Trojaner-Board - Windows Vista runterladen neuer player für movie4k.to und geht nicht mehr auf google start seite

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows Vista runterladen neuer player für movie4k.to und geht nicht mehr auf google start seite (https://www.trojaner-board.de/153916-windows-vista-runterladen-neuer-player-movie4k-to-geht-mehr-google-start-seite.html)

Windows Vista runterladen neuer player für movie4k.to und geht nicht mehr auf google start seite

Hab über Malwarebytes den Quickrun laufen lassen...

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.05.15.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Markus :: PIM-PC [Administrator]

15/05/2014 10:58:42
MBAM-log-2014-05-15 (18-30-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251608
Laufzeit: 3 Stunde(n), 7 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 4
C:\Program Files\fst_de_16\fst_de_16.exe (Adware.Tuto4PC) -> 5620 -> Keine Aktion durchgeführt.
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager) -> 4116 -> Keine Aktion durchgeführt.
C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> 4220 -> Keine Aktion durchgeführt.
C:\Program Files\fst_de_16\fst_de_16.exe (PUP.Optional.FirstSeenToday.A) -> 5620 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 1
C:\Program Files\SupTab\DpInterface32.dll (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungsschlüssel: 30
HKLM\SYSTEM\CurrentControlSet\Services\Wpm (PUP.Optional.WpManager) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IePluginService (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} (PUP.Optional.SupTab.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A} (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKCR\facemoods.dskBnd (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKCR\facemoods.dskBnd.1 (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKCR\facemoods.xtrnl (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKCR\facemoods.xtrnl.1 (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\facemoods.com (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\InstalledBrowserExtensions\21636 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\Freeven (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\facemoods.com (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\FreeSoftToday (Adware.EoRezo) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif (PUP.Optional.FaceMoods.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma (PUP.Optional.QuickStart.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\InstalledBrowserExtensions\21636 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Keine Aktion durchgeführt.
HKLM\Software\Freeven pro 1.2 (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKLM\Software\MediaPlayerplus (PUP.Optional.MediaPlayerplus.A) -> Keine Aktion durchgeführt.
HKLM\Software\webssearchesSoftware (PUP.Optional.WebsSearches.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2 (PUP.Optional.Feven.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_de_16_is1 (Adware.EoRezo) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fst_de_16 (Adware.Tuto4PC) -> Daten: "C:\Program Files\fst_de_16\fst_de_16.exe" -> Keine Aktion durchgeführt.
HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {EB6DCDC4-353F-11E0-8612-0016D4B897A9} -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fst_de_16 (PUP.Optional.FirstSeenToday.A) -> Daten: "C:\Program Files\fst_de_16\fst_de_16.exe" -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|quick_start@gmail.com (PUP.Optional.QuickStart.A) -> Daten: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\quick_start@gmail.com -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\Wpm|ImagePath (PUP.Optional.WpManager.A) -> Daten: C:\ProgramData\WPM\wprotectmanager.exe -service -> Keine Aktion durchgeführt.
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {EB6DCDC4-353F-11E0-8612-0016D4B897A9} -> Keine Aktion durchgeführt.

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014

Ran by Markus (administrator) on PIM-PC on 16-05-2014 04:25:02

Running from C:\Users\Markus\Downloads

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe

(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe

(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE

() C:\Windows\System32\LEXPPS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

() C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

() C:\Program Files\NewPlayer\NewPlayerLwruQw.exe

(Activeris) C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

() C:\Program Files\NewPlayer\NewPlayerLwr161.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)

HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [46704 2006-11-10] (Hewlett-Packard)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-10] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [289064 2008-07-30] (Apple Inc.)

HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1164584 2010-09-01] ()

HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-05-21] (RealNetworks, Inc.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-21] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]

HKU\S-1-5-21-1916800003-2860886627-113782704-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)

Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk

ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
 

==================== Internet (Whitelisted) ====================
 

ProxyServer: http=127.0.0.1:14295

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

SearchScopes: HKLM - {0449F01E-0295-4025-A9DF-78D354D5B481} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

SearchScopes: HKCU - {0449F01E-0295-4025-A9DF-78D354D5B481} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06

SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=irst&s={searchTerms}&f=4

SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=303070D1-184D-4103-83E7-E627F92524D1&apn_sauid=C291F2FB-B5DA-44DA-B4D8-7E80133C3AC4

SearchScopes: HKCU - {1F096B29-E9DA-4D64-8D63-936BE7762CC5} URL = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=0c6571bc000000000000001a7315e76b&tlver=1.4.19.14& affID=17163

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]

Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Winsock: Catalog9 44 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default

FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

FF DefaultSearchEngine: webssearches

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SelectedSearchEngine: webssearches

FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

FF Keyword.URL: hxxp://search.sweetim.com/search.asp?barid={EB6DCDC4-353F-11E0-8612-0016D4B897A9}&src=2&q=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Users\Markus\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)

FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\webssearches.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Quick Start - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\Extensions\quick_start@gmail.com [2014-05-15]

FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-05-12]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-12]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-12]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012

FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\quick_start@gmail.com

FF Extension: Quick Start - C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\quick_start@gmail.com [2014-05-15]

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-21]

FF HKCU\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012
 

Chrome: 

=======

CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW

CHR RestoreOnStartup: "hxxp://istart.webssearches.com/?type=hp&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW"

CHR DefaultSearchKeyword: webssearches

CHR DefaultSearchProvider: webssearches

CHR DefaultSearchURL: http://istart.webssearches.com/web/?type=ds&ts=1400143370&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File

CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll No File

CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (RealDownloader) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-28]

CHR Extension: (Skype Click to Call) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-28]

CHR Extension: (Chrome In-App Payments service) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.14\BabylonToolbar.crx [2013-08-28]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoods.crx [2013-04-16]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-05-15]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-21] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-21] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-21] (Avira Operations GmbH & Co. KG)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)

R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)

S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-15] (globalUpdate)

S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-15] (globalUpdate)

S2 gupdate1c9deaa14fed3cc; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-27] (Google Inc.)

R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [63080 2006-11-21] (Hewlett-Packard)

S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)

R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)

R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [299008 2002-02-14] (Lexmark International, Inc.)

R2 NewPlayer; C:\Program Files\NewPlayer\NewPlayerLwr161.exe [132608 2014-05-15] ()

R2 NewPlayerUpdaterService; C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-05-05] ()

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-03-21] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-03-21] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-03-21] (Avira Operations GmbH & Co. KG)

S3 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)

R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-02] (Conexant Systems Inc.)

S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-05-15] (Malwarebytes Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-03] (Avira GmbH)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\Users\Markus\AppData\Local\Temp\catchme.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-16 04:25 - 2014-05-16 04:35 - 00026327 _____ () C:\Users\Markus\Downloads\FRST.txt

2014-05-16 04:23 - 2014-05-16 04:25 - 00000000 ____D () C:\FRST

2014-05-16 04:18 - 2014-05-16 04:19 - 01056768 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe

2014-05-16 03:08 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-16 03:08 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-16 03:08 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-15 10:54 - 2014-05-15 10:56 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2014-05-15 10:51 - 2014-05-15 10:52 - 00000000 ____D () C:\ProgramData\IePluginService

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\VOPackage

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\SupTab

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Program Files\SupTab

2014-05-15 10:50 - 2014-05-15 10:50 - 00000000 ____D () C:\ProgramData\WPM

2014-05-15 10:48 - 2014-05-16 04:00 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-05-15 10:48 - 2014-05-16 03:01 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-05-15 10:48 - 2014-05-15 10:48 - 00000000 ____D () C:\Users\Markus\AppData\Local\newplayer

2014-05-15 10:47 - 2014-05-15 10:47 - 00001754 _____ () C:\Users\Markus\Desktop\Sync Folder.lnk

2014-05-15 10:46 - 2014-05-15 10:46 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Activeris

2014-05-15 10:46 - 2014-05-15 10:46 - 00000000 ____D () C:\Users\Markus\AppData\Local\globalUpdate

2014-05-15 10:46 - 2014-05-15 10:46 - 00000000 ____D () C:\Program Files\globalUpdate

2014-05-15 10:45 - 2014-05-15 10:47 - 00000000 ____D () C:\Program Files\MediaPlayerplus

2014-05-15 10:45 - 2014-05-15 10:47 - 00000000 ____D () C:\Program Files\Freeven pro 1.2

2014-05-15 10:45 - 2014-05-15 10:45 - 00000955 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk

2014-05-15 10:45 - 2014-05-15 10:45 - 00000898 _____ () C:\Users\Public\Desktop\NewPlayer.lnk

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\ProgramData\Activeris

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\Program Files\Activeris AntiMalware

2014-05-15 10:45 - 2012-09-26 19:03 - 00016384 _____ () C:\Windows\system32\acrisnative32.exe

2014-05-15 10:44 - 2014-05-16 04:03 - 00000364 _____ () C:\Windows\Tasks\NewPlayer Update.job

2014-05-15 10:44 - 2014-05-16 03:59 - 00000354 _____ () C:\Windows\Tasks\NewPlayer_wd.job

2014-05-15 10:44 - 2014-05-16 03:57 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-05-15 10:44 - 2014-05-15 19:41 - 00000000 ____D () C:\Program Files\fst_de_16

2014-05-15 10:44 - 2014-05-15 11:04 - 00000000 ____D () C:\Users\Markus\AppData\Local\fst_de_16

2014-05-15 10:44 - 2014-05-15 10:45 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-05-15 10:44 - 2014-05-15 10:44 - 00000884 _____ () C:\Users\Markus\Desktop\MyPC Backup.lnk

2014-05-15 10:43 - 2014-05-15 10:45 - 00000000 ____D () C:\Program Files\NewPlayer

2014-05-15 10:41 - 2014-05-15 10:41 - 00000000 ____D () C:\Users\Markus\AppData\Local\SearchProtect

2014-05-15 10:41 - 2014-05-15 10:41 - 00000000 _____ () C:\END

2014-05-15 10:38 - 2014-05-15 10:38 - 00860456 _____ () C:\Users\Markus\Downloads\New_player(1).exe

2014-05-15 10:37 - 2014-05-15 10:37 - 00860456 _____ () C:\Users\Markus\Downloads\New_player.exe

2014-05-15 08:18 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-12 06:57 - 2014-05-12 06:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-05-16 04:35 - 2014-05-16 04:25 - 00026327 _____ () C:\Users\Markus\Downloads\FRST.txt

2014-05-16 04:35 - 2007-04-30 20:48 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job

2014-05-16 04:34 - 2009-07-02 07:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-16 04:25 - 2014-05-16 04:23 - 00000000 ____D () C:\FRST

2014-05-16 04:19 - 2014-05-16 04:18 - 01056768 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe

2014-05-16 04:11 - 2013-01-12 14:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-16 04:09 - 2007-05-01 04:01 - 01982229 _____ () C:\Windows\WindowsUpdate.log

2014-05-16 04:03 - 2014-05-15 10:44 - 00000364 _____ () C:\Windows\Tasks\NewPlayer Update.job

2014-05-16 04:00 - 2014-05-15 10:48 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-05-16 04:00 - 2009-07-02 07:29 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-16 03:59 - 2014-05-15 10:44 - 00000354 _____ () C:\Windows\Tasks\NewPlayer_wd.job

2014-05-16 03:59 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-16 03:57 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\MyPC Backup

2014-05-16 03:54 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-16 03:54 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-16 03:54 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-16 03:51 - 2007-05-01 17:24 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-05-16 03:51 - 2006-11-02 15:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-05-16 03:30 - 2013-08-15 07:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-16 03:15 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-16 03:01 - 2014-05-15 10:48 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-05-15 19:41 - 2014-05-15 10:44 - 00000000 ____D () C:\Program Files\fst_de_16

2014-05-15 11:04 - 2014-05-15 10:44 - 00000000 ____D () C:\Users\Markus\AppData\Local\fst_de_16

2014-05-15 10:56 - 2014-05-15 10:54 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys

2014-05-15 10:53 - 2012-02-19 05:50 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-15 10:53 - 2011-02-02 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

2014-05-15 10:53 - 2011-02-02 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-05-15 10:52 - 2014-05-15 10:51 - 00000000 ____D () C:\ProgramData\IePluginService

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\VOPackage

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\SupTab

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage

2014-05-15 10:51 - 2014-05-15 10:51 - 00000000 ____D () C:\Program Files\SupTab

2014-05-15 10:50 - 2014-05-15 10:50 - 00000000 ____D () C:\ProgramData\WPM

2014-05-15 10:48 - 2014-05-15 10:48 - 00000000 ____D () C:\Users\Markus\AppData\Local\newplayer

2014-05-15 10:47 - 2014-05-15 10:47 - 00001754 _____ () C:\Users\Markus\Desktop\Sync Folder.lnk

2014-05-15 10:47 - 2014-05-15 10:45 - 00000000 ____D () C:\Program Files\MediaPlayerplus

2014-05-15 10:47 - 2014-05-15 10:45 - 00000000 ____D () C:\Program Files\Freeven pro 1.2

2014-05-15 10:46 - 2014-05-15 10:46 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Activeris

2014-05-15 10:46 - 2014-05-15 10:46 - 00000000 ____D () C:\Users\Markus\AppData\Local\globalUpdate

2014-05-15 10:46 - 2014-05-15 10:46 - 00000000 ____D () C:\Program Files\globalUpdate

2014-05-15 10:46 - 2008-11-11 19:53 - 00001044 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-15 10:46 - 2008-10-24 18:39 - 00001147 _____ () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-15 10:45 - 2014-05-15 10:45 - 00000955 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk

2014-05-15 10:45 - 2014-05-15 10:45 - 00000898 _____ () C:\Users\Public\Desktop\NewPlayer.lnk

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\ProgramData\Activeris

2014-05-15 10:45 - 2014-05-15 10:45 - 00000000 ____D () C:\Program Files\Activeris AntiMalware

2014-05-15 10:45 - 2014-05-15 10:44 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup

2014-05-15 10:45 - 2014-05-15 10:43 - 00000000 ____D () C:\Program Files\NewPlayer

2014-05-15 10:44 - 2014-05-15 10:44 - 00000884 _____ () C:\Users\Markus\Desktop\MyPC Backup.lnk

2014-05-15 10:44 - 2011-03-25 08:43 - 00001056 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-15 10:41 - 2014-05-15 10:41 - 00000000 ____D () C:\Users\Markus\AppData\Local\SearchProtect

2014-05-15 10:41 - 2014-05-15 10:41 - 00000000 _____ () C:\END

2014-05-15 10:38 - 2014-05-15 10:38 - 00860456 _____ () C:\Users\Markus\Downloads\New_player(1).exe

2014-05-15 10:37 - 2014-05-15 10:37 - 00860456 _____ () C:\Users\Markus\Downloads\New_player.exe

2014-05-15 10:00 - 2010-10-30 08:45 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job

2014-05-15 08:13 - 2013-01-12 14:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-15 08:12 - 2013-01-12 14:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-13 06:55 - 2012-05-09 07:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-05-12 06:59 - 2014-05-12 06:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-06 07:49 - 2009-03-24 10:22 - 00000000 ____D () C:\Users\Markus\Documents\Markus_Bewerbungen_Englisch

2014-05-06 01:32 - 2014-05-16 03:08 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 01:14 - 2014-05-16 03:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 01:14 - 2014-05-16 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-04-24 08:13 - 2009-03-24 10:20 - 00000000 ____D () C:\Users\Markus\Documents\sonstiger_Schriftverkehr
 

Files to move or delete:

====================

C:\ProgramData\ezsid.dat
 
 

Some content of TEMP:

====================

C:\Users\Markus\AppData\Local\Temp\AskSLib.dll

C:\Users\Markus\AppData\Local\Temp\avgnt.exe

C:\Users\Markus\AppData\Local\Temp\BackupSetup.exe

C:\Users\Markus\AppData\Local\Temp\osam.exe

C:\Users\Markus\AppData\Local\Temp\osam_gui.dll

C:\Users\Markus\AppData\Local\Temp\osam_srv.dll

C:\Users\Markus\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Markus\AppData\Local\Temp\stubhelper.dll

C:\Users\Markus\AppData\Local\Temp\ToolkitPro1211vc80U.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-16 03:59
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014

Ran by Markus at 2014-05-16 04:39:06

Running from C:\Users\Markus\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden

Activeris AntiMalware (HKLM\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris)

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

AFPL Ghostscript 8.53 (HKLM\...\AFPL Ghostscript 8.53) (Version:  - )

AFPL Ghostscript Fonts (HKLM\...\AFPL Ghostscript Fonts) (Version:  - )

Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}) (Version: 2.0.1.5 - Apple Inc.)

Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASL_HS_Installer32 (Version: 1.0.9 - Hewlett-Packard) Hidden

Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)

Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.102.15.61 - Broadcom Corporation)

Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)

DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.0.0 - DivX, Inc.)

DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)

Foxit Reader (HKLM\...\Foxit Reader) (Version:  - )

FoxTab PDF Converter (HKLM\...\FoxTab PDF Converter) (Version:  - FoxTab) <==== ATTENTION

Freeven pro 1.2 (HKLM\...\Freeven pro 1.2) (Version: 1.34.5.12 - Freeven) <==== ATTENTION

Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)

Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 2.1.20060807 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - )

Google Toolbar for Internet Explorer (Version: 4.0.0.002 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.1601.7122 - Google Inc.)

Hewlett-Packard Active Check (Version: 1.1.4.0 - Hewlett-Packard) Hidden

Hewlett-Packard Asset Agent (Version: 2.0.54.0 - HP) Hidden

HP Active Support Library (Version: 1.0.19 - Hewlett-Packard) Hidden

HP Easy Setup - Core (HKLM\...\{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}) (Version: 1.00.0000 - Hewlett-Packard)

HP User Guide 0039 (HKLM\...\{15DD1D3C-8386-47D4-91A4-2D25FAFE1255}) (Version: 1.02.0001 - Hewlett-Packard)

HP Wireless Assistant (HKLM\...\{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}) (Version: 3.00 B2 - Hewlett-Packard)

HP_Network_UserGuide (Version: 1.00.0000 - Hewlett-Packard) Hidden

Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )

iTunes (HKLM\...\{3DE0053C-FD9A-483E-B7C9-B06E4392206E}) (Version: 7.7.1.11 - Apple Inc.)

Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

MediaPlayerplus (HKLM\...\MediaPlayerplus) (Version: 1.34.5.12 - Freeven) <==== ATTENTION

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)

Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden

MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION

NewPlayer (HKLM\...\C7BA5201-816F-9A20-8CC5-2C1574161A4B) (Version:  - NewPlayer) <==== ATTENTION

NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.8 - ) <==== ATTENTION

PC Connectivity Solution (HKLM\...\{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}) (Version: 8.22.4.0 - Nokia)

PDFill PDF Writer (HKLM\...\PDFill PDF Writer) (Version:  - )

QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)

RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden

Rhapsody Player Engine (HKLM\...\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}) (Version: 1.1.0 - RealNetworks)

Rhapsody Player Engine (HKLM\...\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}) (Version: 1.0.604 - RealNetworks)

Roxio MyDVD Basic v9 (HKLM\...\{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}) (Version: 9.0.114 - Roxio)

Serif PagePlus SE 1.0 (HKLM\...\{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}) (Version: 1.00 - Serif)

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 5.10 (HKLM\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)

Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden

SopCast 3.4.8 (HKLM\...\SopCast) (Version: 3.4.8 - www.sopcast.com)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 9.0.1.5 - Synaptics)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden

VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION

webssearches uninstaller (HKLM\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION

Windows Driver Package - Nokia Modem  (05/22/2008 3.8) (HKLM\...\C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD) (Version: 05/22/2008 3.8 - Nokia)

Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WPM18.8.0.304 (HKLM\...\WPM) (Version: 18.8.0.304 - Cherished Technololgy LIMITED) <==== ATTENTION
 

==================== Restore Points  =========================
 

02-05-2014 06:12:37 Windows Update

03-05-2014 06:40:47 Scheduled Checkpoint

05-05-2014 06:28:34 Scheduled Checkpoint

06-05-2014 07:41:52 Scheduled Checkpoint

07-05-2014 05:14:12 Windows Update

08-05-2014 08:21:35 Scheduled Checkpoint

12-05-2014 08:21:07 Scheduled Checkpoint

13-05-2014 05:27:40 Windows Update

16-05-2014 01:02:03 Windows Update
 

==================== Hosts content: ==========================
 

2006-11-02 12:23 - 2012-02-23 21:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {00C28211-BD24-4C35-BC53-9D5AAFBE33C0} - System32\Tasks\RegistryBooster => C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe

Task: {097EFE70-FFA5-4873-931B-EB5BCFCE2AAC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)

Task: {0D15CF75-C069-48AD-8849-50B5E7BE4CBD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1916800003-2860886627-113782704-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {0D63F686-5871-4C46-91DA-8D8F5B02A1D0} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-15] (globalUpdate) <==== ATTENTION

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2053875D-73E7-4DC9-BF97-71EEC5F33E4A} - System32\Tasks\NewPlayer_wd => C:\Program Files\NewPlayer\NewPlayerLwruQw.exe [2014-05-15] ()

Task: {27B40DDB-5F35-4A81-8A61-4942AD1AD095} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-15] (globalUpdate) <==== ATTENTION

Task: {2B60F5FC-5CA5-4BBB-81E3-681941BE492E} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris)

Task: {2DE3271C-8532-4148-B12F-5CE5A3B4097E} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-11-17] (Google)

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {3F03AE53-9B0B-471C-8632-E30222D14BBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27] (Google Inc.)

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {582C9A6D-24EF-4D28-8C91-48BC689D6F53} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {91D4D58E-8BA1-4B6F-8CEB-6F2C1A64964A} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1916800003-2860886627-113782704-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {97426425-16D8-4ED0-ABAC-A850E34667A5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1916800003-2860886627-113782704-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {B1062D64-A7FD-4DFB-8601-0007773F2BF6} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2006-11-10] (Hewlett-Packard)

Task: {B78899D5-36A4-4368-B3DF-8291BF48F4E2} - System32\Tasks\NewPlayer Update => C:\Program Files\NewPlayer\NewPlayerLwr.exe [2014-05-15] ()

Task: {BA3699C6-B9E1-474A-A693-78EA6CCA6EDD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-19] (Microsoft Corporation)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {E8751DA8-6BF5-4226-A80D-35DBC1E57826} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {E96AF637-66FF-409C-9FFF-37763FA0EB7E} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {ED3D9D93-7868-4618-B163-B9F3211F60E4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1916800003-2860886627-113782704-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)

Task: {F66F9AC1-1C33-4EF7-AC8A-B8D3D58247D8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-27] (Google Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\NewPlayer Update.job => C:\Program Files\NewPlayer\NewPlayerLwr.exe

Task: C:\Windows\Tasks\NewPlayer_wd.job => C:\Program Files\NewPlayer\NewPlayerLwruQw.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job => C:\Windows\system32\msfeedssync.exe
 

==================== Loaded Modules (whitelisted) =============
 

2007-11-06 22:27 - 2005-05-07 16:14 - 00090112 _____ () C:\Windows\System32\custmon2k.dll

2011-02-10 19:58 - 2007-08-21 14:32 - 00098304 _____ () C:\Windows\System32\redmonnt.dll

2002-01-24 11:09 - 2002-01-24 11:09 - 00174592 _____ () C:\Windows\System32\LEXPPS.EXE

2013-10-03 04:59 - 2013-10-03 04:47 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll

2014-03-14 16:00 - 2014-03-14 16:00 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll

2014-05-05 14:07 - 2014-05-05 14:07 - 00011776 _____ () C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe

2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

2006-11-06 11:05 - 2006-11-06 11:05 - 00061440 _____ () C:\Windows\system32\igfxTMM.dll

2014-05-15 10:44 - 2014-05-15 10:44 - 00077312 _____ () C:\Program Files\NewPlayer\NewPlayerLwruQw.exe

2014-05-15 10:45 - 2012-09-26 15:31 - 00886272 _____ () C:\Program Files\Activeris AntiMalware\System.Data.SQLite.dll

2014-05-15 10:45 - 2014-01-23 19:04 - 01718264 _____ () C:\Program Files\Activeris AntiMalware\acrissys.dll

2006-11-06 11:00 - 2006-11-06 11:00 - 00077824 _____ () C:\Windows\System32\hccutils.DLL

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2010-09-01 08:39 - 2010-09-01 08:39 - 01164584 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe

2010-09-01 08:39 - 2010-09-01 08:39 - 00095528 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll

2014-05-12 06:57 - 2014-05-12 06:59 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2014-05-15 10:44 - 2014-05-15 10:44 - 00132608 _____ () C:\Program Files\NewPlayer\NewPlayerLwr161.exe

2014-05-15 10:44 - 2014-05-15 10:44 - 00133120 _____ () C:\Program Files\NewPlayer\NewPlayerLwr161.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (05/16/2014 04:03:26 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (05/15/2014 07:43:31 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program mbam.exe version 1.75.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: de4

Start Time: 01cf701b9a3aadda

Termination Time: 218
 

Error: (05/15/2014 07:17:13 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: The scheduled restore point could not be created.  Additional information: (0x81000101).
 

Error: (05/15/2014 07:16:59 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).
 

Error: (05/15/2014 10:48:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program NewPlayer.exe version 2.1.1.8 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: 11a8

Start Time: 01cf701a37495a6a

Termination Time: 145
 

Error: (05/15/2014 10:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application plugin-container.exe, version 29.0.1.5239, time stamp 0x536995c2, faulting module mozalloc.dll, version 29.0.1.5239, time stamp 0x536968fa, exception code 0x80000003, fault offset 0x0000119c,

process id 0x4b4, application start time 0xplugin-container.exe0.
 

Error: (05/15/2014 08:46:28 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\MARKUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\6YWJG3VY.DEFAULT\SAFEBROWSING-BACKUP> in the hash map cannot be updated.
 

Context:  Application, SystemIndex Catalog
 
 

Details:

        A device attached to the system is not functioning.   (0x8007001f)
 

Error: (05/13/2014 06:56:38 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (05/03/2014 06:09:12 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".

Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.

Please use sxstrace.exe for detailed diagnosis.
 

Error: (05/03/2014 07:28:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program ipmGui.exe version 14.0.2.220 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: ff8

Start Time: 01cf66887d1925be

Termination Time: 395
 
 

System errors:

=============

Error: (05/16/2014 03:55:06 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer EASYBOX

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FD9D5497-BBC7-43CB-8ABF-03120CBB8B.

The master browser is stopping or an election is being forced.
 

Error: (05/16/2014 03:06:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000NewPlayer
 

Error: (05/15/2014 00:52:53 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000NewPlayer
 

Error: (05/15/2014 00:37:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Google Update Service (gupdate1c9deaa14fed3cc)%%1053
 

Error: (05/15/2014 00:37:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Google Update Service (gupdate1c9deaa14fed3cc)
 

Error: (05/15/2014 00:36:51 PM) (Source: DCOM) (EventID: 10005) (User: )

Description: 1053gupdate1c9deaa14fed3cc/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}
 

Error: (05/14/2014 06:44:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Media Player Network Sharing Service%%1053
 

Error: (05/14/2014 06:44:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Windows Media Player Network Sharing Service
 

Error: (05/13/2014 07:43:09 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.173.1985.0){E2929143-EA98-4BFC-BAF1-1EBA554191F8}200
 

Error: (05/11/2014 08:24:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Windows Modules Installer%%1053
 
 

Microsoft Office Sessions:

=========================

Error: (05/16/2014 04:03:26 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
 

Error: (05/15/2014 07:43:31 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: mbam.exe1.75.0.1de401cf701b9a3aadda218
 

Error: (05/15/2014 07:17:13 PM) (Source: System Restore) (EventID: 8210) (User: )

Description: 0x81000101
 

Error: (05/15/2014 07:16:59 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101
 

Error: (05/15/2014 10:48:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: NewPlayer.exe2.1.1.811a801cf701a37495a6a145
 

Error: (05/15/2014 10:43:13 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: plugin-container.exe29.0.1.5239536995c2mozalloc.dll29.0.1.5239536968fa800000030000119c4b401cf70195591efba
 

Error: (05/15/2014 08:46:28 AM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: Context:  Application, SystemIndex Catalog
 
 

Details:

        A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MARKUS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\6YWJG3VY.DEFAULT\SAFEBROWSING-BACKUP
 

Error: (05/13/2014 06:56:38 AM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
 

Error: (05/03/2014 06:09:12 PM) (Source: SideBySide) (EventID: 33) (User: )

Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe
 

Error: (05/03/2014 07:28:52 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: ipmGui.exe14.0.2.220ff801cf66887d1925be395
 
 

CodeIntegrity Errors:

===================================

  Date: 2012-02-27 15:07:38.706

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:37.525

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:36.168

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:34.462

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:33.265

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:32.068

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:30.599

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:29.396

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:27.887

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 

  Date: 2012-02-27 15:07:26.692

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 84%

Total physical RAM: 1013.38 MB

Available physical RAM: 156.68 MB

Total Pagefile: 2295.07 MB

Available Pagefile: 618.45 MB

Total Virtual: 2047.88 MB

Available Virtual: 1930.01 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:69.41 GB) (Free:17.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (PRESARIO_RP) (Fixed) (Total:5.12 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 75 GB) (Disk ID: 3FC847B9)

Partition 1: (Active) - (Size=69 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=5 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Hi Schrauber, vorab erst mal recht herzlichen Dank für Deinen support. Habe noch von Antivira eine Meldung bekommen, vielleicht beschleunigt das die Problembekämpfung. Meldung lautet wie folgt:
Der Zugriff auf die Datei ´C:\Programm Files\fst_de_16\fst_de_16.exe´ mit dem Virus oder unerwünschten Programm´TR/Trash.Gen´ wurde blockiert.

Adware & Co. deinstallieren

Lade Dir bitte von hier http://deeprybka.trojaner-board.de/b...ninstaller.pngRevo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:
http://deeprybka.trojaner-board.de/b.../revo/add1.png
diesen Zusatz haben:
http://deeprybka.trojaner-board.de/b...e/revo/att.PNG
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Scan Date: 18/05/2014

Scan Time: 09:53:18

Logfile: mbam.txt

Administrator: Yes
 

Version: 2.00.1.1004

Malware Database: v2014.05.17.05

Rootkit Database: v2014.03.27.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Chameleon: Disabled
 

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Markus
 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 254308

Time Elapsed: 22 hr, 41 min, 4 sec
 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Shuriken: Enabled

PUP: Enabled

PUM: Enabled
 

Processes: 0

(No malicious items detected)
 

Modules: 0

(No malicious items detected)
 

Registry Keys: 0

(No malicious items detected)
 

Registry Values: 0

(No malicious items detected)
 

Registry Data: 0

(No malicious items detected)
 

Folders: 0

(No malicious items detected)
 

Files: 0

(No malicious items detected)
 

Physical Sectors: 0

(No malicious items detected)
 
 

(end)

Habe gerade Deine Anweisung mit dem AdwCleaner ausgeführt. Mein Laptop hat sich angekündigt heruntergefahren. Leider leibt nach Eingabe meines Windows Passworts und nach der Meldung "do you want to start windows normaly or safe midr or..." der Bildschirm schwarz und nix passiert mehr! Desweiteren wurde von Avira nach Ausführen Antimalware Malwarebytes erneut die vorgenannte Virusmeldung angezeigt.

Was nun???

Moin, hab eben nochmal versucht meinen Laptop zu starten und siehe da, nach ca. gut
einer halben Stunde war mein Desktop mit all den Icons wieder zu sehen, einschliesslich mit dem AdwCleaner Log file. Das System ist allerdings immer noch sehr sehr langsam.

Code:

# AdwCleaner v3.208 - Report created 18/05/2014 at 11:44:36

# Updated 11/05/2014 by Xplode

# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)

# Username : Markus - PIM-PC

# Running from : C:\Users\Markus\Downloads\adwcleaner_3.208.exe

# Option : Clean
 

***** [ Services ] *****
 

[#] Service Deleted : globalUpdate

[#] Service Deleted : IePluginService
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\IePluginService

Folder Deleted : C:\Program Files\globalUpdate

Folder Deleted : C:\Program Files\SupTab

Folder Deleted : C:\Program Files\SweetIM

Folder Deleted : C:\Users\Markus\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Markus\AppData\Local\PackageAware

Folder Deleted : C:\Users\Markus\AppData\LocalLow\facemoods.com

Folder Deleted : C:\Users\Markus\AppData\Roaming\Activeris

Folder Deleted : C:\Users\Markus\AppData\Roaming\SupTab

Folder Deleted : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\SweetIMToolbarData

File Deleted : C:\END

File Deleted : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\invalidprefs.js
 

***** [ Shortcuts ] *****
 

Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Markus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DE3271C-8532-4148-B12F-5CE5A3B4097E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc

Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore

Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6-45E3-9182-3BC2664199F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3-49AD-8B9E-E82E48AE5DF6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568-4EFA-863B-B03A2B16EB5C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92-47BC-920B-77BCDBDBCB6A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-A70F-4373-95EF-3A1DB6040B3A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-D65A-465C-B8EE-A5F8E008D6DF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-464C-4F29-BFB2-DE9C458535AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-991C-4626-9E26-B12EB4D89C04}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8-4885-9CCB-78FF483041AA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-736E-4E8A-996C-4A80FC0396FB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\Tutorials

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKLM\Software\SupTab

Key Deleted : HKLM\Software\supWPM

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v9.0.8112.16545
 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 

-\\ Mozilla Firefox v29.0.1 (de)
 

[ File : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\prefs.js ]
 

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=M98E9564A-4A0A-46DA-9848-D1F4EF92A28B&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPA5F9680A-F1AE-4C4[...]

Line Deleted : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1400309579&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW");

Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 9);

Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");

Line Deleted : user_pref("extensions.BabylonToolbar.firstRun", false);

Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "5D8F6A49593FAF504D43873D46EB9580");

Line Deleted : user_pref("extensions.BabylonToolbar.lastActv", "9");

Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 9);

Line Deleted : user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={EB6DCDC4-353F-11E0-8612-0016D4B897A9}&src=2&q=");
 

-\\ Google Chrome v34.0.1847.137
 

[ File : C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 

Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325809&octid=EB_ORIGINAL_CTID&ISID=M98E9564A-4A0A-46DA-9848-D1F4EF92A28B&SearchSource=58&CUI=&UM=5&UP=SPA5F9680A-F1AE-4C4C-9FD1-B21AC84797E0&q={searchTerms}&SSPV=

Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=dspp&ts=1400308795&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW&q={searchTerms}

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo

Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl

Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej

Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl

Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc

Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc
 

*************************
 

AdwCleaner[R0].txt - [11774 octets] - [18/05/2014 11:31:19]

AdwCleaner[S0].txt - [10949 octets] - [18/05/2014 11:44:36]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11010 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows Vista (TM) Home Premium x86

Ran by Markus on 19/05/2014 at  7:34:17.93

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1916800003-2860886627-113782704-1002\Software\sweetim
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\6ywjg3vy.default\minidumps [158 files]
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 19/05/2014 at  7:59:12.87

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=d0981509bee53c42abe9a9defe537834

# engine=18339

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-05-20 06:38:09

# local_time=2014-05-20 08:38:09 (+0100, W. Europe Daylight Time)

# country="United Kingdom"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1799 16775165 100 95 0 171278794 1001 0

# compatibility_mode=5892 16776574 100 100 304587 238143817 0 0

# scanned=166327

# found=4

# cleaned=4

# scan_time=7254

sh=8610CAB5FF2A08A7D877261763EFA77D02623E16 ft=1 fh=bbe2601838d0bf09 vn="Variante von Win32/AdWare.AddLyrics.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1916800003-2860886627-113782704-1002\$RIB7D6E.exe"

sh=CCCE26CD055D3A6B94CDBB49352E6C50B0CE8A10 ft=1 fh=44a8aff3f7609b7c vn="Variante von Win32/AdWare.AddLyrics.AK Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-1916800003-2860886627-113782704-1002\$RSMOQXH.exe"

sh=8FF83A38E500DF66A4B19AD699153370578D0AC4 ft=1 fh=954854fa15b887f9 vn="möglicherweise Variante von Win32/AdWare.AddLyrics.AJ Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\dd6060bd-f333-4eaa-991b-60d7e580d7b9\software\5555-1001_NewPlayer.exe"

sh=1271DB467F455963B2416BAC56EE786A3EAB1619 ft=1 fh=d5d0a1c2b2e49463 vn="Variante von Win32/AdWare.SpeedingUpMyPC.L Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Markus\AppData\Local\Temp\dd6060bd-f333-4eaa-991b-60d7e580d7b9\software\OptimizerPro.exe"

Code:

 Results of screen317's Security Check version 0.99.83  

 Windows Vista Service Pack 2 x86   

 Internet Explorer 9  

 Internet Explorer 8  
 ``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

 Windows Firewall Disabled!  

Avira Desktop   

 Antivirus up to date!  (On Access scanning disabled!) 
 `````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player         13.0.0.214  

 Mozilla Firefox (for.) 

 Google Chrome 34.0.1847.131  

 Google Chrome 34.0.1847.137  
 ````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Avira Antivir avgnt.exe 

 Avira Antivir avguard.exe 

 Malwarebytes Anti-Malware mbamscheduler.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
 ````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014

Ran by Markus (administrator) on PIM-PC on 20-05-2014 22:21:51

Running from C:\Users\Markus\Downloads

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE

() C:\Windows\System32\LEXPPS.EXE

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

() C:\Program Files\DivX\DivX Update\DivXUpdate.exe

(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\ehome\ehtray.exe

() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe

(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Microsoft Corporation) C:\Windows\System32\mobsync.exe

(Microsoft Corporation) C:\Windows\System32\conime.exe

(Farbar) C:\Users\Markus\Downloads\FRST(1).exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-15] (Synaptics, Inc.)

HKLM\...\Run: [HP Health Check Scheduler] => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [46704 2006-11-10] (Hewlett-Packard)

HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [116040 2008-07-10] (Apple Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [289064 2008-07-30] (Apple Inc.)

HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1164584 2010-09-01] ()

HKLM\...\Run: [TkBellExe] => C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-05-21] (RealNetworks, Inc.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-21] (Avira Operations GmbH & Co. KG)

HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]

HKU\S-1-5-21-1916800003-2860886627-113782704-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0449F01E-0295-4025-A9DF-78D354D5B481} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06

SearchScopes: HKCU - {0449F01E-0295-4025-A9DF-78D354D5B481} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06

SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL No File [ ]

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default

FF DefaultSearchEngine: Trovi search

FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");

FF SelectedSearchEngine: Trovi search

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Users\Markus\Desktop\DivX\DivX Player\npDivxPlayerPlugin.dll No File

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=13 - C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)

FF Plugin: @real.com/nppl3260;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.0 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @real.com/RhapsodyPlayerEngine,version=1.1 - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Google Toolbar for Firefox - C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2014-05-12]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-12]

FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-12]

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

FF HKLM\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012

FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-05-21]

FF HKCU\...\Firefox\Extensions: [{E5886C91-CDD7-4832-B32D-0830705A9C60}] - C:\Users\Markus\AppData\Roaming\5012
 

Chrome: 

=======

CHR HomePage: 

CHR RestoreOnStartup: "hxxp://istart.webssearches.com/?type=hppp&ts=1400308793&from=tugs&uid=ST98823AS_5PK3TJEWXXXX5PK3TJEW"

CHR DefaultSearchKeyword: webssearches

CHR DefaultSearchProvider: webssearches

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.5 (861)) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.230.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)

CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll No File

CHR Plugin: (RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File

CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.57\pdf.dll No File

CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)

CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)

CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll No File

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File

CHR Plugin: (RealNetworks Rhapsody Player Engine) - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (RealDownloader) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-28]

CHR Extension: (Skype Click to Call) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-28]

CHR Extension: (Chrome In-App Payments service) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 

========================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-21] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-21] (Avira Operations GmbH & Co. KG)

S4 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-21] (Avira Operations GmbH & Co. KG)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [116040 2008-07-22] (Apple Inc.)

S2 gupdate1c9deaa14fed3cc; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-27] (Google Inc.)

R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [63080 2006-11-21] (Hewlett-Packard)

S3 IDriverT; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation)

R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [299008 2002-02-14] (Lexmark International, Inc.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)

R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()

R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)

S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]

S2 NewPlayer; C:\Program Files\NewPlayer\NewPlayerLwr161.exe [X]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-03-21] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-03-21] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-03-21] (Avira Operations GmbH & Co. KG)

S3 eabfiltr; C:\Windows\System32\DRIVERS\eabfiltr.sys [8192 2006-06-28] (Hewlett-Packard Development Company, L.P.)

R3 HdAudAddService; C:\Windows\System32\drivers\CHDART.sys [145920 2006-11-02] (Conexant Systems Inc.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-20] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)

R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-03] (Avira GmbH)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\Users\Markus\AppData\Local\Temp\catchme.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 massfilter; system32\drivers\massfilter.sys [X]

S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S0 pnyvih; System32\drivers\vjsvk.sys [X]

S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]

S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]

S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-05-20 22:19 - 2014-05-20 22:19 - 01056768 _____ (Farbar) C:\Users\Markus\Downloads\FRST(1).exe

2014-05-20 22:05 - 2014-05-20 22:05 - 00854367 _____ () C:\Users\Markus\Downloads\SecurityCheck.exe

2014-05-20 18:32 - 2014-05-20 18:33 - 02347384 _____ (ESET) C:\Users\Markus\Downloads\esetsmartinstaller_deu.exe

2014-05-19 07:33 - 2014-05-19 07:33 - 00000000 ____D () C:\Windows\ERUNT

2014-05-19 07:14 - 2014-05-19 07:15 - 01016261 _____ (Thisisu) C:\Users\Markus\Downloads\JRT.exe

2014-05-18 11:35 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll

2014-05-18 11:29 - 2014-05-18 11:45 - 00000000 ____D () C:\AdwCleaner

2014-05-18 11:27 - 2014-05-18 11:27 - 01325827 _____ () C:\Users\Markus\Downloads\adwcleaner_3.208.exe

2014-05-18 09:53 - 2014-05-18 10:48 - 00001058 _____ () C:\mbam.txt

2014-05-17 11:07 - 2014-05-20 22:22 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-17 11:04 - 2014-05-17 11:10 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-17 11:04 - 2014-05-17 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-17 11:04 - 2014-05-17 11:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-17 11:04 - 2014-05-17 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-17 11:04 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-17 11:04 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-17 11:04 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-17 11:02 - 2014-05-17 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Markus\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-17 08:38 - 2014-05-17 08:38 - 00000000 ____D () C:\Users\Markus\AppData\Local\VS Revo Group

2014-05-17 08:36 - 2014-05-17 08:36 - 00001065 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-05-17 08:35 - 2014-05-17 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-05-17 08:35 - 2014-05-17 08:35 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-05-17 08:35 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys

2014-05-17 08:32 - 2014-05-17 08:32 - 00000000 ____D () C:\Users\Markus\Downloads\Revo_Uninstaller_Pro_TSA33J06J

2014-05-17 08:32 - 2014-05-17 08:32 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_Revo Uninstaller Pro_1462002

2014-05-16 04:39 - 2014-05-16 04:45 - 00028863 _____ () C:\Users\Markus\Downloads\Addition.txt

2014-05-16 04:25 - 2014-05-20 22:21 - 00020177 _____ () C:\Users\Markus\Downloads\FRST.txt

2014-05-16 04:23 - 2014-05-20 22:21 - 00000000 ____D () C:\FRST

2014-05-16 04:18 - 2014-05-16 04:19 - 01056768 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe

2014-05-16 03:08 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-16 03:08 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-16 03:08 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-05-15 10:48 - 2014-05-20 18:13 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-05-15 10:48 - 2014-05-20 10:53 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-05-15 10:44 - 2014-05-20 10:45 - 00000354 _____ () C:\Windows\Tasks\NewPlayer_wd.job

2014-05-15 10:44 - 2014-05-20 10:34 - 00000364 _____ () C:\Windows\Tasks\NewPlayer Update.job

2014-05-15 08:18 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-05-12 06:57 - 2014-05-12 06:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-05-20 22:23 - 2014-05-16 04:25 - 00020177 _____ () C:\Users\Markus\Downloads\FRST.txt

2014-05-20 22:22 - 2014-05-17 11:07 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-20 22:21 - 2014-05-16 04:23 - 00000000 ____D () C:\FRST

2014-05-20 22:19 - 2014-05-20 22:19 - 01056768 _____ (Farbar) C:\Users\Markus\Downloads\FRST(1).exe

2014-05-20 22:13 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-20 22:13 - 2006-11-02 14:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-20 22:09 - 2013-01-12 14:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-05-20 22:05 - 2014-05-20 22:05 - 00854367 _____ () C:\Users\Markus\Downloads\SecurityCheck.exe

2014-05-20 18:33 - 2014-05-20 18:32 - 02347384 _____ (ESET) C:\Users\Markus\Downloads\esetsmartinstaller_deu.exe

2014-05-20 18:32 - 2007-05-01 04:01 - 02076876 _____ () C:\Windows\WindowsUpdate.log

2014-05-20 18:13 - 2014-05-15 10:48 - 00000904 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

2014-05-20 10:53 - 2014-05-15 10:48 - 00000900 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

2014-05-20 10:45 - 2014-05-15 10:44 - 00000354 _____ () C:\Windows\Tasks\NewPlayer_wd.job

2014-05-20 10:34 - 2014-05-15 10:44 - 00000364 _____ () C:\Windows\Tasks\NewPlayer Update.job

2014-05-20 08:34 - 2009-07-02 07:29 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-20 06:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-05-19 18:49 - 2007-05-01 17:24 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-05-19 18:49 - 2006-11-02 15:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-05-19 07:33 - 2014-05-19 07:33 - 00000000 ____D () C:\Windows\ERUNT

2014-05-19 07:15 - 2014-05-19 07:14 - 01016261 _____ (Thisisu) C:\Users\Markus\Downloads\JRT.exe

2014-05-19 06:40 - 2011-02-08 18:11 - 00345238 _____ () C:\Windows\PFRO.log

2014-05-18 11:47 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Provisioning

2014-05-18 11:45 - 2014-05-18 11:29 - 00000000 ____D () C:\AdwCleaner

2014-05-18 11:45 - 2007-04-30 20:48 - 00000414 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job

2014-05-18 11:44 - 2011-03-25 08:43 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-05-18 11:44 - 2009-05-27 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-05-18 11:44 - 2008-11-11 19:53 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-05-18 11:44 - 2008-10-24 18:39 - 00000983 _____ () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-05-18 11:34 - 2009-07-02 07:29 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-18 11:27 - 2014-05-18 11:27 - 01325827 _____ () C:\Users\Markus\Downloads\adwcleaner_3.208.exe

2014-05-18 10:48 - 2014-05-18 09:53 - 00001058 _____ () C:\mbam.txt

2014-05-18 10:00 - 2010-10-30 08:45 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job

2014-05-17 12:10 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-05-17 11:10 - 2014-05-17 11:04 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-17 11:10 - 2014-05-17 11:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-17 11:10 - 2014-05-17 11:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-17 11:04 - 2014-05-17 11:04 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-17 11:03 - 2014-05-17 11:02 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Markus\Downloads\mbam-setup-2.0.1.1004.exe

2014-05-17 08:38 - 2014-05-17 08:38 - 00000000 ____D () C:\Users\Markus\AppData\Local\VS Revo Group

2014-05-17 08:36 - 2014-05-17 08:36 - 00001065 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

2014-05-17 08:36 - 2014-05-17 08:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

2014-05-17 08:35 - 2014-05-17 08:35 - 00000000 ____D () C:\ProgramData\VS Revo Group

2014-05-17 08:34 - 2011-03-04 21:46 - 00000000 ____D () C:\Program Files\VS Revo Group

2014-05-17 08:32 - 2014-05-17 08:32 - 00000000 ____D () C:\Users\Markus\Downloads\Revo_Uninstaller_Pro_TSA33J06J

2014-05-17 08:32 - 2014-05-17 08:32 - 00000000 ____D () C:\Program Files\sweetpacks bundle uninstaller_Revo Uninstaller Pro_1462002

2014-05-16 10:51 - 2009-10-05 12:28 - 00000000 ____D () C:\Users\Markus\Documents\Arbeitszeugnisse

2014-05-16 04:45 - 2014-05-16 04:39 - 00028863 _____ () C:\Users\Markus\Downloads\Addition.txt

2014-05-16 04:19 - 2014-05-16 04:18 - 01056768 _____ (Farbar) C:\Users\Markus\Downloads\FRST.exe

2014-05-16 03:30 - 2013-08-15 07:12 - 00000000 ____D () C:\Windows\system32\MRT

2014-05-16 03:15 - 2006-11-02 12:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2014-05-15 08:13 - 2013-01-12 14:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2014-05-15 08:12 - 2013-01-12 14:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2014-05-13 06:55 - 2012-05-09 07:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

2014-05-12 06:59 - 2014-05-12 06:57 - 00000000 ____D () C:\Program Files\Mozilla Firefox

2014-05-06 07:49 - 2009-03-24 10:22 - 00000000 ____D () C:\Users\Markus\Documents\Markus_Bewerbungen_Englisch

2014-05-06 01:32 - 2014-05-16 03:08 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-05-06 01:14 - 2014-05-16 03:08 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-05-06 01:14 - 2014-05-16 03:08 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-04-24 08:13 - 2009-03-24 10:20 - 00000000 ____D () C:\Users\Markus\Documents\sonstiger_Schriftverkehr
 

Files to move or delete:

====================

C:\ProgramData\ezsid.dat
 
 

Some content of TEMP:

====================

C:\Users\Markus\AppData\Local\Temp\AskSLib.dll

C:\Users\Markus\AppData\Local\Temp\avgnt.exe

C:\Users\Markus\AppData\Local\Temp\BackupSetup.exe

C:\Users\Markus\AppData\Local\Temp\nse27D0.exe

C:\Users\Markus\AppData\Local\Temp\nseD4F1.exe

C:\Users\Markus\AppData\Local\Temp\nsf9115.exe

C:\Users\Markus\AppData\Local\Temp\nsfDE39.exe

C:\Users\Markus\AppData\Local\Temp\nsk23AC.exe

C:\Users\Markus\AppData\Local\Temp\nsp3F0E.exe

C:\Users\Markus\AppData\Local\Temp\nsz8896.exe

C:\Users\Markus\AppData\Local\Temp\osam.exe

C:\Users\Markus\AppData\Local\Temp\osam_gui.dll

C:\Users\Markus\AppData\Local\Temp\osam_srv.dll

C:\Users\Markus\AppData\Local\Temp\Quarantine.exe

C:\Users\Markus\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Markus\AppData\Local\Temp\stubhelper.dll

C:\Users\Markus\AppData\Local\Temp\ToolkitPro1211vc80U.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\system32\winlogon.exe => MD5 is legit

C:\Windows\system32\wininit.exe => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\services.exe => MD5 is legit

C:\Windows\system32\User32.dll => MD5 is legit

C:\Windows\system32\userinit.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-05-20 19:02
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Code:

# DelFix v10.7 - Logfile created 21/05/2014 at 17:23:54

# Updated 27/04/2014 by Xplode

# Username : Markus - PIM-PC

# Operating System : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
 

~ Activating UAC ... OK
 

~ Removing disinfection tools ...
 
 

~ Creating registry backup ... OK
 

~ Cleaning system restore ...
 

Deleted : RP #1508 [Windows Update | 05/13/2014 05:27:40]

Deleted : RP #1510 [Windows Update | 05/16/2014 01:02:03]

Deleted : RP #1512 [Revo Uninstaller Pro's restore point - Freeven pro 1.2 | 05/17/2014 07:13:24]

Deleted : RP #1514 [Revo Uninstaller Pro's restore point - Freeven pro 1.2 | 05/17/2014 07:15:59]

Deleted : RP #1516 [Revo Uninstaller Pro's restore point - MediaPlayerplus | 05/17/2014 07:41:16]

Deleted : RP #1518 [Revo Uninstaller Pro's restore point - MyPC Backup  | 05/17/2014 08:06:22]

Deleted : RP #1520 [Revo Uninstaller Pro's restore point - NewPlayer | 05/17/2014 08:10:57]

Deleted : RP #1522 [Revo Uninstaller Pro's restore point - Search Protect | 05/17/2014 08:28:59]

Deleted : RP #1524 [Revo Uninstaller Pro's restore point - VO Package | 05/17/2014 08:31:43]

Deleted : RP #1526 [Revo Uninstaller Pro's restore point - Wajam | 05/17/2014 08:33:44]

Deleted : RP #1528 [Revo Uninstaller Pro's restore point - webssearches uninstaller | 05/17/2014 08:36:34]

Deleted : RP #1530 [Revo Uninstaller Pro's restore point - WPM18.8.0.304 | 05/17/2014 08:38:14]

Deleted : RP #1532 [Revo Uninstaller Pro's restore point - Malwarebytes Anti-Malware Version 1.75.0.1300 | 05/17/2014 08:44:43]

Deleted : RP #1534 [Revo Uninstaller Pro's restore point - Activeris AntiMalware | 05/17/2014 08:49:08]

Deleted : RP #1536 [Revo Uninstaller Pro's restore point - Apple Software Update | 05/17/2014 08:53:08]

Deleted : RP #1538 [Revo Uninstaller Pro's restore point - DMUninstaller | 05/17/2014 08:55:49]

Deleted : RP #1539 [Scheduled Checkpoint | 05/19/2014 09:02:35]

Deleted : RP #1540 [Scheduled Checkpoint | 05/20/2014 06:26:20]

Deleted : RP #1541 [Windows Update | 05/21/2014 05:29:28]
 

New restore point created !
 

~ Resetting system settings ... OK
 

########## - EOF - ##########

Schrauber, saubere Arbeit und ein "DICKES LOB", Danke schön!!!

Eines hätt ich noch, warum auchimmer, vor und auch nach dieser Bereinigung, kommt gerade bei Youtoube etc. sehr häufig die Meldung

WARNUNG:
nicht Antworten des Plugin Shockwave Flash ist möglicherweise beschäftigt oder reagiert nicht mehr. Sie können das Plugin jetzt stoppen oder fortsetzen, um zu sehen, ob das Plugin weiterarbeitet.

FORTSETZEN PLUGIN STOPPEN

Hättest Du mir dafür noch eine letzte Anwtwort...???

in welchem Browser kommt das?

Mozilla Firefox (aktuelle Version)

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Alles erledigt. Das Öffnen der Seiten geht jetzt auch wieder schneller. Eine letzte abschliessende Frage, in meiner unteren Menueleist wo der Regenschirm von Antivira angezeigt wird, ist jetzt auch ein Icon von Antimalwarebytes. Die beiden Programme kollidieren nicht miteinander???

nein, auserdem verschwindet das Icon wenn die Testversion abgelaufen ist :)

Alles klar! Dann war's das. Möchte mich abschliessend nichmals bei Dir für den super Support bedanken!!!