp1395341303\package1.zip (PUP.Optional.SkyTech.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\fullpackage_temp1395341303\tmp\SupTab.exe (PUP.Optional.SupTab.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\fullpackage_temp1395341303\tmp\wpm.exe (PUP.Optional.WpManager) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\AppData\Local\Temp\is-REQME.tmp\SpeedUpMyPC-standalone-setup.exe (PUP.Optional.SpeedUpMyPC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Florian\Downloads\Java.exe (PUP.Optional.DomalQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Tasks\Re-markit_wd.job (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\157.crx (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\157.dat (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\157.xpi (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\a.db (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\b.db (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.bin (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.exe (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\Re-markit157.ini (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\Re-markit_wd.exe (PUP.Optional.ReMarkIt.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Re-markit-soft\ReMar.exe (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\Sqlite3.dll (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Re-markit-soft\Uninstall.exe (PUP.Optional.ReMarkIt.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:59 on 20/03/2014 (Florian)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Florian (administrator) on FLORIAN-PC on 20-03-2014 22:00:42
Running from C:\Users\Florian\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
() C:\Program Files\Activ Software\ActivDriver\activmgr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Aware.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Marker.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [ActivControl] - C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [1233704 2009-10-22] (Promethean Technologies Group Ltd)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [SMART Board Service] - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [5893488 2011-01-25] (SMART Technologies)
HKLM-x32\...\Run: [SMART SNMP Agent] - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [1678704 2011-01-25] (SMART Technologies ULC)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2302751773-2623321019-3189922634-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cyber-shot Viewer-Medien-Prüfung.lnk
ShortcutTarget: Cyber-shot Viewer-Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MAARJS;
SearchScopes: HKLM-x32 - {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MAARJS;
SearchScopes: HKCU - DefaultScope {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = 
SearchScopes: HKCU - {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = 
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\3c0b4ouk.default-1384793429543
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-18] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 ActivHidSerMini; C:\Windows\System32\DRIVERS\activhidsermini.sys [65152 2009-05-05] (Promethean Technologies Ltd)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [8152 2009-10-05] (Promethean Technologies Ltd)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-01-25] (SMART Technologies ULC)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-01-25] (SMART Technologies ULC)
R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-01-25] (SMART Technologies ULC)
U4 esgiguard; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 22:00 - 2014-03-20 22:01 - 00016928 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-03-20 22:00 - 2014-03-20 22:00 - 00000000 ____D () C:\FRST
2014-03-20 21:59 - 2014-03-20 21:59 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-03-20 21:58 - 2014-03-20 21:59 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-03-20 21:58 - 2014-03-20 21:58 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-03-20 21:56 - 2014-03-20 21:56 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-03-20 21:44 - 2014-03-20 21:44 - 00001009 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-03-20 21:38 - 2014-03-20 21:38 - 01037734 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-03-20 21:28 - 2014-03-20 21:28 - 01950720 _____ () C:\Users\Florian\Desktop\adwcleaner.exe
2014-03-20 19:58 - 2014-03-20 19:59 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022(1).exe
2014-03-20 19:54 - 2014-03-20 21:34 - 00000000 ____D () C:\AdwCleaner
2014-03-20 19:53 - 2014-03-20 19:53 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022.exe
2014-03-20 19:51 - 2014-03-20 20:11 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-20 19:51 - 2014-03-20 19:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-20 19:51 - 2014-03-20 19:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-20 19:51 - 2014-03-20 19:51 - 00002834 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-20 19:51 - 2014-03-20 19:51 - 00001222 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.quick.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000322 _____ () C:\Users\Florian\AppData\Roaming\aps.uninstall.scan.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000000 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.results
2014-03-20 19:49 - 2014-03-20 19:49 - 00001977 _____ () C:\Users\Florian\Desktop\Sync Folder.lnk
2014-03-20 19:48 - 2014-03-20 19:48 - 01172664 _____ (AnyProtect.com) C:\Users\Florian\AppData\Local\nsc1567.tmp
2014-03-20 19:48 - 2014-03-20 19:48 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-18 17:04 - 2014-03-18 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-14 19:53 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 19:53 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 19:53 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 19:53 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 19:53 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 19:53 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 19:53 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 19:53 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 19:53 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 19:53 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 19:53 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 19:53 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 19:53 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 19:53 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 19:53 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 19:53 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 19:53 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 19:53 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 19:53 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 19:53 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 19:53 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 19:53 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 19:53 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 19:53 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 19:53 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 19:53 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 19:53 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 19:53 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 19:53 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 19:53 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 19:53 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 19:53 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 19:53 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 19:53 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 19:53 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 19:53 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 19:53 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 19:53 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 19:53 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 19:53 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 19:53 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 19:53 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 19:53 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 19:53 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 19:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 19:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 19:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 19:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-23 20:41 - 2014-02-23 20:41 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

2014-03-20 22:01 - 2014-03-20 22:00 - 00016928 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-03-20 22:00 - 2014-03-20 22:00 - 00000000 ____D () C:\FRST
2014-03-20 21:59 - 2014-03-20 21:59 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-03-20 21:59 - 2014-03-20 21:58 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-03-20 21:58 - 2014-03-20 21:58 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-03-20 21:58 - 2013-09-09 08:52 - 00000000 ____D () C:\Users\Florian
2014-03-20 21:56 - 2014-03-20 21:56 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-03-20 21:46 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 21:46 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 21:44 - 2014-03-20 21:44 - 00001009 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-03-20 21:43 - 2013-04-28 01:10 - 00700986 _____ () C:\Windows\system32\perfh007.dat
2014-03-20 21:43 - 2013-04-28 01:10 - 00149886 _____ () C:\Windows\system32\perfc007.dat
2014-03-20 21:43 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 21:42 - 2012-12-25 10:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 21:41 - 2013-10-30 20:28 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Florian-PC-Florian Florian-PC
2014-03-20 21:38 - 2014-03-20 21:38 - 01037734 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-03-20 21:38 - 2013-04-27 15:18 - 01049966 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 21:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 21:35 - 2009-07-14 05:51 - 00058133 _____ () C:\Windows\setupact.log
2014-03-20 21:34 - 2014-03-20 19:54 - 00000000 ____D () C:\AdwCleaner
2014-03-20 21:28 - 2014-03-20 21:28 - 01950720 _____ () C:\Users\Florian\Desktop\adwcleaner.exe
2014-03-20 21:23 - 2010-11-21 04:47 - 00073494 _____ () C:\Windows\PFRO.log
2014-03-20 20:47 - 2013-09-09 11:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-20 20:11 - 2014-03-20 19:51 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-20 19:59 - 2014-03-20 19:58 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022(1).exe
2014-03-20 19:56 - 2014-03-20 19:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-20 19:56 - 2014-03-20 19:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-20 19:55 - 2013-09-09 08:53 - 00000000 ___RD () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 19:53 - 2014-03-20 19:53 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022.exe
2014-03-20 19:51 - 2014-03-20 19:51 - 00002834 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-20 19:51 - 2014-03-20 19:51 - 00001222 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.quick.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000322 _____ () C:\Users\Florian\AppData\Roaming\aps.uninstall.scan.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000000 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.results
2014-03-20 19:49 - 2014-03-20 19:49 - 00001977 _____ () C:\Users\Florian\Desktop\Sync Folder.lnk
2014-03-20 19:48 - 2014-03-20 19:48 - 01172664 _____ (AnyProtect.com) C:\Users\Florian\AppData\Local\nsc1567.tmp
2014-03-20 19:48 - 2014-03-20 19:48 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-20 19:48 - 2013-09-09 10:13 - 00001609 _____ () C:\Users\Florian\Desktop\Internet Explorer (64-bit).lnk
2014-03-20 19:48 - 2013-09-09 10:00 - 00001369 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-20 19:48 - 2013-09-09 08:53 - 00001643 _____ () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 19:48 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-20 19:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-20 19:23 - 2013-09-09 14:58 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-03-20 19:16 - 2013-09-09 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 15:41 - 2013-11-18 22:35 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-18 18:01 - 2013-09-09 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 18:00 - 2013-09-09 09:38 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:04 - 2014-03-18 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-16 16:48 - 2013-09-12 15:51 - 00043276 _____ () C:\Users\Florian\ACTIVstudioError.log
2014-03-16 16:42 - 2014-02-07 14:42 - 05128584 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-16 16:42 - 2012-12-25 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 16:42 - 2012-12-25 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 16:42 - 2012-12-25 10:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-15 17:20 - 2009-07-14 05:45 - 00416600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 17:19 - 2013-09-09 15:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 17:19 - 2012-12-25 09:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 21:28 - 2013-09-10 14:15 - 00000000 ____D () C:\Users\Florian\Documents\Floh Privat
2014-03-09 20:08 - 2013-09-09 19:40 - 00000000 ____D () C:\Users\Florian\Documents\SCHULE
2014-03-07 21:13 - 2013-09-09 08:53 - 00000000 ____D () C:\Users\Florian\AppData\Local\VirtualStore
2014-03-01 07:05 - 2014-03-14 19:53 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 19:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 19:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 19:53 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 19:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 19:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 19:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 19:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 19:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 19:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 19:53 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 19:53 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 19:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 19:53 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 19:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 19:53 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 19:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 19:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 19:53 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 19:53 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 19:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 19:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 19:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 19:53 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 19:53 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 19:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 19:53 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 19:53 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 19:53 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 19:53 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 19:53 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 19:53 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 19:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 19:53 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 19:53 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 19:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-23 20:42 - 2012-12-25 10:07 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-23 20:41 - 2014-02-23 20:41 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Florian\AppData\Local\Temp\installhelper.dll
C:\Users\Florian\AppData\Local\Temp\promote-upx.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Florian\AppData\Local\Temp\SHSetup.exe
C:\Users\Florian\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Florian\AppData\Local\Temp\_isB396.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 17:01

==================== End Of Log ============================
         

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Florian (administrator) on FLORIAN-PC on 20-03-2014 22:00:42
Running from C:\Users\Florian\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Promethean Technologies Group Ltd) C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
() C:\Program Files\Activ Software\ActivDriver\activmgr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Aware.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Marker.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
(SMART Technologies) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
(SMART Technologies ULC) C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor)
HKLM\...\Run: [ActivControl] - C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [1233704 2009-10-22] (Promethean Technologies Group Ltd)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [155648 2003-10-14] (Scansoft, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [57393 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [IndexSearch] - C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [40960 2004-03-09] (ScanSoft, Inc.)
HKLM-x32\...\Run: [SMART Board Service] - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe [5893488 2011-01-25] (SMART Technologies)
HKLM-x32\...\Run: [SMART SNMP Agent] - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe [1678704 2011-01-25] (SMART Technologies ULC)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2302751773-2623321019-3189922634-1000\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3642312 2013-05-16] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
Startup: C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Cyber-shot Viewer-Medien-Prüfung.lnk
ShortcutTarget: Cyber-shot Viewer-Medien-Prüfung.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MAARJS;
SearchScopes: HKLM-x32 - {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE9TR&src=IE9TR&pc=MAARJS;
SearchScopes: HKCU - DefaultScope {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = 
SearchScopes: HKCU - {61A3AE2D-6261-4E4E-AB25-DD4BFC02948E} URL = 
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\3c0b4ouk.default-1384793429543
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1395341315&from=tugs&uid=ST500DM002-1BD142_Z3TF1MV2XXXXZ3TF1MV2

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2169016 2014-03-01] (Microsoft Corporation)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-14] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-07-19] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-11-18] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-11-04] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-11-04] (Secunia)

==================== Drivers (Whitelisted) ====================

R3 ActivHidSerMini; C:\Windows\System32\DRIVERS\activhidsermini.sys [65152 2009-05-05] (Promethean Technologies Ltd)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
R3 prmvmouse; C:\Windows\System32\DRIVERS\activmouse.sys [8152 2009-10-05] (Promethean Technologies Ltd)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-11-04] (Secunia)
R3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [13168 2011-01-25] (SMART Technologies ULC)
R3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [16368 2011-01-25] (SMART Technologies ULC)
R3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [24944 2011-01-25] (SMART Technologies ULC)
U4 esgiguard; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-20 22:00 - 2014-03-20 22:01 - 00016928 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-03-20 22:00 - 2014-03-20 22:00 - 00000000 ____D () C:\FRST
2014-03-20 21:59 - 2014-03-20 21:59 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-03-20 21:58 - 2014-03-20 21:59 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-03-20 21:58 - 2014-03-20 21:58 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-03-20 21:56 - 2014-03-20 21:56 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-03-20 21:44 - 2014-03-20 21:44 - 00001009 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-03-20 21:38 - 2014-03-20 21:38 - 01037734 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-03-20 21:28 - 2014-03-20 21:28 - 01950720 _____ () C:\Users\Florian\Desktop\adwcleaner.exe
2014-03-20 19:58 - 2014-03-20 19:59 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022(1).exe
2014-03-20 19:54 - 2014-03-20 21:34 - 00000000 ____D () C:\AdwCleaner
2014-03-20 19:53 - 2014-03-20 19:53 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022.exe
2014-03-20 19:51 - 2014-03-20 20:11 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-20 19:51 - 2014-03-20 19:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-20 19:51 - 2014-03-20 19:56 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-20 19:51 - 2014-03-20 19:51 - 00002834 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-20 19:51 - 2014-03-20 19:51 - 00001222 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.quick.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000322 _____ () C:\Users\Florian\AppData\Roaming\aps.uninstall.scan.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000000 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.results
2014-03-20 19:49 - 2014-03-20 19:49 - 00001977 _____ () C:\Users\Florian\Desktop\Sync Folder.lnk
2014-03-20 19:48 - 2014-03-20 19:48 - 01172664 _____ (AnyProtect.com) C:\Users\Florian\AppData\Local\nsc1567.tmp
2014-03-20 19:48 - 2014-03-20 19:48 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-18 17:04 - 2014-03-18 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-14 19:53 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 19:53 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 19:53 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-14 19:53 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 19:53 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-14 19:53 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-14 19:53 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 19:53 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-14 19:53 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 19:53 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 19:53 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-14 19:53 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-14 19:53 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-14 19:53 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-14 19:53 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-14 19:53 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-14 19:53 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-14 19:53 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 19:53 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-14 19:53 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-14 19:53 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-14 19:53 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-14 19:53 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-14 19:53 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 19:53 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-14 19:53 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-14 19:53 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-14 19:53 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 19:53 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 19:53 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-14 19:53 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-14 19:53 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 19:53 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-14 19:53 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-14 19:53 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-14 19:53 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 19:53 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-14 19:53 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-14 19:53 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-14 19:53 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-14 19:53 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 19:53 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 19:53 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-14 19:53 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-14 19:51 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-14 19:51 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 19:51 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-14 19:51 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-02-23 20:41 - 2014-02-23 20:41 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

==================== One Month Modified Files and Folders =======

2014-03-20 22:01 - 2014-03-20 22:00 - 00016928 _____ () C:\Users\Florian\Desktop\FRST.txt
2014-03-20 22:00 - 2014-03-20 22:00 - 00000000 ____D () C:\FRST
2014-03-20 21:59 - 2014-03-20 21:59 - 02157056 _____ (Farbar) C:\Users\Florian\Desktop\FRST64.exe
2014-03-20 21:59 - 2014-03-20 21:58 - 00000476 _____ () C:\Users\Florian\Desktop\defogger_disable.log
2014-03-20 21:58 - 2014-03-20 21:58 - 00000000 _____ () C:\Users\Florian\defogger_reenable
2014-03-20 21:58 - 2013-09-09 08:52 - 00000000 ____D () C:\Users\Florian
2014-03-20 21:56 - 2014-03-20 21:56 - 00050477 _____ () C:\Users\Florian\Desktop\Defogger.exe
2014-03-20 21:46 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-20 21:46 - 2009-07-14 05:45 - 00016768 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-20 21:44 - 2014-03-20 21:44 - 00001009 _____ () C:\Users\Florian\Desktop\JRT.txt
2014-03-20 21:43 - 2013-04-28 01:10 - 00700986 _____ () C:\Windows\system32\perfh007.dat
2014-03-20 21:43 - 2013-04-28 01:10 - 00149886 _____ () C:\Windows\system32\perfc007.dat
2014-03-20 21:43 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-20 21:42 - 2012-12-25 10:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-20 21:41 - 2013-10-30 20:28 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Florian-PC-Florian Florian-PC
2014-03-20 21:38 - 2014-03-20 21:38 - 01037734 _____ (Thisisu) C:\Users\Florian\Desktop\JRT.exe
2014-03-20 21:38 - 2013-04-27 15:18 - 01049966 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 21:35 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 21:35 - 2009-07-14 05:51 - 00058133 _____ () C:\Windows\setupact.log
2014-03-20 21:34 - 2014-03-20 19:54 - 00000000 ____D () C:\AdwCleaner
2014-03-20 21:28 - 2014-03-20 21:28 - 01950720 _____ () C:\Users\Florian\Desktop\adwcleaner.exe
2014-03-20 21:23 - 2010-11-21 04:47 - 00073494 _____ () C:\Windows\PFRO.log
2014-03-20 20:47 - 2013-09-09 11:46 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-20 20:11 - 2014-03-20 19:51 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-03-20 19:59 - 2014-03-20 19:58 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022(1).exe
2014-03-20 19:56 - 2014-03-20 19:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-03-20 19:56 - 2014-03-20 19:51 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-03-20 19:55 - 2013-09-09 08:53 - 00000000 ___RD () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-20 19:53 - 2014-03-20 19:53 - 01950720 _____ () C:\Users\Florian\Downloads\adwcleaner_3.022.exe
2014-03-20 19:51 - 2014-03-20 19:51 - 00002834 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-03-20 19:51 - 2014-03-20 19:51 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-03-20 19:51 - 2014-03-20 19:51 - 00001222 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.quick.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000322 _____ () C:\Users\Florian\AppData\Roaming\aps.uninstall.scan.results
2014-03-20 19:51 - 2014-03-20 19:51 - 00000000 _____ () C:\Users\Florian\AppData\Roaming\aps.scan.results
2014-03-20 19:49 - 2014-03-20 19:49 - 00001977 _____ () C:\Users\Florian\Desktop\Sync Folder.lnk
2014-03-20 19:48 - 2014-03-20 19:48 - 01172664 _____ (AnyProtect.com) C:\Users\Florian\AppData\Local\nsc1567.tmp
2014-03-20 19:48 - 2014-03-20 19:48 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-03-20 19:48 - 2013-09-09 10:13 - 00001609 _____ () C:\Users\Florian\Desktop\Internet Explorer (64-bit).lnk
2014-03-20 19:48 - 2013-09-09 10:00 - 00001369 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-20 19:48 - 2013-09-09 08:53 - 00001643 _____ () C:\Users\Florian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-20 19:48 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-03-20 19:48 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-03-20 19:23 - 2013-09-09 14:58 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-03-20 19:16 - 2013-09-09 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 15:41 - 2013-11-18 22:35 - 00000000 ____D () C:\ProgramData\ProductData
2014-03-18 18:01 - 2013-09-09 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 18:00 - 2013-09-09 09:38 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:04 - 2014-03-18 17:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-16 16:48 - 2013-09-12 15:51 - 00043276 _____ () C:\Users\Florian\ACTIVstudioError.log
2014-03-16 16:42 - 2014-02-07 14:42 - 05128584 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-16 16:42 - 2012-12-25 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-16 16:42 - 2012-12-25 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-16 16:42 - 2012-12-25 10:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-15 17:20 - 2009-07-14 05:45 - 00416600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 17:19 - 2013-09-09 15:28 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 17:19 - 2012-12-25 09:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 21:28 - 2013-09-10 14:15 - 00000000 ____D () C:\Users\Florian\Documents\Floh Privat
2014-03-09 20:08 - 2013-09-09 19:40 - 00000000 ____D () C:\Users\Florian\Documents\SCHULE
2014-03-07 21:13 - 2013-09-09 08:53 - 00000000 ____D () C:\Users\Florian\AppData\Local\VirtualStore
2014-03-01 07:05 - 2014-03-14 19:53 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-14 19:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-14 19:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-14 19:53 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-14 19:53 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-14 19:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-14 19:53 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-14 19:53 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-14 19:53 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-14 19:53 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-14 19:53 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-14 19:53 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-14 19:53 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-14 19:53 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-14 19:53 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-14 19:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-14 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-14 19:53 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-14 19:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-14 19:53 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-14 19:53 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-14 19:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-14 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-14 19:53 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-14 19:53 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-14 19:53 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-14 19:53 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-14 19:53 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-14 19:53 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-14 19:53 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-14 19:53 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-14 19:53 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-14 19:53 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-14 19:53 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-14 19:53 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-14 19:53 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-14 19:53 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-14 19:53 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-14 19:53 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-14 19:53 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-23 20:42 - 2012-12-25 10:07 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-02-23 20:41 - 2014-02-23 20:41 - 00000000 ____D () C:\Windows\SysWOW64\Adobe

Some content of TEMP:
====================
C:\Users\Florian\AppData\Local\Temp\avgnt.exe
C:\Users\Florian\AppData\Local\Temp\BackupSetup.exe
C:\Users\Florian\AppData\Local\Temp\installhelper.dll
C:\Users\Florian\AppData\Local\Temp\promote-upx.exe
C:\Users\Florian\AppData\Local\Temp\Quarantine.exe
C:\Users\Florian\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Florian\AppData\Local\Temp\SHSetup.exe
C:\Users\Florian\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Florian\AppData\Local\Temp\_isB396.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-11 17:01

==================== End Of Log ============================
         

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-20 22:10:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST500DM002-1BD142 rev.KC45 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Florian\AppData\Local\Temp\awdiyfob.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 632                                                                                                                      fffff8000f9a7068 92 bytes JMP fffff8010f920be1
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 725                                                                                                                      fffff8000f9a70c5 59 bytes {SHR CL, 0xa3; STOSD ; CMC ; DEC DWORD [RBX+RCX*4-0x3a]; JMP 0xfffffffffff5abc7}

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[2364] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                             00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe[2364] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                            00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                   00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                            00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[2104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                           00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Aware.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Aware.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                               00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe[5092] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                        00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe[5092] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                       00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                             00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[5104] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                            00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                            00000000766a1465 2 bytes [6A, 76]
.text     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                           00000000766a14bb 2 bytes [6A, 76]
.text     ...                                                                                                                                                                                     * 2
---- Processes - GMER 2.1 ----

Library   C:\ProgramData\ACTIV Software\ActivApplications\ActivFocusHook.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1476](2                                                     0000000180000000
Library   C:\ProgramData\ACTIV Software\ActivApplications\ActivFocusHook.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1604](2013-09-12                                                 0000000180000000
Library   C:\ProgramData\ACTIV Software\ActivApplications\ActivFocusHook.dll (*** suspicious ***) @ C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe [2172](2013-09-12 14:45:18)  0000000001f00000

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----