|
Plagegeister aller Art und deren Bekämpfung: Win32:Evo-gen[Susp]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.04.2014, 17:25 | #1 |
| Win32:Evo-gen[Susp] Avast free Antivirus lässt ein Fenster poppen indem steht das eine verdächtige Datei blockiert wurde, ich kann wenn ich will diese Datei zur "Ausnahmeliste" hinzufügen, was ich aber derzeit noch nicht mach. Das Problem ist das dieses Fenster jede Sekunde erscheint. DIE GANZE ZEIT, es nervt mich extrem, die ganze Zeit sagt eine Frauenstimme:" Verdächtiges Objekt wurde gefunden!" Ich habe keine Ahnung wie ich mit sowas umzugehen habe,führe gerade einen Scan von Avast durch der aber bei 99% noch nichts gefunden hat. |
29.04.2014, 17:40 | #2 |
/// the machine /// TB-Ausbilder | Win32:Evo-gen[Susp] hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
29.04.2014, 18:06 | #3 | ||
| Win32:Evo-gen[Susp]Zitat:
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014 Ran by Annemarie at 2014-04-29 18:55:16 Running from C:\Users\Annemarie\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} ==================== Installed Programs ====================== 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Activeris AntiMalware (HKLM-x32\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.) AMD Accelerated Video Transcoding (Version: 12.10.100.30620 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{399CF2C5-569E-98B2-8823-073041A3F9F5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.0620.342.4745 - Ihr Firmenname) Hidden AMD Start Now (Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2013.0620.342.4745 - Ihr Firmenname) Hidden AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.) Cyberlink PhotoDirector (x32 Version: 3.0.1.3919 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version: 10.0.3.2817 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company) Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Freeven pro 1.2 (HKLM-x32\...\Freeven pro 1.2) (Version: 1.34.4.10 - Freeven) <==== ATTENTION fst_de_7 (HKLM-x32\...\fst_de_7_is1) (Version: - free_soft_today) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{F86C62DC-1600-426B-981C-F398EF7CCB24}) (Version: 1.1.0.0 - Hewlett-Packard) HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden HP Recovery Manager (x32 Version: 10.00 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard) HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company) HP System Event Utility (HKLM-x32\...\{90EB00F7-A0D2-419B-82DE-59AADCA11790}) (Version: 1.0.6 - Hewlett-Packard Company) HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company) HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company) iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.) Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation) Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation) OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek) Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek) Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29057 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.) SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.3 - Uniblue Systems Limited) <==== ATTENTION swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated) VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION ==================== Restore Points ========================= 21-02-2014 08:37:23 Windows Update 01-04-2014 16:13:10 Windows Update 06-04-2014 15:57:27 Windows Update 24-04-2014 12:24:45 Installed Java 8 Update 5 (64-bit) 29-04-2014 15:08:38 Uniblue SpeedUpMyPC installation ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {13091EA6-D16A-479B-820B-D4E9F184604B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {1610B760-3457-4F36-A2EF-CB21346A96DF} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1 => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {19790962-01BD-44BB-B972-075B2357B41C} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2 => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-2.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1AF58742-7C3D-4482-8D9B-BA3C4AAF7257} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {1C253943-4269-4A31-A860-26583F9A4CB6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {20F4D224-401F-4600-A87F-02A50B61DF80} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {268889B3-C824-41D2-B0BD-1694DB2A841F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe Task: {32503853-736A-4542-AFC6-36A6CF3640BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company) Task: {3F84C9C4-D8D6-4F36-AA8D-297D6C091686} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-29] (AnyProtect by CMI) <==== ATTENTION Task: {4B88A718-1EF1-40EC-B51C-6C708430C35F} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5 => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-5.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {4FEB91F0-03D8-4BEF-9963-E297F8769C37} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-29] (AnyProtect by CMI) <==== ATTENTION Task: {522CD129-EA02-44A4-9267-24B1C6BCE5CC} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris) Task: {69B67946-647A-446A-BC03-1DE7E74016E3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation) Task: {7780E567-7E65-4314-9CE1-4537D8DD6121} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3 => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-3.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {7E216137-A09C-4519-B980-8D786F09AF3D} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5 => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-5.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {84D27124-2A3D-408D-83B1-900865482CE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company) Task: {869C66D9-5CE9-420C-A8B0-106F2DA6B090} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8EEF30C2-94A3-4387-89EE-C849032AEB96} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {9D1A96DA-4319-45DC-A952-A48E0459D99A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.) Task: {9DC995FE-C0C7-4B39-AF81-37DC1D689C6C} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION Task: {A28AD1CD-D4AA-4691-88BD-3A991FF1952E} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2 => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-2.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {A2E63F5D-7FA8-418C-AD12-0E3BC23A1720} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3 => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-3.exe [2014-04-29] (Freeven) <==== ATTENTION Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {B11703F9-9581-4394-A0E0-5E98317507F0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-29] (AnyProtect by CMI) <==== ATTENTION Task: {C4D1AEFD-AFA0-489A-B7E0-FD08DFB52821} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-24] (AVAST Software) Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D32AF669-9A1B-4B82-88E2-34F9331CF506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.) Task: {E23A0352-00D1-4F9D-963D-4EA6BFF7A570} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1.job => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe <==== ATTENTION Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2.job => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-2.exe <==== ATTENTION Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3.job => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-3.exe <==== ATTENTION Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5.job => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-5.exe <==== ATTENTION Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2.job => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-2.exe Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3.job => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-3.exe Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5.job => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-5.exe Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION ==================== Loaded Modules (whitelisted) ============= 2013-06-20 03:53 - 2013-06-20 03:53 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2013-06-20 03:53 - 2013-06-20 03:53 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll 2013-01-10 13:35 - 2013-01-10 13:35 - 00055296 _____ () C:\Windows\system32\BlueSoleilCSps.dll 2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\system32\BsTrace.dll 2013-01-10 11:25 - 2013-01-10 11:25 - 00364544 _____ () C:\Windows\system32\BsExtendFunc.dll 2013-06-20 03:53 - 2013-06-20 03:53 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll 2013-06-20 03:53 - 2013-06-20 03:53 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2014-04-29 17:09 - 2014-04-28 11:09 - 03267536 _____ () C:\Users\Annemarie\AppData\Local\fst_de_7\upfst_de_7.exe 2014-04-26 19:58 - 2014-04-26 19:58 - 00052736 _____ () C:\Users\Annemarie\AppData\Roaming\VOPackage\VOsrv.exe 2014-04-29 16:55 - 2014-04-29 16:55 - 00078848 _____ () C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe 2014-04-26 00:07 - 2014-04-26 00:07 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042501\algo.dll 2014-04-29 17:09 - 2014-04-29 17:09 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042801\algo.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll 2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll 2013-01-10 13:35 - 2013-01-10 13:35 - 00055296 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll 2013-03-22 10:06 - 2013-03-22 10:06 - 00387936 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll 2011-07-05 10:53 - 2011-07-05 10:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll 2013-12-26 12:10 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll 2013-01-31 17:04 - 2013-01-31 17:04 - 00080120 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll 2013-01-10 11:25 - 2013-01-10 11:25 - 00364544 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll 2014-04-24 17:44 - 2014-04-24 17:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-04-29 17:09 - 2012-09-26 15:31 - 00886272 _____ () C:\Program Files (x86)\Activeris AntiMalware\System.Data.SQLite.dll 2014-04-29 17:09 - 2014-01-23 19:04 - 01718264 _____ () C:\Program Files (x86)\Activeris AntiMalware\acrissys.dll 2014-04-29 17:10 - 2012-09-26 15:31 - 00168448 _____ () C:\Program Files (x86)\Activeris AntiMalware\UNRAR.DLL 2014-04-29 17:16 - 2014-04-29 17:16 - 00117248 _____ () C:\Users\Annemarie\AppData\Local\Temp\nsq9524.tmp\IpConfig.dll 2014-04-29 17:16 - 2014-04-29 17:16 - 00020992 _____ () C:\Users\Annemarie\AppData\Local\Temp\nsq9524.tmp\inetc.dll 2014-03-29 13:08 - 2014-03-29 13:08 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-04-29 17:45 - 2014-04-29 17:45 - 00117248 _____ () C:\Users\Annemarie\AppData\Local\Temp\nshEFF1.tmp\IpConfig.dll 2014-04-11 18:36 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll 2014-04-11 18:36 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll 2014-04-11 18:36 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/29/2014 05:50:43 PM) (Source: Application Hang) (User: ) Description: Programm chrome.exe, Version 34.0.1847.116 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2e28 Startzeit: 01cf63c2b74f3791 Endzeit: 4294967295 Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Berichts-ID: 03ac84fe-cfb6-11e3-be80-3c77e617fd52 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/29/2014 05:50:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ANNICOMPUTER) Description: Das Paket „DefaultBrowser_NOPUBLISHERID“ wurde beendet, da das Anhalten zu lange dauerte. Error: (04/29/2014 05:15:50 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1fa8 Startzeit: 01cf63bdb1c6c7de Endzeit: 169 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 20cdea95-cfb1-11e3-be80-3c77e617fd52 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/29/2014 05:09:31 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (04/28/2014 09:37:23 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 2b64 Startzeit: 01cf630fbc4758d1 Endzeit: 268 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 7f8c9437-cf0c-11e3-be80-3c77e617fd52 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/27/2014 05:53:30 PM) (Source: Application Hang) (User: ) Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 3e8 Startzeit: 01cf622b3b233243 Endzeit: 359 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 1067f82e-ce24-11e3-be80-3c77e617fd52 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (04/26/2014 06:28:10 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a9152 Name des fehlerhaften Moduls: Microsoft.WindowsLive.ClientAccessLibrary.dll, Version: 16.4.4388.928, Zeitstempel: 0x50656efe Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000277cb5 ID des fehlerhaften Prozesses: 0x1f34 Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0 Pfad der fehlerhaften Anwendung: wwahost.exe1 Pfad des fehlerhaften Moduls: wwahost.exe2 Berichtskennung: wwahost.exe3 Vollständiger Name des fehlerhaften Pakets: wwahost.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5 Error: (04/26/2014 02:18:40 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (04/26/2014 01:39:15 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x51c2ab8e Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x51c2ab8e Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000002ea19 ID des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0 Pfad der fehlerhaften Anwendung: atieclxx.exe1 Pfad des fehlerhaften Moduls: atieclxx.exe2 Berichtskennung: atieclxx.exe3 Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5 Error: (04/26/2014 00:16:02 AM) (Source: ATIeRecord) (User: ) Description: ATI EEU maximum number of session has been surpassed System errors: ============= Error: (04/29/2014 05:53:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/29/2014 05:52:24 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! EmHWID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/29/2014 05:36:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/29/2014 05:28:47 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/29/2014 05:19:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/29/2014 05:10:34 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/28/2014 05:55:26 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/27/2014 02:52:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/26/2014 07:28:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Error: (04/26/2014 01:40:28 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: %%127 Microsoft Office Sessions: ========================= Error: (04/29/2014 05:50:43 PM) (Source: Application Hang)(User: ) Description: chrome.exe34.0.1847.1162e2801cf63c2b74f37914294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe03ac84fe-cfb6-11e3-be80-3c77e617fd52 Error: (04/29/2014 05:50:37 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ANNICOMPUTER) Description: DefaultBrowser_NOPUBLISHERID Error: (04/29/2014 05:15:50 PM) (Source: Application Hang)(User: ) Description: firefox.exe28.0.0.51861fa801cf63bdb1c6c7de169C:\Program Files (x86)\Mozilla Firefox\firefox.exe20cdea95-cfb1-11e3-be80-3c77e617fd52 Error: (04/29/2014 05:09:31 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (04/28/2014 09:37:23 PM) (Source: Application Hang)(User: ) Description: firefox.exe28.0.0.51862b6401cf630fbc4758d1268C:\Program Files (x86)\Mozilla Firefox\firefox.exe7f8c9437-cf0c-11e3-be80-3c77e617fd52 Error: (04/27/2014 05:53:30 PM) (Source: Application Hang)(User: ) Description: firefox.exe28.0.0.51863e801cf622b3b233243359C:\Program Files (x86)\Mozilla Firefox\firefox.exe1067f82e-ce24-11e3-be80-3c77e617fd52 Error: (04/26/2014 06:28:10 PM) (Source: Application Error)(User: ) Description: wwahost.exe6.2.9200.16420505a9152Microsoft.WindowsLive.ClientAccessLibrary.dll16.4.4388.92850656efec00000050000000000277cb51f3401cf616c747a7ee1C:\Windows\system32\wwahost.exeC:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.ClientAccessLibrary.dllc132d281-cd5f-11e3-be80-3c77e617fd52microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbweMicrosoft.WindowsLive.ModernPhotos Error: (04/26/2014 02:18:40 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (04/26/2014 01:39:15 PM) (Source: Application Error)(User: ) Description: atieclxx.exe6.14.11.114351c2ab8eatieclxx.exe6.14.11.114351c2ab8ec0000005000000000002ea1971801cf60d43b03fe15C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe647ddd53-cd37-11e3-be80-3c77e617fd52 Error: (04/26/2014 00:16:02 AM) (Source: ATIeRecord)(User: ) Description: ==================== Memory info =========================== Percentage of memory in use: 54% Total physical RAM: 3546.25 MB Available physical RAM: 1599.11 MB Total Pagefile: 4186.25 MB Available Pagefile: 1869.25 MB Total Virtual: 8192 MB Available Virtual: 8191.79 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:447.16 GB) (Free:400.27 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:17.83 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: B4D436BA) Partition: GPT Partition Type. ==================== End Of Log ============================ Zitat:
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014 Ran by Annemarie (administrator) on ANNICOMPUTER on 29-04-2014 18:46:58 Running from C:\Users\Annemarie\Downloads Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe (Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe (Microsoft Corporation) C:\Windows\system32\dashost.exe (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (AMD) C:\Windows\system32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe () C:\Users\Annemarie\AppData\Local\fst_de_7\upfst_de_7.exe (Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe () C:\Users\Annemarie\AppData\Roaming\VOPackage\VOsrv.exe ( ) C:\Users\Annemarie\AppData\Roaming\VOPackage\VOPackage.exe () C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe (Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe (Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe ( ) C:\Users\Annemarie\AppData\Roaming\VOPackage\vopackage.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation) HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-24] (AVAST Software) HKLM-x32\...\Run: [fst_de_7] => "C:\Program Files (x86)\fst_de_7\fst_de_7.exe" HKLM-x32\...\RunOnce: [upfst_de_7.exe] - C:\Users\Annemarie\AppData\Local\fst_de_7\upfst_de_7.exe -runonce [3267536 2014-04-28] () HKLM-x32\...\RunOnce: [VOPackage] - C:\Users\Annemarie\AppData\Roaming\VOPackage\VOPackage.exe /runonce [296161 2014-04-29] ( ) HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\de15d3b9-2e74-4153-8c14-385c97120fe0.exe /check [181136 2014-04-29] (AVAST Software) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} SearchScopes: HKLM - {742F5B54-2814-4148-98A2-519FD76D0944} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} SearchScopes: HKLM-x32 - {742F5B54-2814-4148-98A2-519FD76D0944} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} SearchScopes: HKCU - {742F5B54-2814-4148-98A2-519FD76D0944} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven) BHO: Freeven pro 1.2 - {11111111-1111-1111-1111-110511421153} - C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho64.dll (Freeven) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven) BHO-x32: Freeven pro 1.2 - {11111111-1111-1111-1111-110511421153} - C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho.dll (Freeven) BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default FF DefaultSearchEngine: webssearches FF SelectedSearchEngine: webssearches FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Quick Start - C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default\Extensions\quick_start@gmail.com [2014-04-29] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-12-25] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-24] FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default\extensions\quick_start@gmail.com FF Extension: Quick Start - C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default\extensions\quick_start@gmail.com [2014-04-29] Chrome: ======= CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707 CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707" CHR DefaultSearchKeyword: webssearches CHR DefaultSearchProvider: webssearches CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms} CHR Extension: (Google Docs) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-01] CHR Extension: (Google Drive) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01] CHR Extension: (YouTube) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01] CHR Extension: (Google Search) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01] CHR Extension: (Freeven pro 1.2) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb [2014-04-29] CHR Extension: (MediaPlayerplus) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-29] CHR Extension: (Norton Identity Protection) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-01] CHR Extension: (Google Wallet) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01] CHR Extension: (Gmail) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-24] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-26] CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-29] ==================== Services (Whitelisted) ================= R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-06-20] () R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-20] (Advanced Micro Devices, Inc.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-24] (AVAST Software) R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation) R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation) R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-04-11] (Hewlett-Packard Development Company, L.P.) R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor) R2 vosr; C:\Users\Annemarie\AppData\Roaming\VOPackage\VOsrv.exe [52736 2014-04-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-29] (Cherished Technololgy LIMITED) ==================== Drivers (Whitelisted) ==================== R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-24] () R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices) R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation) U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation) U4 BthAvrcpTg; U4 BthHFEnum; U4 bthhfhid; R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation) R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation) S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140222.007\ENG64.SYS [126040 2013-12-25] (Symantec Corporation) S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140222.007\EX64.SYS [2099288 2013-12-25] (Symantec Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-03-29] (Realtek Semiconductor Corp.) R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated) S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-26] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-29 18:46 - 2014-04-29 18:48 - 00025649 _____ () C:\Users\Annemarie\Downloads\FRST.txt 2014-04-29 18:46 - 2014-04-29 18:46 - 00000000 ____D () C:\FRST 2014-04-29 18:45 - 2014-04-29 18:45 - 02061824 _____ (Farbar) C:\Users\Annemarie\Downloads\FRST64.exe 2014-04-29 17:50 - 2014-04-29 17:50 - 00001859 _____ () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk 2014-04-29 17:28 - 2014-04-29 18:05 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup 2014-04-29 17:20 - 2014-04-29 17:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-29 17:20 - 2014-04-29 17:20 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-29 17:19 - 2014-04-29 17:23 - 00000000 ____D () C:\ProgramData\IePluginService 2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\SupTab 2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-29 17:18 - 2014-04-29 17:20 - 00001202 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.quick.results 2014-04-29 17:18 - 2014-04-29 17:20 - 00000318 _____ () C:\Users\Annemarie\AppData\Roaming\aps.uninstall.scan.results 2014-04-29 17:18 - 2014-04-29 17:18 - 00000000 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.results 2014-04-29 17:17 - 2014-04-29 17:18 - 00000000 ____D () C:\ProgramData\WPM 2014-04-29 17:17 - 2014-04-29 17:17 - 00004570 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5 2014-04-29 17:17 - 2014-04-29 17:17 - 00004522 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5 2014-04-29 17:17 - 2014-04-29 17:17 - 00004458 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2 2014-04-29 17:17 - 2014-04-29 17:17 - 00001566 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5.job 2014-04-29 17:17 - 2014-04-29 17:17 - 00001518 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5.job 2014-04-29 17:17 - 2014-04-29 17:17 - 00001454 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2.job 2014-04-29 17:17 - 2014-04-29 17:17 - 00001052 _____ () C:\Users\Annemarie\Desktop\AnyProtect.lnk 2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2014-04-29 17:16 - 2014-04-29 17:17 - 00004410 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2 2014-04-29 17:16 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-04-29 17:16 - 2014-04-29 17:16 - 00004486 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1 2014-04-29 17:16 - 2014-04-29 17:16 - 00004438 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1 2014-04-29 17:16 - 2014-04-29 17:16 - 00001482 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1.job 2014-04-29 17:16 - 2014-04-29 17:16 - 00001434 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1.job 2014-04-29 17:16 - 2014-04-29 17:16 - 00001406 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2.job 2014-04-29 17:16 - 2014-04-29 17:15 - 01745360 _____ (AnyProtect.com) C:\Users\Annemarie\AppData\Local\nsf9C00.tmp 2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\VOPackage 2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-04-29 17:12 - 2014-04-29 18:12 - 00000312 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job 2014-04-29 17:12 - 2014-04-29 17:12 - 00003230 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance 2014-04-29 17:11 - 2014-04-29 17:12 - 00002534 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup 2014-04-29 17:11 - 2014-04-29 17:12 - 00000306 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-04-29 17:11 - 2014-04-29 17:11 - 00001172 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk 2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Activeris 2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue 2014-04-29 17:10 - 2014-04-29 17:10 - 00001165 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk 2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today 2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware 2014-04-29 17:09 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus 2014-04-29 17:09 - 2014-04-29 17:13 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\fst_de_7 2014-04-29 17:09 - 2014-04-29 17:10 - 00000000 ____D () C:\Program Files (x86)\fst_de_7 2014-04-29 17:09 - 2014-04-29 17:10 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware 2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3 2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3 2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3.job 2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3.job 2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Uniblue 2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\ProgramData\Activeris 2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\Uniblue 2014-04-29 17:09 - 2012-09-26 19:03 - 00020480 _____ () C:\Windows\system32\acrisnative64.exe 2014-04-29 17:08 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2 2014-04-24 17:45 - 2014-04-24 17:45 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\AVAST Software 2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-04-24 17:44 - 2014-04-24 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-24 17:44 - 2014-04-24 17:44 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-24 17:44 - 2014-04-24 17:44 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-24 17:44 - 2014-04-24 17:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-24 17:43 - 2014-04-24 17:43 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-24 17:42 - 2014-04-24 17:43 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-24 17:40 - 2014-04-24 17:42 - 88882192 _____ (AVAST Software) C:\Users\Annemarie\Downloads\avast_free18_antivirus_setup.exe 2014-04-24 14:26 - 2014-04-24 14:25 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-24 14:25 - 2014-04-24 14:25 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-24 14:25 - 2014-04-24 14:25 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-24 14:25 - 2014-04-24 14:25 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\Program Files\Java 2014-04-24 14:22 - 2014-04-24 14:23 - 34131368 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\jre-8u5-windows-x64.exe 2014-04-11 18:12 - 2014-04-11 18:13 - 00318592 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-09 13:52 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 13:52 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-09 13:52 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-09 13:52 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-02 15:46 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-02 15:46 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-02 15:43 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-02 15:43 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-02 15:42 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-02 15:42 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-01 18:56 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-01 18:56 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-01 18:56 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-01 18:56 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-01 18:56 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-01 18:56 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-01 18:56 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-01 18:56 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-01 18:56 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-01 18:56 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-01 18:56 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-01 18:56 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-01 18:56 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-01 18:56 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-01 18:56 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-01 18:56 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-01 18:55 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-01 18:55 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-01 18:55 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-01 18:55 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-01 18:55 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-01 18:55 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-03-30 19:08 - 2014-04-12 12:00 - 00000000 ____D () C:\Users\Annemarie\Documents\H&M Bestellung-Dateien 2014-03-30 19:08 - 2014-03-30 19:08 - 00015027 _____ () C:\Users\Annemarie\Documents\H&M Bestellung.htm ==================== One Month Modified Files and Folders ======= 2014-04-29 18:48 - 2014-04-29 18:46 - 00025649 _____ () C:\Users\Annemarie\Downloads\FRST.txt 2014-04-29 18:46 - 2014-04-29 18:46 - 00000000 ____D () C:\FRST 2014-04-29 18:45 - 2014-04-29 18:45 - 02061824 _____ (Farbar) C:\Users\Annemarie\Downloads\FRST64.exe 2014-04-29 18:37 - 2013-12-25 00:49 - 01673508 _____ () C:\Windows\WindowsUpdate.log 2014-04-29 18:27 - 2014-01-01 12:42 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-29 18:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-04-29 18:12 - 2014-04-29 17:12 - 00000312 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job 2014-04-29 18:05 - 2014-04-29 17:28 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup 2014-04-29 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-29 17:50 - 2014-04-29 17:50 - 00001859 _____ () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk 2014-04-29 17:44 - 2014-04-29 17:20 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job 2014-04-29 17:23 - 2014-04-29 17:19 - 00000000 ____D () C:\ProgramData\IePluginService 2014-04-29 17:20 - 2014-04-29 17:20 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1 2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP3 2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP2 2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job 2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job 2014-04-29 17:20 - 2014-04-29 17:18 - 00001202 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.quick.results 2014-04-29 17:20 - 2014-04-29 17:18 - 00000318 _____ () C:\Users\Annemarie\AppData\Roaming\aps.uninstall.scan.results 2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\SupTab 2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-29 17:18 - 2014-04-29 17:18 - 00000000 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.results 2014-04-29 17:18 - 2014-04-29 17:17 - 00000000 ____D () C:\ProgramData\WPM 2014-04-29 17:17 - 2014-04-29 17:17 - 00004570 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5 2014-04-29 17:17 - 2014-04-29 17:17 - 00004522 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5 2014-04-29 17:17 - 2014-04-29 17:17 - 00004458 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2 2014-04-29 17:17 - 2014-04-29 17:17 - 00001566 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5.job 2014-04-29 17:17 - 2014-04-29 17:17 - 00001518 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5.job 2014-04-29 17:17 - 2014-04-29 17:17 - 00001454 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2.job 2014-04-29 17:17 - 2014-04-29 17:17 - 00001052 _____ () C:\Users\Annemarie\Desktop\AnyProtect.lnk 2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2014-04-29 17:17 - 2014-04-29 17:16 - 00004410 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2 2014-04-29 17:17 - 2014-04-29 17:16 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2014-04-29 17:17 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus 2014-04-29 17:17 - 2014-04-29 17:08 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2 2014-04-29 17:16 - 2014-04-29 17:16 - 00004486 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1 2014-04-29 17:16 - 2014-04-29 17:16 - 00004438 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1 2014-04-29 17:16 - 2014-04-29 17:16 - 00001482 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1.job 2014-04-29 17:16 - 2014-04-29 17:16 - 00001434 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1.job 2014-04-29 17:16 - 2014-04-29 17:16 - 00001406 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2.job 2014-04-29 17:15 - 2014-04-29 17:16 - 01745360 _____ (AnyProtect.com) C:\Users\Annemarie\AppData\Local\nsf9C00.tmp 2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\VOPackage 2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-04-29 17:13 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\fst_de_7 2014-04-29 17:12 - 2014-04-29 17:12 - 00003230 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance 2014-04-29 17:12 - 2014-04-29 17:11 - 00002534 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup 2014-04-29 17:12 - 2014-04-29 17:11 - 00000306 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-04-29 17:12 - 2014-01-01 12:44 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-04-29 17:12 - 2014-01-01 12:39 - 00001378 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-29 17:12 - 2013-12-25 00:54 - 00001681 _____ () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-29 17:11 - 2014-04-29 17:11 - 00001172 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk 2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Activeris 2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue 2014-04-29 17:10 - 2014-04-29 17:10 - 00001165 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk 2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today 2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware 2014-04-29 17:10 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\fst_de_7 2014-04-29 17:10 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware 2014-04-29 17:10 - 2014-01-01 12:39 - 00001390 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3 2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3 2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3.job 2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3.job 2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Uniblue 2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\ProgramData\Activeris 2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\Uniblue 2014-04-29 16:36 - 2013-03-22 10:00 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini 2014-04-29 16:34 - 2014-01-01 12:42 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-29 16:34 - 2013-09-20 17:59 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI 2014-04-29 16:33 - 2013-09-20 17:59 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI 2014-04-28 22:06 - 2013-09-20 17:41 - 00065536 _____ () C:\Windows\system32\spu_storage.bin 2014-04-26 17:03 - 2013-07-19 00:18 - 00830120 _____ () C:\Windows\system32\perfh007.dat 2014-04-26 17:03 - 2013-07-19 00:18 - 00188224 _____ () C:\Windows\system32\perfc007.dat 2014-04-26 17:03 - 2012-07-26 09:28 - 01949368 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-26 13:42 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-26 00:18 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-26 00:17 - 2012-08-04 00:23 - 00018220 _____ () C:\Windows\PFRO.log 2014-04-26 00:16 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-04-24 17:45 - 2014-04-24 17:45 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\AVAST Software 2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-04-24 17:45 - 2014-04-24 17:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-04-24 17:44 - 2014-04-24 17:44 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-04-24 17:44 - 2014-04-24 17:44 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-04-24 17:44 - 2014-04-24 17:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-04-24 17:44 - 2014-04-24 17:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-04-24 17:43 - 2014-04-24 17:43 - 00000000 ____D () C:\Program Files\AVAST Software 2014-04-24 17:43 - 2014-04-24 17:42 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-24 17:42 - 2014-04-24 17:40 - 88882192 _____ (AVAST Software) C:\Users\Annemarie\Downloads\avast_free18_antivirus_setup.exe 2014-04-24 14:25 - 2014-04-24 14:26 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-24 14:25 - 2014-04-24 14:25 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-24 14:25 - 2014-04-24 14:25 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-24 14:25 - 2014-04-24 14:25 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\Program Files\Java 2014-04-24 14:23 - 2014-04-24 14:22 - 34131368 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\jre-8u5-windows-x64.exe 2014-04-21 18:13 - 2014-01-26 12:49 - 00000000 ____D () C:\Users\Annemarie\Schule 2014-04-12 12:00 - 2014-03-30 19:08 - 00000000 ____D () C:\Users\Annemarie\Documents\H&M Bestellung-Dateien 2014-04-11 18:13 - 2014-04-11 18:12 - 00318592 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-09 17:54 - 2013-12-29 00:20 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 17:50 - 2013-12-29 00:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-08 19:07 - 2013-12-25 00:54 - 00000000 ___RD () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-08 19:07 - 2013-12-25 00:54 - 00000000 ___RD () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-02 16:22 - 2014-01-01 12:42 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-02 16:22 - 2014-01-01 12:42 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-01 18:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB 2014-04-01 18:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\en-GB 2014-03-31 23:18 - 2013-12-29 11:53 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2013-12-29 11:53 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-30 19:08 - 2014-03-30 19:08 - 00015027 _____ () C:\Users\Annemarie\Documents\H&M Bestellung.htm 2014-03-30 16:17 - 2014-01-01 12:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\Annemarie\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Annemarie\AppData\Local\Temp\GoogleSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-26 20:21 ==================== End Of Log ============================ --- --- --- |
30.04.2014, 23:31 | #4 |
/// the machine /// TB-Ausbilder | Win32:Evo-gen[Susp] Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Win32:Evo-gen[Susp] |
ahnung, antivirus, avast, avast free antivirus, blockiert, datei, datei blockiert, erschein, extrem, fenster, free, gefunde, hinzufügen, keine ahnung, nervt, nichts, objekt, poppen, problem, scan, stimme, verdächtige, verdächtiges, virus computer hilfe, win, win32 |