Awesomehp als Startseite und ich bekomme es einfach nicht weg, bitte um Hilfe!!!

Glasi · 26.03.2014, 21:00

Hallöchen Forumfreunde,

wir haben auf unserem Laptop leider Awesomehp als Startseite und bekommen es nicht weg.

Habt ihr vielleicht eine Idee? Besten Danke schon einmal.

mort · 26.03.2014, 21:08

Hallo, Glasi und

Bitte poste alle deine Logs in Code-Tags: [CODE]Hier der inhalt des Logs[/CODE]. Falls die Logs zu lang sein, teile deine Logs bitte auf.

Schritt 1

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Glasi · 28.03.2014, 22:55

Sorry, hat bissel gedauert.

Hoffe das ist jetzt so richtig.

Hab jetzt FRST 64-Bit ausgeführt

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Anne (administrator) on ANNE-PC on 28-03-2014 22:51:29
Running from C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4AJ6AO8
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
(SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [231768 2012-08-15] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-02-08] ()
HKLM-x32\...\Run: [Registry Helper] - "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [iLivid] - "C:\Users\Anne\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\RunOnce: [FlashPlayerUpdate] - C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe [841096 2014-02-22] (Adobe Systems Incorporated)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: G - G:\PMCsetup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {22ff0f9e-082b-11e3-91c0-e8039a19df1f} - G:\PMCsetup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {5a02180a-cdca-11e1-ae36-e8039a19df1f} - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {5a021810-cdca-11e1-ae36-e8039a19df1f} - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Command Processor: "C:\Users\Anne\AppData\Local\Temp\roahsneaeskqgnuyb.exe" <===== ATTENTION!
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/MCM_WCP
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=3231
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=3231&bs=true&q=
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1394215767&from=tugs&uid=SAMSUNGXHN-M500MBB_S2R7J9HBA03877&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=161&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0725126720424123&q={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={2E5BDE81-51E7-11E2-ACDD-E8039A19DF1F}
BHO: freeven - {11111111-1111-1111-1111-110511161182} - C:\Program Files (x86)\freeven\freeven-bho64.dll (freeven)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: freeven - {11111111-1111-1111-1111-110511161182} - C:\Program Files (x86)\freeven\freeven-bho.dll (freeven)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -  No File
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: DealPly - {EF7BD87A-8024-11E2-F316-F3E56188709B} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly)
BHO-x32: smartdownloader Class - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files (x86)\PutLockerDownloader\smarterdownloader.dll (TODO: <Company name>)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Web Search.xml
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-01-04]
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-01-04]
FF Extension: PutLockerDownloader - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-29]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1447728 2013-05-21] ()
R2 Level Quality Watcher; C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe [710976 2014-01-27] ()
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-07] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-07-15] (GEAR Software Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-10] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-28 22:50 - 2014-03-28 22:51 - 00000000 ____D () C:\FRST
2014-03-28 22:50 - 2014-03-28 22:50 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64 (1).exe
2014-03-28 22:49 - 2014-03-28 22:49 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2014-03-26 20:50 - 2014-03-26 21:46 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Nico Mak Computing
2014-03-23 20:24 - 2014-03-23 20:50 - 00000047 _____ () C:\Users\Anne\Desktop\Neues Textdokument.txt
2014-03-21 21:42 - 2014-03-23 20:59 - 00000000 ____D () C:\Users\Anne\Desktop\Neuer Ordner
2014-03-20 22:04 - 2014-03-20 22:05 - 00000000 ____D () C:\Users\Anne\AppData\Local\{230FA9B9-4BCD-45B2-9149-63EE6F77BEB9}
2014-03-19 21:45 - 2014-03-21 22:42 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live
2014-03-19 21:44 - 2014-03-19 21:44 - 00000000 ____D () C:\Users\Anne\AppData\Local\{39843DF1-BFDE-4612-8168-AECAB884BB0E}
2014-03-19 21:31 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-19 21:31 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-19 21:31 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-19 21:31 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-19 21:31 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-19 21:31 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-19 21:31 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-19 21:31 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-19 21:31 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-19 21:31 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-19 21:31 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-19 21:31 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-19 21:31 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-19 21:31 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-19 21:31 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-19 21:31 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-19 21:31 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-19 21:31 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-19 21:31 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-19 21:31 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-19 21:31 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-19 21:31 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-19 21:31 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-19 21:31 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-19 21:31 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-19 21:31 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-19 21:31 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-19 21:31 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-19 21:31 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-19 21:31 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-19 21:31 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-19 21:31 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-19 21:31 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-19 21:31 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-19 21:31 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-19 21:31 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-19 21:31 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-19 21:31 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-19 21:31 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-19 21:31 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-19 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-19 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-19 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-19 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-19 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-19 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-19 21:30 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-19 21:30 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-11 21:07 - 2014-03-11 21:07 - 04550656 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-03-08 09:40 - 2014-03-08 09:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 20:36 - 2014-03-07 20:36 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-07 19:30 - 2014-03-07 19:30 - 02690184 _____ (Microsoft Corporation) C:\Users\Anne\Downloads\EIE11_DE-DE_MCM_WIN764L.EXE
2014-03-07 19:30 - 2014-03-07 19:30 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-07 19:24 - 2014-03-07 19:24 - 00000000 ___RD () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 19:23 - 2014-03-07 19:23 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-03-07 19:19 - 2014-03-05 16:53 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\AnyProtectScannerSetup.exe
2014-03-07 19:11 - 2014-03-07 19:24 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-03-07 19:11 - 2014-03-07 19:11 - 00000000 ____D () C:\Users\Anne\AppData\Local\Tuguu_SL
2014-03-07 19:10 - 2014-03-07 19:22 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-07 19:10 - 2014-03-07 19:21 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-07 19:10 - 2014-03-07 19:10 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\nsf4972.tmp
2014-03-07 19:10 - 2014-03-07 19:10 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\SupTab
2014-03-07 19:10 - 2014-03-07 19:10 - 00000000 ____D () C:\ProgramData\WPM
2014-03-07 19:09 - 2014-03-07 19:09 - 00003074 _____ () C:\windows\Tasks\freeven-chromeinstaller.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00002232 _____ () C:\windows\Tasks\freeven-firefoxinstaller.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00001482 _____ () C:\windows\Tasks\freeven-updater.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00001436 _____ () C:\windows\Tasks\freeven-codedownloader.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00001336 _____ () C:\windows\Tasks\freeven-enabler.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\awesomehp
2014-03-07 19:09 - 2014-03-07 19:09 - 00000000 ____D () C:\Program Files (x86)\freeven
2014-03-07 19:08 - 2014-03-07 19:08 - 00391576 _____ () C:\Users\Anne\Downloads\Setup.exe
2014-03-07 19:08 - 2014-03-07 19:08 - 00000000 ____D () C:\Users\Anne\AppData\Local\SearchProtect
2014-03-07 15:41 - 2014-03-07 15:41 - 00195531 _____ () C:\Users\Anne\Downloads\Versicherungsschein-34902128.pdf.joy0fuy.partial

==================== One Month Modified Files and Folders =======

2014-03-28 22:51 - 2014-03-28 22:50 - 00000000 ____D () C:\FRST
2014-03-28 22:50 - 2014-03-28 22:50 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64 (1).exe
2014-03-28 22:49 - 2014-03-28 22:49 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2014-03-28 22:43 - 2012-07-14 16:24 - 00000000 ____D () C:\Users\Anne
2014-03-28 20:40 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:40 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 20:36 - 2011-10-11 17:59 - 01200083 _____ () C:\windows\WindowsUpdate.log
2014-03-28 20:31 - 2009-07-14 05:51 - 00079044 _____ () C:\windows\setupact.log
2014-03-26 21:46 - 2014-03-26 20:50 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Nico Mak Computing
2014-03-25 15:14 - 2011-10-11 02:44 - 00703224 _____ () C:\windows\system32\perfh007.dat
2014-03-25 15:14 - 2011-10-11 02:44 - 00150832 _____ () C:\windows\system32\perfc007.dat
2014-03-25 15:14 - 2009-07-14 06:13 - 01629416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-23 20:59 - 2014-03-21 21:42 - 00000000 ____D () C:\Users\Anne\Desktop\Neuer Ordner
2014-03-23 20:50 - 2014-03-23 20:24 - 00000047 _____ () C:\Users\Anne\Desktop\Neues Textdokument.txt
2014-03-21 22:42 - 2014-03-19 21:45 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live
2014-03-20 22:05 - 2014-03-20 22:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\{230FA9B9-4BCD-45B2-9149-63EE6F77BEB9}
2014-03-20 20:59 - 2009-07-14 05:45 - 00423000 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-20 20:58 - 2013-03-16 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 20:58 - 2013-03-16 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 20:58 - 2010-11-21 04:47 - 00295946 _____ () C:\windows\PFRO.log
2014-03-20 20:56 - 2013-08-14 21:58 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 20:54 - 2012-10-29 21:37 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-20 20:53 - 2012-07-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 21:44 - 2014-03-19 21:44 - 00000000 ____D () C:\Users\Anne\AppData\Local\{39843DF1-BFDE-4612-8168-AECAB884BB0E}
2014-03-11 21:07 - 2014-03-11 21:07 - 04550656 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-03-08 09:40 - 2014-03-08 09:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 09:40 - 2012-07-14 16:28 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 20:36 - 2014-03-07 20:36 - 00000000 ____D () C:\Program Files\SavingsBull
2014-03-07 19:33 - 2013-07-18 21:26 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Systweak
2014-03-07 19:30 - 2014-03-07 19:30 - 02690184 _____ (Microsoft Corporation) C:\Users\Anne\Downloads\EIE11_DE-DE_MCM_WIN764L.EXE
2014-03-07 19:30 - 2014-03-07 19:30 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-07 19:30 - 2013-11-19 22:53 - 00015816 _____ () C:\windows\IE11_main.log
2014-03-07 19:26 - 2014-02-22 20:29 - 02825940 _____ () C:\windows\system32\SavingsBullFilterService.log
2014-03-07 19:24 - 2014-03-07 19:24 - 00000000 ___RD () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 19:24 - 2014-03-07 19:11 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-03-07 19:23 - 2014-03-07 19:23 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-03-07 19:22 - 2014-03-07 19:10 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-07 19:21 - 2014-03-07 19:10 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-07 19:11 - 2014-03-07 19:11 - 00000000 ____D () C:\Users\Anne\AppData\Local\Tuguu_SL
2014-03-07 19:10 - 2014-03-07 19:10 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\nsf4972.tmp
2014-03-07 19:10 - 2014-03-07 19:10 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\SupTab
2014-03-07 19:10 - 2014-03-07 19:10 - 00000000 ____D () C:\ProgramData\WPM
2014-03-07 19:09 - 2014-03-07 19:09 - 00003074 _____ () C:\windows\Tasks\freeven-chromeinstaller.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00002232 _____ () C:\windows\Tasks\freeven-firefoxinstaller.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00001482 _____ () C:\windows\Tasks\freeven-updater.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00001436 _____ () C:\windows\Tasks\freeven-codedownloader.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00001336 _____ () C:\windows\Tasks\freeven-enabler.job
2014-03-07 19:09 - 2014-03-07 19:09 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\awesomehp
2014-03-07 19:09 - 2014-03-07 19:09 - 00000000 ____D () C:\Program Files (x86)\freeven
2014-03-07 19:08 - 2014-03-07 19:08 - 00391576 _____ () C:\Users\Anne\Downloads\Setup.exe
2014-03-07 19:08 - 2014-03-07 19:08 - 00000000 ____D () C:\Users\Anne\AppData\Local\SearchProtect
2014-03-07 19:08 - 2013-01-04 18:40 - 00000000 _____ () C:\end
2014-03-07 15:41 - 2014-03-07 15:41 - 00195531 _____ () C:\Users\Anne\Downloads\Versicherungsschein-34902128.pdf.joy0fuy.partial
2014-03-05 16:53 - 2014-03-07 19:19 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\AnyProtectScannerSetup.exe
2014-03-03 21:10 - 2013-08-03 17:17 - 01603696 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 19:37 - 2014-02-22 20:28 - 00000000 ____D () C:\Program Files (x86)\melondrea
2014-03-01 07:05 - 2014-03-19 21:31 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 21:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 21:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 21:31 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 21:31 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 21:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 21:31 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 21:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 21:31 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 21:31 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 21:31 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 21:31 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 21:31 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-19 21:31 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 21:31 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 21:31 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 21:31 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 21:31 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-19 21:31 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-19 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 21:31 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 21:31 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 21:31 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 21:31 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 21:31 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 21:31 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-19 21:31 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 21:31 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 21:31 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 21:31 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-19 21:31 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-19 21:31 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-19 21:31 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-19 21:31 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 21:31 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 21:31 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-19 21:31 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 21:31 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 21:31 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 21:31 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Public\AlexaNSISPlugin.6240.dll


Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\avgnt.exe
C:\Users\Anne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anne\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Anne\AppData\Local\Temp\uninst1.exe
C:\Users\Anne\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-07 19:02

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

ADDITION

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Anne at 2014-03-28 22:53:05
Running from C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4AJ6AO8
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ETDWare PS/2-X64 10.0.7.2_WHQL (HKLM\...\Elantech) (Version: 10.0.7.2 - ELAN Microelectronic Corp.)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{A7096369-9332-466C-8357-08770CDCE277}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
NVIDIA Display Control Panel (Version: 6.14.12.6883 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 268.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.42.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.23 (Version: 1.0.23 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.23 - NVIDIA Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
SavingsBull (HKLM\...\Level Quality Watcher) (Version: SavingsBull - SavingsBull) <==== ATTENTION
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

18-01-2014 17:52:11 Windows Update
16-02-2014 19:20:57 Windows Update
01-03-2014 21:46:27 Windows Update
03-03-2014 20:04:14 Windows Update
08-03-2014 08:38:59 Windows Update
20-03-2014 19:47:56 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {120BCC3C-0E70-4F4B-97B3-730C36063045} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {138511B7-E44F-4289-8F23-C146C7FF6A9F} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {2DFCD5D1-5B79-4CB3-B559-6D97C2EC1D40} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {30FC9BBD-5479-4F53-BB17-8F02EBD355DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {3346EB51-5C8B-4C2E-92BD-FCF89620D6E7} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {476A53A3-159D-4389-B8D5-09565FB7B0CB} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {60247B97-57C4-4818-8D0B-A8CEE8664BD1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {769BD9CA-58B1-40D4-BBFF-6DAE9250AC48} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {8EB5DF3B-18F3-4205-9207-16C234D99945} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2012-11-30] ()
Task: {A4CF5630-2D45-4D87-AC3D-98420472C3CA} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe [2011-07-29] (SAMSUNG Electronics)
Task: {A6A7598B-729B-4E22-916F-2EC61A241EC1} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-18] (Adobe Systems Incorporated)
Task: {B0AB2D5F-5374-4E2C-8BD0-B981E8F1F8D8} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {B64FB3C5-8F5C-4C6A-92D9-3224D806872C} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {C1A19806-8599-4534-BC3A-06287400E46B} - System32\Tasks\Easy Software Manager Agent => C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe [2011-09-15] (Samsung)
Task: {CAD3B30A-7BAD-48C1-BB55-BE828FBCAEDB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {D60AF5EA-B7F4-4AA9-9886-E1C36FD71042} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {D68BA58B-8B6C-406C-ABE7-9AFDD5B1DFE7} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {EAC2A1C2-106E-45F0-8F8A-80B181A0F55C} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {EBFE970D-B8D6-473E-95DA-3311AFEAE86E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {F9F7F2D6-8CDA-4F3F-B6D7-A99B8A4A5420} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2012-12-20] (Simplygen) <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\APSnotifierCA.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\windows\Tasks\EPUpdater.job => C:\Users\Anne\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: C:\windows\Tasks\freeven-chromeinstaller.job => C:\Program Files (x86)\freeven\freeven-chromeinstaller.exe
Task: C:\windows\Tasks\freeven-codedownloader.job => C:\Program Files (x86)\freeven\freeven-codedownloader.exe
Task: C:\windows\Tasks\freeven-enabler.job => C:\Program Files (x86)\freeven\freeven-enabler.exe <==== ATTENTION
Task: C:\windows\Tasks\freeven-firefoxinstaller.job => C:\Program Files (x86)\freeven\freeven-firefoxinstaller.exe
Task: C:\windows\Tasks\freeven-updater.job => C:\Program Files (x86)\freeven\freeven-updater.exe
Task: C:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe

==================== Loaded Modules (whitelisted) =============

2014-01-27 21:45 - 2014-01-27 21:45 - 00710976 _____ () C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
2011-10-11 03:22 - 2009-12-01 08:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-02-08 10:49 - 2012-02-08 10:49 - 00380416 _____ () C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
2012-12-30 11:53 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/28/2014 08:32:45 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 08:42:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/26/2014 07:23:16 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2014 08:28:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/25/2014 03:08:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/24/2014 10:32:43 PM) (Source: Windows Search Service) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <10, 0x80070005, "">.

Error: (03/24/2014 08:52:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 06:49:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2014 11:06:49 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 11.0.9600.16521, Zeitstempel: 0x53114399
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x17bd5000
ID des fehlerhaften Prozesses: 0xfa8
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3

Error: (03/23/2014 10:37:14 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/28/2014 08:31:14 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/26/2014 08:40:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/26/2014 08:36:29 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/26/2014 07:22:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/25/2014 08:26:54 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/25/2014 03:06:49 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Updater Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (03/24/2014 10:45:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (03/24/2014 10:45:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "netprofm" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (03/24/2014 10:45:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerkverbindungen" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1115

Error: (03/24/2014 10:45:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 6057.55 MB
Available physical RAM: 4219.41 MB
Total Pagefile: 12113.27 MB
Available Pagefile: 10197.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:177 GB) (Free:78.27 GB) NTFS
Drive d: () (Fixed) (Total:265.59 GB) (Free:243.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: A90831CD)

Partition: GPT Partition Type.

==================== End Of Log ============================

.

So, das wars

mort · 29.03.2014, 10:26

Sollten wir schnell schaffen.

Schritt 1

Klicke bitte auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Hier kannst du nun folgende Programm deinstallieren.

SavingsBull

Schritt 2

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 4

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 5

Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Glasi · 29.03.2014, 22:25

Och nöööö. jetzt ist Schritt 2 weg. Hab nicht dran gedacht und hab den Rechner wegen Schritt 3 neu gestartet

Ergebnis SCHRITT 3

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 29.03.2014
Suchlauf-Zeit: 12:21:24
Logdatei: Scanner.txt
Administrator: Ja

Version: 2.00.0.1000
Malware Datenbank: v2014.03.29.01
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Anne

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 287642
Verstrichene Zeit: 36 Min, 59 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.DVDVideoSoft.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}, In Quarantäne, [c63a5da3778930d0ad730cfa907259a7], 
PUP.Optional.Awesomehp.A, HKLM\SOFTWARE\WOW6432NODE\awesomehpSoftware, In Quarantäne, [2fd1b848ab5507f9e6094b17a062e61a], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, In Quarantäne, [e31d9967d32dab55420881fcdb28e61a], 

Registrierungswerte: 2
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {2E5BDE81-51E7-11E2-ACDD-E8039A19DF1F}, In Quarantäne, [e31d9967d32dab55420881fcdb28e61a]
Hijack.Autorun, HKU\S-1-5-21-578327087-4110603385-1361986703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\COMMAND PROCESSOR|AutoRun, "C:\Users\Anne\AppData\Local\Temp\roahsneaeskqgnuyb.exe", Löschen bei Neustart, [02fe7f81da2634cc4c9bcc990ef42ed2]

Registrierungsdaten: 1
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-578327087-4110603385-1361986703-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q=%s, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=3231&q=%s),Löschen bei Neustart,[59a718e826dad62a736d818ada2afb05]

Ordner: 3
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\Themes, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 

Dateien: 53
PUP.Optional.FileScout.A, C:\Users\Anne\AppData\Local\Temp\473C.tmp, In Quarantäne, [728e15eb22de32ce82f3ab5437c908f8], 
PUP.Optional.InstallCore.A, C:\Users\Anne\AppData\Local\Temp\nsr8EF8.tmp, In Quarantäne, [c33ddc2410f0f30d886138b3857eb848], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\ccp.exe, In Quarantäne, [639d17e93dc316eafa26a777dd234bb5], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\CrxInstaller.dll, In Quarantäne, [24dcc23eb54bc7392f83ee22936ed32d], 
PUP.Optional.Delta, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\MyDeltaTB.exe, In Quarantäne, [0cf4669af60aae52b7e746bac53c7a86], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\E56373DA-BAB0-7891-A787-A176770C594C\Latest\Setup.exe, In Quarantäne, [e8187f8104fc6e92fe2d57c74ab68e72], 
Backdoor.Bot, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\android.exe, In Quarantäne, [946ce020e21e916f538c1b48956c9967], 
PUP.Optional.Conduit.A, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\spidentifierimpl.exe, In Quarantäne, [6c949b65dc242ed2f2f9ef2698697c84], 
PUP.Optional.SkyTech.A, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\software\tugs_awesomehp.exe, In Quarantäne, [1be57b857888926e7f63c28b2ad744bc], 
PUP.Optional.SilenceInstall, C:\Users\Anne\AppData\Local\Temp\f0b1008e-7182-41b3-9618-3af6abb860ce\software\VOPackage.exe, In Quarantäne, [c33d01ff06fa778949899aa08b750000], 
PUP.Optional.SkyTech.A, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\package1.zip, In Quarantäne, [f30dd72940c0bf4126ed56dc4bb5966a], 
PUP.Optional.SkyTech.A, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\QQBrowserFrame.dll, In Quarantäne, [fa061ce411ef3ec260b3240eb24ed927], 
PUP.Optional.SupTab.A, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\tmp\SupTab.exe, In Quarantäne, [be424db32fd1ec14bc8f45f054ace818], 
PUP.Optional.WpManager, C:\Users\Anne\AppData\Local\Temp\fullpackage_temp1394215741\tmp\wpm.exe, In Quarantäne, [42bee51bff0109f75bd80c4c5ca58878], 
PUP.Optional.OpenCandy, C:\Users\Anne\AppData\Local\Temp\is-N6J6I.tmp\OCSetupHlp.dll, In Quarantäne, [5ba5a55b7b85ad539d91d15d36ced729], 
PUP.Optional.Delta.A, C:\Users\Anne\AppData\Local\Temp\is357113909\DeltaTB.exe, In Quarantäne, [1ee2649c52aeaa5624dc639c38c89769], 
PUP.Optional.DealPly.A, C:\Users\Anne\AppData\Local\Temp\is357113909\dp.exe, In Quarantäne, [ff01a45cc04011ef41a38ca4a2626d93], 
PUP.Optional.WebCake.A, C:\Users\Anne\AppData\Local\Temp\is357113909\Setup-D502DD2B71B5.exe, In Quarantäne, [c83840c07888768a99df05fa7c84748c], 
PUP.Optional.RegCleanPro, C:\Users\Anne\AppData\Local\Temp\is45637729\374014_stp\rcpsetup_adppi15_adppi15.exe, In Quarantäne, [966a59a741bf04fc206a67cd936ddd23], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\BExternal.dll, In Quarantäne, [a759768a9d6317e9be21f82aa060e719], 
PUP.Optional.Conduit.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\ccp.exe, In Quarantäne, [d7295ca4649c8c743e4c2bed2ed3ee12], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\CrxInstaller.dll, In Quarantäne, [916f659bcf3157a9971b4fc19a678779], 
PUP.Optional.Delta.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\DSearchLink.exe, In Quarantäne, [de221fe1619fcd33c0aaf7e212f115eb], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\MntrDLLInstall.dll, In Quarantäne, [49b7af5133cdaa56af04cd439b661ae6], 
PUP.Optional.Delta, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\MyDeltaTB.exe, In Quarantäne, [b54b23ddb54ba35d653afb05a85909f7], 
PUP.Optional.Babylon.A, C:\Users\Anne\AppData\Local\Temp\DF9AC2D9-BAB0-7891-8AE4-B8A045EC3D7F\Latest\Setup.exe, In Quarantäne, [b24ee51b59a77f8194edb56ce7197f81], 
Backdoor.Bot, C:\Users\Anne\AppData\Local\Temp\android\android.exe, In Quarantäne, [a35d1ee299679769647b0e5559a8bc44], 
PUP.Optional.Searchprotect, C:\Windows\Temp\TBU001\Update.exe, In Quarantäne, [3ec29c6443bd60a04be253c024dd51af], 
PUP.Optional.Searchprotect, C:\Windows\Temp\TBU002\Update.exe, In Quarantäne, [669a58a855ab3fc166c7080b37cae818], 
PUP.Optional.Searchprotect, C:\Windows\Temp\TBU003\Update.exe, In Quarantäne, [26da8b75f20e21df8da0dd360ff2e818], 
PUP.Optional.Koyote.A, C:\Users\Anne\Downloads\FreeVideoConverterSetup-r135-n-bc.exe, In Quarantäne, [52aeaf51aa566c948c225bdc877a32ce], 
PUP.Optional.OpenCandy, C:\Users\Anne\Downloads\FreeYouTubeDownload.exe, In Quarantäne, [5fa113ed718f6a962695ec1840c115eb], 
PUP.Optional.OpenCandy, C:\Users\Anne\Downloads\FreeYouTubeDownload_3.2.11.812.exe, In Quarantäne, [9868ba468f7118e84b70c440827fb64a], 
PUP.Optional.Bandoo, C:\Users\Anne\Downloads\iLividSetup-r390-n-bi.exe, In Quarantäne, [b7491de370900ef21b338a774bb60af6], 
PUP.Optional.BundleInstaller.A, C:\Users\Anne\Downloads\Setup.exe, In Quarantäne, [9e622bd51ae647b9d72b4eecdf21629e], 
PUP.Optional.RegCleanerPro, C:\Users\Anne\Downloads\sysrc_trial_25044.exe, In Quarantäne, [52ae56aa55abc04091f705fd8081df21], 
PUP.Optional.SweetIM, C:\Windows\Installer\56292.msi, In Quarantäne, [11ef3dc30cf43bc5e1de2c01699b18e8], 
PUP.Optional.SweetIM, C:\Windows\Installer\56298.msi, In Quarantäne, [7888e51bb14f4eb205baa88509fb41bf], 
PUP.Optional.SweetIM, C:\Windows\Installer\5629e.msi, In Quarantäne, [21dfe51b8e72748cd1ee8e9f5ea61fe1], 
Trojan.Agent.TPL, C:\ProgramData\2433f433, In Quarantäne, [b24ee11ffa060af62aaef97656ad52ae], 
Trojan.Agent.TPL, C:\Users\Anne\AppData\Roaming\2433f433, In Quarantäne, [de2234cc88788c7411c7422d51b2fc04], 
Trojan.Agent.TPL, C:\Users\Anne\AppData\Local\2433f433, In Quarantäne, [6b95d42c0df315eb99403837c53eb848], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\History.xml, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Jar of Hearts - Christina Perri Lyrics(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Jar of Hearts - Christina Perri Lyrics(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Klangkarussell - Sonnentanz(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Klangkarussell - Sonnentanz(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\new york alicia keys(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\new york alicia keys(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Rihanna Feat. Mikky Ekko - Stay(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\Rihanna Feat. Mikky Ekko - Stay(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\White Apple Tree- Snowflake(1).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 
PUP.Optional.DVDVideoSoft.A, C:\Users\Anne\AppData\Roaming\DVDVideoSoft\FreeYouTubeToMP3Converter\History\White Apple Tree- Snowflake(2).png, In Quarantäne, [c040e8184bb514ecef26f463e71bd729], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Der Scan dauert ja Jahre

Ich werde das heute Abend nochmal machen. Muss jetzt leider los

Aber nach Schritt 2 war beim starten von dem IE schon kein Awesomehp mehr da.

Schritt 4

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ed888453abdbd245bf9bdc054ae3554d
# engine=17672
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-29 12:10:32
# local_time=2014-03-29 01:10:32 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 22462888 147724882 0 0
# scanned=52332
# found=2
# cleaned=0
# scan_time=1952
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ed888453abdbd245bf9bdc054ae3554d
# engine=17676
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-29 09:11:23
# local_time=2014-03-29 10:11:23 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 66 94 22495339 147757333 0 0
# scanned=219668
# found=3
# cleaned=0
# scan_time=8693
sh=80DC1B8044FE7F2BC57777F9559C5050B1DF5736 ft=1 fh=3a2e66d2f7d1673f vn="a variant of Win32/AdWare.Adpeak.D application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir"
sh=408E4906C3F215C0E44282D24B340DAF03D014A4 ft=1 fh=94d81bcdb603e2f9 vn="a variant of Win64/Adware.Adpeak.C application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir"
sh=6205DDE47C041E3B67EFC540F89F24344835EE11 ft=0 fh=0000000000000000 vn="Win32/AdWare.Adpeak.B application" ac=I fn="C:\temp\t.msi"

Schritt 5

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Anne (administrator) on ANNE-PC on 29-03-2014 22:23:37
Running from C:\Users\Anne\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [Philips Device Listener] - C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [380416 2012-02-08] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\Run: [com.apple.dav.bookmarks.daemon] - C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-04-05] (Apple Inc.)
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: G - G:\PMCsetup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {22ff0f9e-082b-11e3-91c0-e8039a19df1f} - G:\PMCsetup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {5a02180a-cdca-11e1-ae36-e8039a19df1f} - F:\setup.exe
HKU\S-1-5-21-578327087-4110603385-1361986703-1001\...\MountPoints2: {5a021810-cdca-11e1-ae36-e8039a19df1f} - F:\setup.exe
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6DF822B9-A391-4181-BA3B-6457E6B8BED9} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {6DF822B9-A391-4181-BA3B-6457E6B8BED9} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2013-01-04]
FF Extension: No Name - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2013-01-04]
FF Extension: PutLockerDownloader - C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\profiles\extensions\putlockerdownloader@putlockerdownloader.com.xpi [2012-11-06]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-12-29]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-06-09]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R3 GEARAspiWDM; C:\Windows\SysWOW64\DRIVERS\GEARAspiWDM.sys [15664 2011-07-15] (GEAR Software Inc.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-10] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-29 22:23 - 2014-03-29 22:23 - 00012214 _____ () C:\Users\Anne\Downloads\FRST.txt
2014-03-29 12:31 - 2014-03-29 12:31 - 00010828 _____ () C:\Users\Anne\Desktop\Scanner.txt
2014-03-29 11:42 - 2014-03-29 12:26 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 11:42 - 2014-03-29 11:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 11:42 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-29 11:42 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-29 11:42 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-29 11:29 - 2014-03-29 11:36 - 00000000 ____D () C:\AdwCleaner
2014-03-28 22:50 - 2014-03-29 22:23 - 00000000 ____D () C:\FRST
2014-03-28 22:50 - 2014-03-28 22:50 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64 (1).exe
2014-03-28 22:49 - 2014-03-28 22:49 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2014-03-26 20:50 - 2014-03-26 21:46 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Nico Mak Computing
2014-03-23 20:24 - 2014-03-23 20:50 - 00000047 _____ () C:\Users\Anne\Desktop\Neues Textdokument.txt
2014-03-21 21:42 - 2014-03-23 20:59 - 00000000 ____D () C:\Users\Anne\Desktop\Neuer Ordner
2014-03-20 22:04 - 2014-03-20 22:05 - 00000000 ____D () C:\Users\Anne\AppData\Local\{230FA9B9-4BCD-45B2-9149-63EE6F77BEB9}
2014-03-19 21:45 - 2014-03-21 22:42 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live
2014-03-19 21:44 - 2014-03-19 21:44 - 00000000 ____D () C:\Users\Anne\AppData\Local\{39843DF1-BFDE-4612-8168-AECAB884BB0E}
2014-03-19 21:31 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-19 21:31 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-19 21:31 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-19 21:31 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-19 21:31 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-19 21:31 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-19 21:31 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-19 21:31 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-19 21:31 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-19 21:31 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-19 21:31 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-19 21:31 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-19 21:31 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-19 21:31 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-19 21:31 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-19 21:31 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-19 21:31 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-19 21:31 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-19 21:31 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-19 21:31 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-19 21:31 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-19 21:31 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-19 21:31 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-19 21:31 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-19 21:31 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-19 21:31 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-19 21:31 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-19 21:31 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-19 21:31 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-19 21:31 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-19 21:31 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-19 21:31 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-19 21:31 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-19 21:31 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-19 21:31 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-19 21:31 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-19 21:31 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-19 21:31 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-19 21:31 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-19 21:31 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-03-19 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-19 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-19 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-19 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-19 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-19 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-19 21:30 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-19 21:30 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-11 21:07 - 2014-03-11 21:07 - 04550656 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-03-08 09:40 - 2014-03-08 09:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-07 19:30 - 2014-03-07 19:30 - 02690184 _____ (Microsoft Corporation) C:\Users\Anne\Downloads\EIE11_DE-DE_MCM_WIN764L.EXE
2014-03-07 19:30 - 2014-03-07 19:30 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-07 19:24 - 2014-03-07 19:24 - 00000000 ___RD () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 19:19 - 2014-03-05 16:53 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\AnyProtectScannerSetup.exe
2014-03-07 19:11 - 2014-03-07 19:24 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-03-07 19:11 - 2014-03-07 19:11 - 00000000 ____D () C:\Users\Anne\AppData\Local\Tuguu_SL
2014-03-07 19:10 - 2014-03-07 19:10 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\nsf4972.tmp
2014-03-07 15:41 - 2014-03-07 15:41 - 00195531 _____ () C:\Users\Anne\Downloads\Versicherungsschein-34902128.pdf.joy0fuy.partial

==================== One Month Modified Files and Folders =======

2014-03-29 22:24 - 2014-03-29 22:23 - 00012214 _____ () C:\Users\Anne\Downloads\FRST.txt
2014-03-29 22:23 - 2014-03-28 22:50 - 00000000 ____D () C:\FRST
2014-03-29 20:35 - 2011-10-11 17:59 - 01240609 _____ () C:\windows\WindowsUpdate.log
2014-03-29 19:51 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-29 19:51 - 2009-07-14 05:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-29 19:42 - 2010-11-21 04:47 - 00313098 _____ () C:\windows\PFRO.log
2014-03-29 19:42 - 2009-07-14 05:51 - 00079268 _____ () C:\windows\setupact.log
2014-03-29 12:31 - 2014-03-29 12:31 - 00010828 _____ () C:\Users\Anne\Desktop\Scanner.txt
2014-03-29 12:26 - 2014-03-29 11:42 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-29 12:23 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\tracing
2014-03-29 12:22 - 2013-03-16 22:27 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\DVDVideoSoft
2014-03-29 11:53 - 2011-10-11 02:44 - 00703224 _____ () C:\windows\system32\perfh007.dat
2014-03-29 11:53 - 2011-10-11 02:44 - 00150832 _____ () C:\windows\system32\perfc007.dat
2014-03-29 11:53 - 2009-07-14 06:13 - 01629416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-29 11:42 - 2014-03-29 11:42 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-29 11:42 - 2014-03-29 11:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-03-29 11:36 - 2014-03-29 11:29 - 00000000 ____D () C:\AdwCleaner
2014-03-29 11:36 - 2013-09-21 21:20 - 00000000 ____D () C:\Users\Anne\Desktop\Tools
2014-03-29 11:36 - 2013-01-04 18:41 - 00000000 ____D () C:\windows\System32\Tasks\ProtectedSearch
2014-03-29 11:19 - 2012-07-14 16:24 - 00000000 ____D () C:\Users\Anne
2014-03-28 22:50 - 2014-03-28 22:50 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64 (1).exe
2014-03-28 22:49 - 2014-03-28 22:49 - 02157056 _____ (Farbar) C:\Users\Anne\Downloads\FRST64.exe
2014-03-26 21:46 - 2014-03-26 20:50 - 00000000 ____D () C:\Users\Anne\AppData\Roaming\Nico Mak Computing
2014-03-23 20:59 - 2014-03-21 21:42 - 00000000 ____D () C:\Users\Anne\Desktop\Neuer Ordner
2014-03-23 20:50 - 2014-03-23 20:24 - 00000047 _____ () C:\Users\Anne\Desktop\Neues Textdokument.txt
2014-03-21 22:42 - 2014-03-19 21:45 - 00000000 ____D () C:\Users\Anne\AppData\Local\Windows Live
2014-03-20 22:05 - 2014-03-20 22:04 - 00000000 ____D () C:\Users\Anne\AppData\Local\{230FA9B9-4BCD-45B2-9149-63EE6F77BEB9}
2014-03-20 20:59 - 2009-07-14 05:45 - 00423000 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-20 20:58 - 2013-03-16 21:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-20 20:58 - 2013-03-16 21:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-20 20:56 - 2013-08-14 21:58 - 00000000 ____D () C:\windows\system32\MRT
2014-03-20 20:54 - 2012-10-29 21:37 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-20 20:53 - 2012-07-14 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-19 21:44 - 2014-03-19 21:44 - 00000000 ____D () C:\Users\Anne\AppData\Local\{39843DF1-BFDE-4612-8168-AECAB884BB0E}
2014-03-11 21:07 - 2014-03-11 21:07 - 04550656 _____ (Google Inc.) C:\windows\SysWOW64\GPhotos.scr
2014-03-08 09:40 - 2014-03-08 09:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-08 09:40 - 2012-07-14 16:28 - 00000000 ____D () C:\ProgramData\Skype
2014-03-07 19:30 - 2014-03-07 19:30 - 02690184 _____ (Microsoft Corporation) C:\Users\Anne\Downloads\EIE11_DE-DE_MCM_WIN764L.EXE
2014-03-07 19:30 - 2014-03-07 19:30 - 00000000 ___HD () C:\windows\msdownld.tmp
2014-03-07 19:30 - 2013-11-19 22:53 - 00015816 _____ () C:\windows\IE11_main.log
2014-03-07 19:26 - 2014-02-22 20:29 - 02825940 _____ () C:\windows\system32\SavingsBullFilterService.log
2014-03-07 19:24 - 2014-03-07 19:24 - 00000000 ___RD () C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-07 19:24 - 2014-03-07 19:11 - 00000378 _____ () C:\windows\Tasks\APSnotifierCA.job
2014-03-07 19:11 - 2014-03-07 19:11 - 00000000 ____D () C:\Users\Anne\AppData\Local\Tuguu_SL
2014-03-07 19:10 - 2014-03-07 19:10 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\nsf4972.tmp
2014-03-07 15:41 - 2014-03-07 15:41 - 00195531 _____ () C:\Users\Anne\Downloads\Versicherungsschein-34902128.pdf.joy0fuy.partial
2014-03-05 16:53 - 2014-03-07 19:19 - 01122960 _____ (AnyProtect.com) C:\Users\Anne\AppData\Local\AnyProtectScannerSetup.exe
2014-03-05 09:26 - 2014-03-29 11:42 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-29 11:42 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-29 11:42 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-03-03 21:10 - 2013-08-03 17:17 - 01603696 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-03-01 07:05 - 2014-03-19 21:31 - 23133696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-19 21:31 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-19 21:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-19 21:31 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-19 21:31 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-19 21:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-19 21:31 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-19 21:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-19 21:31 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-19 21:31 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-19 21:31 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-19 21:31 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-19 21:31 - 17074688 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-19 21:31 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-19 21:31 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-19 21:31 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-19 21:31 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-19 21:31 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-19 21:31 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-19 21:31 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-19 21:31 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-19 21:31 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-19 21:31 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-19 21:31 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-19 21:31 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-19 21:31 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-19 21:31 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-19 21:31 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-19 21:31 - 13051904 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-19 21:31 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-19 21:31 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-19 21:31 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-19 21:31 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-19 21:31 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-19 21:31 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-19 21:31 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-19 21:31 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-19 21:31 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-19 21:31 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-19 21:31 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Public\AlexaNSISPlugin.6240.dll


Some content of TEMP:
====================
C:\Users\Anne\AppData\Local\Temp\avgnt.exe
C:\Users\Anne\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anne\AppData\Local\Temp\Quarantine.exe
C:\Users\Anne\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Anne\AppData\Local\Temp\uninst1.exe
C:\Users\Anne\AppData\Local\Temp\vcredist_x64.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-07 19:02

==================== End Of Log ============================

--- --- ---

--- --- ---

So, jetzt müsste ich alles haben.

Ist es jetzt weg?

mort · 29.03.2014, 22:29

Hast du noch irgendwelche Probleme?

Glasi · 30.03.2014, 15:44

Nein.

Besten Dank dafür.

mort · 30.03.2014, 18:26

Ja, wir haben es geschaft.

Wenn du zufrieden bist, kannst du mir hier gerne danken.

Updates

Bitte lade dir von Microsoft die neuste Version des Internet Explorers runter: Laden Sie Internet Explorer herunter

Klicke nun auf den Windowsbutton in der Taskleiste und dort wiederum auf "Systemsteuerung". Wenn du hier angelangt bist, gehe auf "Programme deinstallieren" unter "Programme". Deinstalliere hier alle alten Java- und Flash-Versionen.

Falls du Java brauchst kannst du es wieder herunter laden:

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version (Java 7 Update 51) herunter laden.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.

Öffne bitte mit beiden Browsern Adobe - Adobe Flash Player installieren und lade dir die neueste Version herunter. Entferne beim installieren den Haken bei McAfee Security Plus.

Ich sehe in deinen Logs nichts gefährliches mehr.

Cleanup

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Tipps

Welches Antiviren-Programm soll ich nehmen?

Es gibt kein Antiviren-Programm, dass alle schädlinge findet. Du kannst dich nicht 100%-ig auf das Programm verlassen, es hängt immernoch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.

Klicke nicht auf alles blinkende oder das dich auffordert etwas herunterzuladen.
Lasse die finger weg von illegalen Programmen. Sie sind der Hauptgrund für infizierte Computer.
Öffne Email-Anhänge nur von bekannten Absendern.
Halte Java, Adobe Flash Player und andere Programme immer aktuell.

Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren werden und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte ausserdem dein Antiviren-Programm immer aktuell, denn durch eine veraltete Datenbank kann das das Programm die neuen Infektionen nicht finden.

Als gutes und kostenloses Antivieren Programm empfehle ich dir avast! free antivirus.
Alternativ kannst du auch Microsoft Security Essentials nutzen.
Wenn es auch etwas kosten darf, empfehle ich dir Emsisoft Anti-Malware.

Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im gegensatz zu einem normalem Antiviren-Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.

Malwarebytes Anti-Malware
ESET Online Scanner
Falls ESET bedrohungen findet, erstelle hier einen neuen Thread und Poste uns das Log von ESET.

Was sollte ich vor dem Runterladen beachten?

Lade dir Programme direkt vom Hersteller runter. Bei Programmen aus einer anderen Quelle wie Softonic und anderen Seiten die dir einen Downloader anbieten, werden unerwünschte Toolbars und anderer Müll mitinstalliert. Führe außerdem immer eine benutzerdefinierte Installation durch und entferne die Haken optionalen Programmen.
Lass die Finger von Registry-Cleanern. Sie versprechen dir eine große Beschleunigung deines Sytems obwohl das enfternen von verwaisten Registry-Schlüsseln nur wenig Perfomancegewinng bringt, wenn überhaupt etwas. Falls das Programm aber mal etwas wichtiges löscht, kannst du damit die Registry zerstören. Zerstörst du die Registry, zerstörst du Windows!

Sonstige Tipps

Halte dein System und die Programme darauf immer aktuell. Alte Software enthält Sicherheitslücken, die dein System angreifbar machen.
Nutze mehrere Passwörter. Falls jemand das Passwort eines Accounts von dir herausfindet hätte er Zugriff auf alle anderen Accounts.
Öffne keine Emails von dir unbekannten Absendern. Diese Emails sind meistens Spammails die dich unter anderem auch dazu bringen wollen bestimmt Seiten zu besuchen oder Dateien bzw. Anhänge herunterzuladen.
Achte auf die Dateiendung. In den Anhängen von Spammails wird gerne der Trick genutzt, ausfürbare Dateien als harmlose Datei darzustellen, in dem sie eine Datei z.B. Rechnung.pdf.exe nennen. (Dateiendungen anzeigen lassen)
Deaktivere die Autorun Funktion. Damit kann Malware sich automatisch von einem USB-Stick starten, wenn man einen infizierten USB-Stick einsteckt hat. (Autorun deaktivieren)

Wenn du das Trojaner-Board untersützten willst, kannst du gerne Spenden.
Ich wünsche dir noch eine schöne Zeit.

Awesomehp als Startseite und ich bekomme es einfach nicht weg, bitte um Hilfe!!!

Plagegeister aller Art und deren Bekämpfung: Awesomehp als Startseite und ich bekomme es einfach nicht weg, bitte um Hilfe!!!