Trojaner-Board - Lästige Werbung im Browser nach Update von Firefox

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Lästige Werbung im Browser nach Update von Firefox (https://www.trojaner-board.de/152528-laestige-werbung-browser-update-firefox.html)

Lästige Werbung im Browser nach Update von Firefox

Hallo ich benötige Hilfe.

Ich habe die Aufforderung Firefox zu aktualisieren befolgt und habe diese angeklickt. Es wurden verschiedenste Programme gleichzeit gedownloadet. Diese habe ich deinstalliert. Beim Öffnen des Firefox-Browsers popt nun ständig Werbung auf. Können Sie mir bei der Beseitigung behilflich sein.

Avira ergab keine Treffer.

Hallo Manni3105, :hallo:

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:

Regeln zum Ablauf der Bereinigung

Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
- Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).

Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.

Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
- Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.

Hinweis

Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
- http://www.trojaner-board.de/137229-...code-tags.html; Falls das Logfile zu groß für einen Post ist, teile es in zwei/mehrere Posts.

Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus. :)

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Poste folgende Logfiles in deiner nächsten Antwort:

FRST-Scan

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 20:57 on 14/04/2014 (thea)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by thea (administrator) on MANNI on 14-04-2014 21:00:00

Running from C:\Users\thea\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe

(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe

() C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

() C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

() C:\Program Files (x86)\PHotkey\PHotkey.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

() C:\Program Files (x86)\PHotkey\ATouch64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

() C:\Program Files (x86)\PHotkey\POSD.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

() C:\Program Files (x86)\PHotkey\GPMTray.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

() C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-04-02] (Skytech Co., Ltd.)

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-04-02] (Skytech Co., Ltd.)

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:13828

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}

SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

BHO: HQ-V-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-bho64.dll (HQ-V-1.9)

BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)

BHO-x32: HQ-V-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-bho.dll (HQ-V-1.9)

BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)

BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)

BHO-x32: BrowseMark - {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} - C:\Program Files (x86)\BrowseMark\BrowseMarkbho.dll (BrowseMark)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default

FF user.js: detected! => C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\user.js

FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: webssearches

FF SelectedSearchEngine: webssearches

FF Homepage: hxxp://www.google.de/

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]

FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]

FF Extension: Quick Start - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\quick_start@gmail.com [2014-04-14]

FF Extension: BrowseMark - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.xpi [2014-04-12]

FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\extensions\quick_start@gmail.com

FF Extension: Quick Start - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\extensions\quick_start@gmail.com [2014-04-14]

FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi

FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)

R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()

R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-04-10] ()

R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe [141824 2014-04-14] ()

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()

R2 Update BrowseMark; C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe [350496 2014-04-12] ()

R2 Util BrowseMark; C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe [350496 2014-04-14] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-14] (Cherished Technololgy LIMITED)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)

R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-14 21:00 - 2014-04-14 21:00 - 00020248 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 20:59 - 2014-04-14 21:00 - 00000000 ____D () C:\FRST

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini

2014-04-14 11:52 - 2014-04-14 20:44 - 00000000 ____D () C:\Program Files (x86)\BrowseMark

2014-04-14 11:52 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\thea\AppData\Roaming\systweak

2014-04-14 11:52 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-04-14 11:43 - 2014-04-14 20:40 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job

2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results

2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\newplayer

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com

2014-04-14 11:42 - 2014-04-14 20:40 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job

2014-04-14 11:42 - 2014-04-14 20:39 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job

2014-04-14 11:42 - 2014-04-14 11:45 - 00000000 ____D () C:\ProgramData\IePluginService

2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1

2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2

2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SupTab

2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\WPM

2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\SupTab

2014-04-14 11:41 - 2014-04-14 20:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job

2014-04-14 11:41 - 2014-04-14 20:40 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job

2014-04-14 11:41 - 2014-04-14 20:40 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job

2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup

2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus

2014-04-14 11:41 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\NewPlayer

2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3

2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4

2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5

2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp

2014-04-14 11:40 - 2014-04-14 20:41 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job

2014-04-14 11:40 - 2014-04-14 20:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job

2014-04-14 11:40 - 2014-04-14 20:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job

2014-04-14 11:40 - 2014-04-14 20:39 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job

2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2

2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9

2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3

2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4

2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1

2014-04-14 11:39 - 2014-04-14 20:44 - 00000416 _____ () C:\Windows\Tasks\Re-markit Update.job

2014-04-14 11:39 - 2014-04-14 20:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job

2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-04-14 11:39 - 2014-04-14 11:39 - 00003054 _____ () C:\Windows\System32\Tasks\Re-markit Update

2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd

2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job

2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3

2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SpeedyPC Software

2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\DriverCure

2014-03-24 09:15 - 2014-04-14 20:39 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job

2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job

2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job

2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3

2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro

2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task

2014-03-24 09:15 - 2014-03-24 09:15 - 00000000 ____D () C:\ProgramData\SpeedyPC Software

2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
 

==================== One Month Modified Files and Folders =======
 

2014-04-14 21:00 - 2014-04-14 21:00 - 00020248 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 21:00 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST

2014-04-14 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:47 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat

2014-04-14 20:47 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat

2014-04-14 20:47 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 20:44 - 2014-04-14 11:52 - 00000000 ____D () C:\Program Files (x86)\BrowseMark

2014-04-14 20:44 - 2014-04-14 11:39 - 00000416 _____ () C:\Windows\Tasks\Re-markit Update.job

2014-04-14 20:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002

2014-04-14 20:42 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam

2014-04-14 20:41 - 2014-04-14 11:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job

2014-04-14 20:41 - 2014-04-14 11:40 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job

2014-04-14 20:41 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP

2014-04-14 20:40 - 2014-04-14 11:43 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job

2014-04-14 20:40 - 2014-04-14 11:42 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job

2014-04-14 20:40 - 2014-04-14 11:41 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job

2014-04-14 20:40 - 2014-04-14 11:41 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job

2014-04-14 20:40 - 2014-04-14 11:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job

2014-04-14 20:40 - 2014-04-14 11:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job

2014-04-14 20:39 - 2014-04-14 11:42 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job

2014-04-14 20:39 - 2014-04-14 11:40 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job

2014-04-14 20:39 - 2014-04-14 11:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job

2014-04-14 20:39 - 2014-03-24 09:15 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job

2014-04-14 20:38 - 2014-04-14 11:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 20:38 - 2012-11-08 01:17 - 00110194 _____ () C:\Windows\PFRO.log

2014-04-14 20:38 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log

2014-04-14 20:21 - 2014-04-14 11:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\systweak

2014-04-14 11:58 - 2014-04-14 11:43 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results

2014-04-14 11:45 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\IePluginService

2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\newplayer

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com

2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup

2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus

2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1

2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2

2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SupTab

2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\WPM

2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\SupTab

2014-04-14 11:42 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\NewPlayer

2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3

2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4

2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5

2014-04-14 11:41 - 2014-04-14 11:40 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2

2014-04-14 11:41 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9

2014-04-14 11:40 - 2014-04-14 11:41 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp

2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3

2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4

2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1

2014-04-14 11:40 - 2014-04-14 11:39 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-04-14 11:39 - 2014-04-14 11:39 - 00003054 _____ () C:\Windows\System32\Tasks\Re-markit Update

2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd

2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe

2014-04-14 11:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni

2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe

2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-04-09 18:00 - 2014-03-24 09:16 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job

2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log

2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben

2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-24 12:57 - 2014-03-24 09:15 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job

2014-03-24 12:57 - 2014-03-24 09:15 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job

2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3

2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SpeedyPC Software

2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\DriverCure

2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3

2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro

2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task

2014-03-24 09:15 - 2014-03-24 09:15 - 00000000 ____D () C:\ProgramData\SpeedyPC Software

2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax

2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-03-15 12:47 - 2014-03-14 18:18 - 00000000 ____D () C:\Users\thea\AppData\Local\NETGEARGenie
 

Some content of TEMP:

====================

C:\Users\thea\AppData\Local\Temp\AskSLib.dll

C:\Users\thea\AppData\Local\Temp\avgnt.exe

C:\Users\thea\AppData\Local\Temp\BackupSetup.exe

C:\Users\thea\AppData\Local\Temp\COMAP.EXE

C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-08 11:16
 

==================== End Of Log ============================

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014

Ran by thea at 2014-04-14 21:00:38

Running from C:\Users\thea\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

BrowseMark (HKLM\...\BrowseMark) (Version: 2014.04.12.002348 - BrowseMark)

CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden

CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden

Intel PROSet Wireless (Version:  - ) Hidden

Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)

Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)

Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION

NVIDIA Control Panel 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)

Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 

==================== Restore Points  =========================
 

24-03-2014 11:21:41 Installed inSSIDer Home

31-03-2014 18:08:15 Geplanter Prüfpunkt

08-04-2014 09:17:30 Geplanter Prüfpunkt

10-04-2014 04:24:03 Garmin Express

13-04-2014 09:06:31 Windows Update

14-04-2014 09:40:39 Uniblue SpeedUpMyPC installation
 

==================== Hosts content: ==========================
 

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0AB1B703-856F-43D0-B2E0-9BC5E96714F5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1E2D4E92-39FB-41B6-BF18-498F3CA2873B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)

Task: {21C9DAFE-3EE9-4978-AD02-980284B497B4} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-05] (SpeedyPC Software)

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2ADDFB58-547F-4443-8620-54432E7EC951} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-14] (Freeven)

Task: {42C9DA15-2966-40F3-A49F-E3DB9DF42431} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-05] (SpeedyPC Software)

Task: {44ACF686-2231-42B8-848C-C158DD98A8BC} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe [2014-04-14] (HQ-V-1.9)

Task: {460AFC69-E096-4DE9-9EFC-67475DE2A0AD} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-14] (Freeven)

Task: {47799C6E-4F3D-4B9A-85EF-1C66705A438B} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe [2014-04-14] () <==== ATTENTION

Task: {5DA3C27B-DB74-45CB-9046-254570CF8E98} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-14] () <==== ATTENTION

Task: {6ED17475-4099-4894-9859-21B5D92EEB95} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {785EF32D-B393-4D59-9948-F7EAF8DD40E7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-14] (Freeven)

Task: {7BE07481-CFE3-4B36-8374-DF70794DD56B} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe [2014-04-14] (HQ-V-1.9)

Task: {8D7F0D29-F1C6-44D8-8237-E6D260D36128} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {8FCBC8F9-73C9-40FA-BE69-8A43FC028C26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-01] ()

Task: {92BD4CB1-0965-4E4B-A1A1-73BD866471EB} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-14] (Freeven)

Task: {9C39FAA7-B176-4A06-8E2A-4600AF642F12} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe [2014-04-14] (HQ-V-1.9)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {AE9ABCF3-C177-47AB-94DC-67FB14ACBD9C} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe [2014-04-14] (HQ-V-1.9)

Task: {BD2C1796-2413-4598-8600-667C9AC00B51} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-14] (Freeven)

Task: {BD2D78C9-DFCB-431C-957F-E02F0E3443AA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {C3393D35-4545-4B7D-BB2D-A98FD60EC8A2} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1 => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe [2014-04-14] (HQ-V-1.9)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)

Task: {DD9C1D32-CD68-4125-AD7B-EB00D9EB1240} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)

Task: {E354C038-3F43-4150-990A-27ED4AA515A9} - System32\Tasks\SpeedyPC Pro => C:\Users\thea\SpeedyPC\SpeedyPC.exe

Task: {E92A7EFF-995E-4C42-AE31-0706F2C134CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {FB1789FB-53C3-4D98-AAF1-10BF1D7BBF96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe <==== ATTENTION

Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION

Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Users\thea\SpeedyPC\SpeedyPC.exe

Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll

Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-11-29 15:30 - 2012-11-29 14:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

2013-02-14 20:40 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll

2014-04-14 11:39 - 2014-04-14 11:39 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe

2014-04-10 11:42 - 2014-04-10 11:42 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe

2014-04-14 11:39 - 2014-04-14 11:39 - 00141824 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe

2012-11-08 23:07 - 2012-10-19 13:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2014-04-12 02:33 - 2014-04-12 02:33 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe

2012-11-09 00:28 - 2012-10-22 19:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-11-29 15:30 - 2012-11-27 16:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe

2012-11-29 15:30 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

2012-11-29 15:30 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

2012-11-29 15:30 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe

2012-11-29 15:30 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe

2012-11-29 15:30 - 2012-08-08 19:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe

2014-04-14 20:44 - 2014-04-14 20:44 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe

2013-02-14 18:36 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-04-14 11:39 - 2014-04-14 11:39 - 00133120 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll

2013-02-14 17:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2012-11-29 15:30 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll

2012-11-29 15:30 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll

2012-11-08 23:05 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-03-09 13:12 - 2014-03-09 13:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll

2012-11-15 13:13 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (04/14/2014 08:25:19 PM) (Source: Application Hang) (User: )

Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 293c
 

Startzeit: 01cf580d5f6d9fb4
 

Endzeit: 0
 

Anwendungspfad: C:\Windows\Explorer.EXE
 

Berichts-ID: 172b3b40-c402-11e3-beec-6036dd22d31d
 

Vollständiger Name des fehlerhaften Pakets: 
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
 

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15594
 

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15594
 

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/12/2014 09:42:33 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5

Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00000020

ID des fehlerhaften Prozesses: 0x7fc

Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0

Pfad der fehlerhaften Anwendung: CLMSServer.exe1

Pfad des fehlerhaften Moduls: CLMSServer.exe2

Berichtskennung: CLMSServer.exe3

Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5
 

Error: (04/09/2014 09:39:47 AM) (Source: Customer Experience Improvement Program) (User: )

Description: 80070005
 

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2313
 

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2313
 

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/07/2014 09:47:32 AM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
 

System errors:

=============

Error: (04/14/2014 08:39:39 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (04/14/2014 08:39:39 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
 

Error: (04/13/2014 07:19:24 PM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (04/13/2014 07:19:24 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
 

Error: (04/12/2014 10:16:16 AM) (Source: Service Control Manager) (User: )

Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (04/10/2014 06:25:26 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (04/09/2014 04:45:13 PM) (Source: Service Control Manager) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht.
 

Error: (03/29/2014 00:31:27 PM) (Source: Service Control Manager) (User: )

Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (03/29/2014 10:38:52 AM) (Source: DCOM) (User: NT-AUTORITÄT)

Description: 1053defragsvcNicht verfügbar{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
 

Error: (03/29/2014 10:38:52 AM) (Source: Service Control Manager) (User: )

Description: Der Dienst "Laufwerke optimieren" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 
 

Microsoft Office Sessions:

=========================

Error: (04/14/2014 08:25:19 PM) (Source: Application Hang)(User: )

Description: Explorer.EXE6.2.9200.16628293c01cf580d5f6d9fb40C:\Windows\Explorer.EXE172b3b40-c402-11e3-beec-6036dd22d31d
 

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15594
 

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15594
 

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/12/2014 09:42:33 AM) (Source: Application Error)(User: )

Description: CLMSServer.exe2.0.0.87314d9440c5unknown0.0.0.000000000c0000005000000207fc01cf55568e0b01a6C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exeunknown01729df7-c216-11e3-beeb-6036dd22d31d
 

Error: (04/09/2014 09:39:47 AM) (Source: Customer Experience Improvement Program)(User: )

Description: 80070005
 

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 2313
 

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 2313
 

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (04/07/2014 09:47:32 AM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 52%

Total physical RAM: 3977.02 MB

Available physical RAM: 1886.69 MB

Total Pagefile: 4681.02 MB

Available Pagefile: 2296.38 MB

Total Virtual: 8192 MB

Available Virtual: 8191.77 MB
 

==================== Drives ================================
 

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:812.17 GB) NTFS

Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Code:

GMER 2.1.19357 - hxxp://www.gmer.net

Rootkit scan 2014-04-14 21:17:22

Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003f ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB

Running: Gmer-19357.exe; Driver: C:\Users\thea\AppData\Local\Temp\pgtoypog.sys
 
 

---- User code sections - GMER 2.1 ----
 

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                    000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                    000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                  000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                          000007fc24af177a 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                          000007fc24af1782 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007fc24af177a 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007fc24af1782 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                   000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                   000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                 000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                        000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                        000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                      000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007fc24af177a 4 bytes [AF, 24, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007fc24af1782 4 bytes [AF, 24, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                            000007fc16861b32 4 bytes [86, 16, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                            000007fc16861b3a 4 bytes [86, 16, FC, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                            000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                            000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                          000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fc24af177a 4 bytes [AF, 24, FC, 07]

.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fc24af1782 4 bytes [AF, 24, FC, 07]

.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                             000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                             000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                           000007fc2139165a 4 bytes [39, 21, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                   000007fc24af177a 4 bytes [AF, 24, FC, 07]

.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                   000007fc24af1782 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fc24af177a 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fc24af1782 4 bytes [AF, 24, FC, 07]

.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                             000007fc21391532 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                             000007fc2139153a 4 bytes [39, 21, FC, 07]

.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                           000007fc2139165a 4 bytes [39, 21, FC, 07]
 

---- Threads - GMER 2.1 ----
 

Thread   C:\Windows\system32\csrss.exe [644:660]                                                                                                                    fffff960009555e8

Thread    [1764:1796]                                                                                                                                               00000000776a50a7

Thread    [1764:1804]                                                                                                                                               0000000076af8064

Thread    [1764:1828]                                                                                                                                               00000000749fc59c

Thread    [1764:1884]                                                                                                                                               00000000749fc59c

Thread    [1764:1888]                                                                                                                                               00000000749fc59c

Thread    [1764:1892]                                                                                                                                               00000000749fc59c

Thread    [1764:1912]                                                                                                                                               000000007490304c

Thread    [1764:2452]                                                                                                                                               0000000077694ba2

Thread    [1764:3824]                                                                                                                                               00000000776a50a7

Thread    [1764:3872]                                                                                                                                               00000000776a50a7

Thread    [1764:6792]                                                                                                                                               00000000776a50a7

---- Processes - GMER 2.1 ----
 

Process  C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1688] (WPM Service/Cherished Technololgy LIMITED)(2  0000000001010000
 

---- Disk sectors - GMER 2.1 ----
 

Disk     \Device\Harddisk0\DR0                                                                                                                                      unknown MBR code
 

---- EOF - GMER 2.1 ----

Vielen Dank für die Hilfe

Du hast einiges an Adware gesammelt, aber das stellt kein Problem dar :).

Schritt 1
Bitte deinstalliere folgende Programme:

BrowseMark
MyPC Backup

Gehe dafür auf:

Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)

und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Starte noch einmal FRST.

Setze einen Haken bei Addition.txt und drücke Scan.
Wenn der Scan abgeschlossen ist, wird zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt der Logfiles bitte hier in deinen Thread.

Poste folgende Logfiles in deiner nächsten Antwort:

AdwCleaner-Scan
JRT-Scan
FRST-Scan

Code:

# AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 21:42:02

# Aktualisiert 01/04/2014 von Xplode

# Betriebssystem : Windows 8  (64 bits)

# Benutzername : thea - MANNI

# Gestartet von : C:\Users\thea\Desktop\adwcleaner.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : IePluginService

Dienst Gelöscht : NewPlayerUpdaterService

Dienst Gelöscht : Re-markit

Dienst Gelöscht : Wpm
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\IePluginService

Ordner Gelöscht : C:\ProgramData\WPM

Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer

Ordner Gelöscht : C:\Program Files (x86)\NewPlayer

Ordner Gelöscht : C:\Program Files (x86)\SupTab

Ordner Gelöscht : C:\Users\thea\AppData\Local\NewPlayer

Ordner Gelöscht : C:\Users\thea\AppData\Roaming\DriverCure

Ordner Gelöscht : C:\Users\thea\AppData\Roaming\SupTab

Ordner Gelöscht : C:\Users\thea\AppData\Roaming\Systweak

Ordner Gelöscht : C:\Users\thea\AppData\Roaming\webssearches

Ordner Gelöscht : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\quick_start@gmail.com

Datei Gelöscht : C:\Windows\System32\roboot64.exe

Datei Gelöscht : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\user.js

Datei Gelöscht : C:\Windows\Tasks\Re-markit Update.job

Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit Update
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk

Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.14 1738.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command

Schlüssel Gelöscht : HKCU\Software\InstallCore

Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions

Schlüssel Gelöscht : HKCU\Software\systweak

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider

Schlüssel Gelöscht : HKLM\Software\IePlugin

Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions

Schlüssel Gelöscht : HKLM\Software\supTab

Schlüssel Gelöscht : HKLM\Software\supWPM

Schlüssel Gelöscht : HKLM\Software\systweak

Schlüssel Gelöscht : HKLM\Software\Uniblue

Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware

Schlüssel Gelöscht : HKLM\Software\Wpm

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
 

***** [ Browser ] *****
 

-\\ Internet Explorer v10.0.9200.16537
 

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 

-\\ Mozilla Firefox v28.0 (de)
 

[ Datei : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\prefs.js ]
 

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1397504293&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793");

Zeile gelöscht : user_pref("extensions.crossrider.bic", "1455f9dfae2c914cca845f82a7bc589e");
 

*************************
 

AdwCleaner[R0].txt - [10705 octets] - [14/04/2014 21:41:23]

AdwCleaner[S0].txt - [8314 octets] - [14/04/2014 21:42:02]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8374 octets] ##########

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by thea on 14.04.2014 at 21:47:44,51

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
 
 
 

~~~ Files
 
 
 

~~~ Folders
 

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"

Successfully deleted: [Folder] "C:\Users\thea\AppData\Roaming\speedypc software"

Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"
 
 
 

~~~ FireFox
 

Emptied folder: C:\Users\thea\AppData\Roaming\mozilla\firefox\profiles\7a2yq0mb.default\minidumps [56 files]
 
 
 

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2014 at 21:51:23,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by thea (administrator) on MANNI on 14-04-2014 21:54:22

Running from C:\Users\thea\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files (x86)\PHotkey\PHotkey.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe

() C:\Program Files (x86)\PHotkey\ATouch64.exe

() C:\Program Files (x86)\PHotkey\POSD.exe

() C:\Program Files (x86)\PHotkey\GPMTray.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default

FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: webssearches

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]

FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]

FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi

FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)

R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)

R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-14 21:51 - 2014-04-14 21:51 - 00001150 _____ () C:\Users\thea\Desktop\JRT.txt

2014-04-14 21:47 - 2014-04-14 21:47 - 00008518 _____ () C:\Users\thea\Desktop\AdwCleaner[S0].txt

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:17 - 2014-04-14 21:17 - 00010858 _____ () C:\Users\thea\Desktop\gmer.log

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 21:00 - 2014-04-14 21:54 - 00014186 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 21:00 - 2014-04-14 21:01 - 00022527 _____ () C:\Users\thea\Desktop\Addition.txt

2014-04-14 20:59 - 2014-04-14 21:54 - 00000000 ____D () C:\FRST

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-04-14 11:43 - 2014-04-14 21:45 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job

2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results

2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com

2014-04-14 11:42 - 2014-04-14 21:45 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job

2014-04-14 11:42 - 2014-04-14 21:45 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job

2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1

2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2

2014-04-14 11:41 - 2014-04-14 21:45 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job

2014-04-14 11:41 - 2014-04-14 21:45 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job

2014-04-14 11:41 - 2014-04-14 21:45 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job

2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus

2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3

2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4

2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5

2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp

2014-04-14 11:40 - 2014-04-14 21:45 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job

2014-04-14 11:40 - 2014-04-14 21:45 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job

2014-04-14 11:40 - 2014-04-14 21:45 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job

2014-04-14 11:40 - 2014-04-14 21:45 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job

2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2

2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9

2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3

2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4

2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1

2014-04-14 11:39 - 2014-04-14 21:45 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job

2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd

2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job

2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3

2014-03-24 09:15 - 2014-04-14 21:45 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job

2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job

2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job

2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3

2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro

2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task

2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
 

==================== One Month Modified Files and Folders =======
 

2014-04-14 21:54 - 2014-04-14 21:00 - 00014186 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 21:54 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST

2014-04-14 21:54 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002

2014-04-14 21:51 - 2014-04-14 21:51 - 00001150 _____ () C:\Users\thea\Desktop\JRT.txt

2014-04-14 21:47 - 2014-04-14 21:47 - 00008518 _____ () C:\Users\thea\Desktop\AdwCleaner[S0].txt

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:46 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam

2014-04-14 21:45 - 2014-04-14 11:43 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job

2014-04-14 21:45 - 2014-04-14 11:42 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job

2014-04-14 21:45 - 2014-04-14 11:42 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job

2014-04-14 21:45 - 2014-04-14 11:41 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job

2014-04-14 21:45 - 2014-04-14 11:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job

2014-04-14 21:45 - 2014-04-14 11:41 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job

2014-04-14 21:45 - 2014-04-14 11:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job

2014-04-14 21:45 - 2014-04-14 11:40 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job

2014-04-14 21:45 - 2014-04-14 11:40 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job

2014-04-14 21:45 - 2014-04-14 11:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job

2014-04-14 21:45 - 2014-04-14 11:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job

2014-04-14 21:45 - 2014-03-24 09:15 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job

2014-04-14 21:45 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP

2014-04-14 21:43 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:42 - 2012-11-08 01:17 - 00110764 _____ () C:\Windows\PFRO.log

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:17 - 2014-04-14 21:17 - 00010858 _____ () C:\Users\thea\Desktop\gmer.log

2014-04-14 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP

2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump

2014-04-14 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 21:01 - 2014-04-14 21:00 - 00022527 _____ () C:\Users\thea\Desktop\Addition.txt

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:47 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat

2014-04-14 20:47 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat

2014-04-14 20:47 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 20:38 - 2014-04-14 11:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log

2014-04-14 11:58 - 2014-04-14 11:43 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results

2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com

2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus

2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1

2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2

2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3

2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4

2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5

2014-04-14 11:41 - 2014-04-14 11:40 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2

2014-04-14 11:41 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9

2014-04-14 11:40 - 2014-04-14 11:41 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp

2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3

2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4

2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1

2014-04-14 11:40 - 2014-04-14 11:39 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd

2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe

2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni

2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe

2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-04-09 18:00 - 2014-03-24 09:16 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job

2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log

2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben

2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-24 12:57 - 2014-03-24 09:15 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job

2014-03-24 12:57 - 2014-03-24 09:15 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job

2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3

2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3

2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro

2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task

2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax

2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-03-15 12:47 - 2014-03-14 18:18 - 00000000 ____D () C:\Users\thea\AppData\Local\NETGEARGenie
 

Some content of TEMP:

====================

C:\Users\thea\AppData\Local\Temp\AskSLib.dll

C:\Users\thea\AppData\Local\Temp\avgnt.exe

C:\Users\thea\AppData\Local\Temp\BackupSetup.exe

C:\Users\thea\AppData\Local\Temp\COMAP.EXE

C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\thea\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-08 11:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014

Ran by thea at 2014-04-14 21:54:46

Running from C:\Users\thea\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden

CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden

Intel PROSet Wireless (Version:  - ) Hidden

Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)

Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)

Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

NVIDIA Control Panel 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)

Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
 

==================== Restore Points  =========================
 

24-03-2014 11:21:41 Installed inSSIDer Home

31-03-2014 18:08:15 Geplanter Prüfpunkt

08-04-2014 09:17:30 Geplanter Prüfpunkt

10-04-2014 04:24:03 Garmin Express

13-04-2014 09:06:31 Windows Update

14-04-2014 09:40:39 Uniblue SpeedUpMyPC installation
 

==================== Hosts content: ==========================
 

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {0AB1B703-856F-43D0-B2E0-9BC5E96714F5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {1E2D4E92-39FB-41B6-BF18-498F3CA2873B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)

Task: {21C9DAFE-3EE9-4978-AD02-980284B497B4} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {2ADDFB58-547F-4443-8620-54432E7EC951} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-14] (Freeven)

Task: {42C9DA15-2966-40F3-A49F-E3DB9DF42431} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

Task: {44ACF686-2231-42B8-848C-C158DD98A8BC} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe [2014-04-14] (HQ-V-1.9)

Task: {460AFC69-E096-4DE9-9EFC-67475DE2A0AD} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-14] (Freeven)

Task: {47799C6E-4F3D-4B9A-85EF-1C66705A438B} - \Re-markit Update ATTENTION ====> No Task File

Task: {5DA3C27B-DB74-45CB-9046-254570CF8E98} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-14] () <==== ATTENTION

Task: {6ED17475-4099-4894-9859-21B5D92EEB95} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {785EF32D-B393-4D59-9948-F7EAF8DD40E7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-14] (Freeven)

Task: {7BE07481-CFE3-4B36-8374-DF70794DD56B} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe [2014-04-14] (HQ-V-1.9)

Task: {8D7F0D29-F1C6-44D8-8237-E6D260D36128} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {8FCBC8F9-73C9-40FA-BE69-8A43FC028C26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-01] ()

Task: {92BD4CB1-0965-4E4B-A1A1-73BD866471EB} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-14] (Freeven)

Task: {9C39FAA7-B176-4A06-8E2A-4600AF642F12} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe [2014-04-14] (HQ-V-1.9)

Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {AE9ABCF3-C177-47AB-94DC-67FB14ACBD9C} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe [2014-04-14] (HQ-V-1.9)

Task: {BD2C1796-2413-4598-8600-667C9AC00B51} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-14] (Freeven)

Task: {BD2D78C9-DFCB-431C-957F-E02F0E3443AA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: {C3393D35-4545-4B7D-BB2D-A98FD60EC8A2} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1 => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe [2014-04-14] (HQ-V-1.9)

Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)

Task: {DD9C1D32-CD68-4125-AD7B-EB00D9EB1240} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)

Task: {E354C038-3F43-4150-990A-27ED4AA515A9} - System32\Tasks\SpeedyPC Pro => C:\Users\thea\SpeedyPC\SpeedyPC.exe

Task: {E92A7EFF-995E-4C42-AE31-0706F2C134CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {FB1789FB-53C3-4D98-AAF1-10BF1D7BBF96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe

Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe

Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION

Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Users\thea\SpeedyPC\SpeedyPC.exe

Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll

Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
 

==================== Loaded Modules (whitelisted) =============
 

2012-11-29 15:30 - 2012-11-29 14:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

2013-02-14 20:40 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll

2012-11-08 23:07 - 2012-10-19 13:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe

2012-11-29 15:30 - 2012-11-27 16:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe

2012-11-29 15:30 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

2012-11-29 15:30 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

2014-04-14 11:39 - 2014-04-14 11:39 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe

2012-11-29 15:30 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe

2012-11-29 15:30 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe

2012-11-29 15:30 - 2012-08-08 19:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe

2012-11-09 00:28 - 2012-10-22 19:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-02-14 18:36 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-11-29 15:30 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll

2012-11-29 15:30 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll

2012-11-08 23:05 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-03-09 13:12 - 2014-03-09 13:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll

2012-11-15 13:13 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

2013-02-14 17:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Disabled items from MSCONFIG ==============
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============
 

Microsoft Office Sessions:

=========================
 

==================== Memory info =========================== 
 

Percentage of memory in use: 39%

Total physical RAM: 3977.02 MB

Available physical RAM: 2413.25 MB

Total Pagefile: 8073.02 MB

Available Pagefile: 6324.09 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:808.14 GB) NTFS

Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Additions.txt fehlt noch :).

habe ich noch hinzugefügt. ist das ok?

Werbung ist bisher weg.

Zitat:

habe ich noch hinzugefügt. ist das ok?

Klar :).

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe

C:\Program Files (x86)\Re-markit-soft

AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found

AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: webssearches

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml

FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]

FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]

FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi

FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job

2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job

2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job

2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3

2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2

2014-04-14 11:43 - 2014-04-14 21:45 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job

2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results

2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5

2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com

2014-04-14 11:42 - 2014-04-14 21:45 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job

2014-04-14 11:42 - 2014-04-14 21:45 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job

2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1

2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2

2014-04-14 11:41 - 2014-04-14 21:45 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job

2014-04-14 11:41 - 2014-04-14 21:45 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job

2014-04-14 11:41 - 2014-04-14 21:45 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job

2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus

2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3

2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4

2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5

2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp

2014-04-14 11:40 - 2014-04-14 21:45 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job

2014-04-14 11:40 - 2014-04-14 21:45 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job

2014-04-14 11:40 - 2014-04-14 21:45 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job

2014-04-14 11:40 - 2014-04-14 21:45 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job

2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2

2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9

2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3

2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4

2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1

2014-04-14 11:39 - 2014-04-14 21:45 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job

2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft

2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd

2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job

2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3

2014-03-24 09:15 - 2014-04-14 21:45 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job

2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job

2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job

2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3

2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro

2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.

Ändere keine der Voreinstellungen und drücke auf Scan.
Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Gibt es noch weitere Probleme mit dem Rechner?

Poste folgende Logfiles in deiner nächsten Antwort:

FRST-Fix
MBAM-Scan
ESET-Scan
FRST-Scan

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=be7fbdb74ad4444fada2ad90ec6d9214
# engine=17886
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-15 06:20:33
# local_time=2014-04-15 08:20:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 2328106 46313349 0 0
# scanned=239763
# found=4
# cleaned=0
# scan_time=77706
sh=5A2788927EE1E67F9E945D10D562C4957A07BE34 ft=1 fh=c71c0011bb6d120b vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe"
sh=8F3CC22D25D4E8696CDB208D45EDD0CEB761FD3D ft=1 fh=ca1eee2075d2f7bd vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe"
sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe"
sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\Re-markit_2040-2082.exe"

Fehlen noch die anderen Logfiles :).

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by thea (administrator) on MANNI on 15-04-2014 21:14:50

Running from C:\Users\thea\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files (x86)\PHotkey\PHotkey.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

() C:\Program Files (x86)\PHotkey\ATouch64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files (x86)\PHotkey\POSD.exe

() C:\Program Files (x86)\PHotkey\GPMTray.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Lenovo) C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
 

==================== Internet (Whitelisted) ====================
 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default

FF NewTab: chrome://quick_start/content/index.html

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)

R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)

R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-15 21:14 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\Malwarebytes Anti-Malware.txt

2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe

2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 20:59 - 2014-04-15 21:14 - 00000000 ____D () C:\FRST

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
 

==================== One Month Modified Files and Folders =======
 

2014-04-15 21:15 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-15 21:14 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST

2014-04-15 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-15 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat

2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat

2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 22:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002

2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\Malwarebytes Anti-Malware.txt

2014-04-14 22:40 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam

2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 22:39 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP

2014-04-14 22:37 - 2012-11-08 01:17 - 00114378 _____ () C:\Windows\PFRO.log

2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-04-14 22:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe

2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe

2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP

2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni

2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe

2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log

2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben

2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax

2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
 

Some content of TEMP:

====================

C:\Users\thea\AppData\Local\Temp\AskSLib.dll

C:\Users\thea\AppData\Local\Temp\avgnt.exe

C:\Users\thea\AppData\Local\Temp\BackupSetup.exe

C:\Users\thea\AppData\Local\Temp\COMAP.EXE

C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\thea\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-08 11:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014

Ran by thea (administrator) on MANNI on 15-04-2014 21:14:50

Running from C:\Users\thea\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files (x86)\PHotkey\PHotkey.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

() C:\Program Files (x86)\PHotkey\ATouch64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files (x86)\PHotkey\POSD.exe

() C:\Program Files (x86)\PHotkey\GPMTray.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Lenovo) C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)

HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
 

==================== Internet (Whitelisted) ====================
 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
 

FireFox:

========

FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default

FF NewTab: chrome://quick_start/content/index.html

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)

R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)

R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-15 21:14 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\Malwarebytes Anti-Malware.txt

2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe

2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 20:59 - 2014-04-15 21:14 - 00000000 ____D () C:\FRST

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
 

==================== One Month Modified Files and Folders =======
 

2014-04-15 21:15 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-15 21:14 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST

2014-04-15 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-15 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat

2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat

2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 22:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002

2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\Malwarebytes Anti-Malware.txt

2014-04-14 22:40 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam

2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 22:39 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP

2014-04-14 22:37 - 2012-11-08 01:17 - 00114378 _____ () C:\Windows\PFRO.log

2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-04-14 22:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe

2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe

2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP

2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni

2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe

2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log

2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben

2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax

2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
 

Some content of TEMP:

====================

C:\Users\thea\AppData\Local\Temp\AskSLib.dll

C:\Users\thea\AppData\Local\Temp\avgnt.exe

C:\Users\thea\AppData\Local\Temp\BackupSetup.exe

C:\Users\thea\AppData\Local\Temp\COMAP.EXE

C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\thea\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-08 11:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Du hast mir zweimal das neue FRST Logfile gepostet. Es fehlen noch das Logfile vom FRST Fix (Schritt 1) und Malwarebytes Anti Malware (Schritt 2). Wenn ich die habe, gehts weiter :).

Ohhh Sorry hab mit Hilfe geholt, jetzt kommen die Posts

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 14.04.2014

Suchlauf-Zeit: 22:36:26

Logdatei: Malwarebytes Anti-Malware.txt

Administrator: Ja
 

Version: 2.00.1.1004

Malware Datenbank: v2014.04.14.07

Rootkit Datenbank: v2014.03.27.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Chameleon: Deaktiviert
 

Betriebssystem: Windows 8

CPU: x64

Dateisystem: NTFS

Benutzer: thea
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 280281

Verstrichene Zeit: 14 Min, 24 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Shuriken: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 3

PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, In Quarantäne, [6898758bff0134cc853ebbb0837f827e], 

PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [b14fd0301ce4fe02f1d46b00d82a56aa], 

PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-1122175865-1022530374-3628578816-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [738d7c8404fc45bb35903b302dd5ec14], 
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 13

PUP.Optional.DomaIQ, C:\Users\thea\AppData\Local\Temp\s61f5sVN.exe.part, In Quarantäne, [8b751ee20cf406fa103e88b767994fb1], 

PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\ICReinstall_nsr4DD8.tmp, In Quarantäne, [3ec26997916fe11fc6eb1b506e93619f], 

PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\nsnAE4F.tmp, In Quarantäne, [758bae5237c9c838bdf44b2046bbd62a], 

PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\nsr4DD8.tmp, In Quarantäne, [06fa7a8621dfce32cfe2363598698080], 

Backdoor.Bot, C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\android.exe, In Quarantäne, [5ea22fd1f808b34d17b35313d92822de], 

PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\lly_webssearches.exe, In Quarantäne, [3dc3ea160cf409f70b883f115fa25aa6], 

Backdoor.Bot, C:\Users\thea\AppData\Local\Temp\android\android.exe, In Quarantäne, [87796c946a96cf31408a2c3af30eae52], 

PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\alilog.dll, In Quarantäne, [6e921be5d42c0bf55eb4949e60a0a957], 

PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\package1.zip, In Quarantäne, [f50b8779cd33857bd53d1f134eb2f30d], 

PUP.Optional.IePluginService.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\tmp\SupTab.exe, In Quarantäne, [55ab738dd729b14ffcb7e56bd829af51], 

PUP.Optional.WpManager, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\tmp\wpm.exe, In Quarantäne, [41bff9076f9180805aaebf9ce8198977], 

PUP.Optional.RegCleanPro, C:\Users\thea\AppData\Local\Temp\is45637729\59619153_stp\rcpsetup_adppi15_adppi15.exe, In Quarantäne, [1ee279876997966aa2e72f0515eb17e9], 

PUP.Optional.DomaIQ, C:\Users\thea\Downloads\Setup.exe, In Quarantäne, [19e735cbf8089b65be90c17e7987e020], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6920

# api_version=3.0.2

# EOSSerial=be7fbdb74ad4444fada2ad90ec6d9214

# engine=17916

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=false

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-04-16 09:42:33

# local_time=2014-04-16 11:42:33 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode=5893 16776574 100 94 2426626 46411869 0 0

# scanned=239796

# found=4

# cleaned=0

# scan_time=11842

sh=5A2788927EE1E67F9E945D10D562C4957A07BE34 ft=1 fh=c71c0011bb6d120b vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe"

sh=8F3CC22D25D4E8696CDB208D45EDD0CEB761FD3D ft=1 fh=ca1eee2075d2f7bd vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe"

sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe"

sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\Re-markit_2040-2082.exe"

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014

Ran by thea (administrator) on MANNI on 17-04-2014 19:54:19

Running from C:\Users\thea\Desktop

Windows 8 (X64) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe

(Microsoft Corporation) C:\Windows\system32\dashost.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

() C:\Program Files\CyberLink\Shared files\RichVideo64.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

() C:\Program Files (x86)\PHotkey\PHotkey.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe

() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe

() C:\Program Files (x86)\PHotkey\ATouch64.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

() C:\Program Files (x86)\PHotkey\POSD.exe

() C:\Program Files (x86)\PHotkey\GPMTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)

HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)

HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1

HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
 

==================== Internet (Whitelisted) ====================
 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
 

FireFox:

========

FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default

FF NewTab: chrome://quick_start/content/index.html

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)

R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)

R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)

R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()

R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)

R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)

R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)

R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)

R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-04-17 19:54 - 2014-04-17 19:54 - 00000000 ____D () C:\Users\thea\Desktop\FRST-OlderVersion

2014-04-17 07:09 - 2014-04-16 23:42 - 00001524 _____ () C:\Users\thea\Desktop\ESET.txt

2014-04-16 20:23 - 2014-04-16 20:23 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-15 21:14 - 2014-04-17 19:54 - 00012527 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\Malwarebytes Anti-Malware.txt

2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe

2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 20:59 - 2014-04-17 19:54 - 00000000 ____D () C:\FRST

2014-04-14 20:58 - 2014-04-17 19:54 - 02158592 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll

2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll

2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe

2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll

2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll

2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml

2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys

2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll

2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
 

==================== One Month Modified Files and Folders =======
 

2014-04-17 19:54 - 2014-04-17 19:54 - 00000000 ____D () C:\Users\thea\Desktop\FRST-OlderVersion

2014-04-17 19:54 - 2014-04-15 21:14 - 00012527 _____ () C:\Users\thea\Desktop\FRST.txt

2014-04-17 19:54 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST

2014-04-17 19:54 - 2014-04-14 20:58 - 02158592 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe

2014-04-17 19:50 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam

2014-04-17 19:50 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP

2014-04-17 19:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-17 19:48 - 2012-11-08 01:17 - 00114918 _____ () C:\Windows\PFRO.log

2014-04-17 19:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-04-17 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru

2014-04-17 14:45 - 2013-02-14 17:37 - 01774156 _____ () C:\Windows\WindowsUpdate.log

2014-04-17 06:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent

2014-04-16 23:42 - 2014-04-17 07:09 - 00001524 _____ () C:\Users\thea\Desktop\ESET.txt

2014-04-16 22:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache

2014-04-16 20:23 - 2014-04-16 20:23 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-04-15 21:46 - 2013-02-14 17:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002

2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat

2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat

2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\Malwarebytes Anti-Malware.txt

2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe

2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe

2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT

2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner

2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe

2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe

2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp

2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP

2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump

2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe

2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable

2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea

2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe

2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni

2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe

2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini

2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee

2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe

2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData

2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore

2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI

2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin

2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache

2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask

2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin

2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin

2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink

2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls

2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log

2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben

2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF

2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC

2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules

2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews

2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi

2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp

2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender

2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
 

Some content of TEMP:

====================

C:\Users\thea\AppData\Local\Temp\AskSLib.dll

C:\Users\thea\AppData\Local\Temp\avgnt.exe

C:\Users\thea\AppData\Local\Temp\BackupSetup.exe

C:\Users\thea\AppData\Local\Temp\COMAP.EXE

C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\thea\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-04-17 03:01
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Wenn du keine Probleme mehr hast, sind wir fertig :).

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

FF NewTab: chrome://quick_start/content/index.html

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2
Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Updates
Internet Explorer 11

Lade dir bitte den Internet Explorer 11 herunter und installiere diesen. Auch wenn du den Internet Explorer nicht primär verwenden solltest, ist es trotzdem wichtig, diesen aktuell zu halten.

Cleanup
Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps).

Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> Software
Windows Vista/7: Start --> Systemsteuerung --> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) --> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst :).

Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen

Welcher Antivirenscanner ist der beste?

Die Antwort auf die Frage ist im Grunde einfach: keiner. Es gibt keinen Antivirenscanner, der immer alle Schädlinge sofort erkennt und dich 100%ig schützt. Alles vom Menschen geschaffene ist fehlerhaft und es ist ratsam, sich nur begrenzt darauf zu verlassen. Das heißt nicht, dass die Verwendung eines Antivirenprogramms keinen Sinn macht, aber es sollte als zusätzliche Hilfe angesehen werden. Die Hauptverantwortung liegt bei dir und deinem Verhalten im Internet selbst.

Benutze nur einen Antivirenscanner/Hintergrundwächter, niemals zwei oder mehrere. Diese könnten sich gegenseitig blockieren und dir mehr schaden, als helfen. Achte darauf, dass immer die neuesten Updates heruntergeladen werden. Ein veralteter Antivirenscanner ist nutzlos!
- Ein gutes Antivirenprogramm ist Emsisoft Anti-Malware.

Außerdem kannst du dein Betriebssystem mit On-Demand Sannern überprüfen. Solche Scanner laufen nicht permanent im Hintergrund, sondern scannen nur "auf Knopfdruck" dein System. Damit holst du dir eine zweite Meinung ein. Gute On-Demand Scanner, die auch wir zur Kontrolle benutzen, sind Malwarebytes Anti Malware und der ESET Online Scanner.
- Malwarebytes Anti-Malware (Anleitung zur Verwendung) ist eines der besten und zuverlässigsten Programme in der Malwareentfernung. Scanne dein System einmal pro Woche oder einmal in zwei Wochen.
- Der ESET Online Scanner (Anleitnung zur Verwendung) ist kostenlos und scannt dein System und deine Dateien sehr gründlich. Deswegen kann der Scan bei vielen Dateien mehrere Stunden dauern. Scanne dein System nach deinem eigenem Ermessen. Falls schädliche Dateien gefunden werden, handle nicht eigenmächtig!

Aber Updates muss ich immer installieren, oder?

Die Aktualität von Software ist sehr wichtig und unbedingt notwendig. Veraltete Programme stellen Schwachstellen dar, die sich Angreifer gerne zur Nutze machen. Daher ist es wichtig, immer die neueste Version der jeweiligen Software installiert zu haben. Dies fängt beim Betriebssystem an. Du solltest das neueste Service Pack installiert und automatische Updates eingeschaltet haben.
Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren

Häufig werden Sicherheitslücken von älteren Java Versionen, dem Flash-Player und PDF-Reader ausgenutzt. Du kannst hier überprüfen, ob diese häufig missbrauchte Software aktuell ist: PluginCheck

Außerdem empfehle ich dir den http://www.trojaner-board.de/83959-s...tml#post510373. Dieser überprüft, ob du veraltete Software auf deinem Rechner verwendest und kann sie in manchen Fällen automatisch updaten.

Ok, muss ich auf etwas achten, wenn ich im Internet surfe?

Mit dem richtigen Verhalten im Internet fängt der Schutz vor Infektionen an. Es gibt inzwischen viele virtuelle Betrugsversuche oder Tricks zum Täuschen, sowie im echten Leben. Um sich dort zu schützen, hast du bestimmte Angewohnheiten. Diese können auf das Surfverhalten übertragen werden. Zur Verdeutlichung stelle ich dir einen kleinen Vergleich zum Leben her:

Verhalten im Leben	Verhalten im Internet
Du überprüfst vorher die Läden, in denen du einkaufst.	Klicke nicht auf alle Seiten/Werbungen/PopUps, weil diese bunt sind oder tolle Preise versprechen.
Du achtest auf die Qualität, wenn du Produkte kaufst.	Lade dir Programme nur von original Herstellerseiten herunter und nicht von Softonic oder ähnlichem. Diese birgen häufig die Gefahr, sich zusätzlich Adware herunterzuladen.
Du öffnest keine Briefe oder Pakete ohne zu gucken, von wem diese sind.	Öffne nur Anhänge von Emails, wenn der Absender bekannt ist. Überprüfe, ob zum Beispiel eine Rechnung im Anhang wirklich von der Firma versendet wurde. Häufig werden gefälschte Emails mit schädlichem Anhang verschickt!

Handle mit Bedacht und überlege zuerst, bevor du etwas anklickst, herunterlädst oder öffnest!

Vermeide das Besuchen von pornographischen, Pokerspiel oder weiteren dubiosen Webseiten. Diese birgen ein besonders großes Infektionsrisiko.

Welche Programme sollte ich nicht verwenden?

Wenn du neue Software installierst, besteht häufig die Auswahl, eine weitere Toolbar (oder ähnliches) zu installieren. Entferne generell den Haken bei optionalen Zusatzprogrammen. Diese verlangsamen in der Regel deinen Browser und können ein erhöhtes Infektionsrisiko bedeuten.

Registry Cleaner versprechen meist einen großen Performancegewinn, wenn verwaiste Einträge in der Regsitry entfernt werden. Dieser angebliche Gewinn ist kaum bis gar nicht bemerkbar. Außerdem wird häufig verschwiegen, dass falsche Änderungen der Registry zu schwerwiegenden Folgen führen können. Deswegen sollte so wenig wie möglich an der Registry verändert werden. Zerstörst du die Registry, zerstörst du Windows!

Filesharing oder Peer-to-Peer Programme ermöglichen es, Dateien mit anderen Nutzern auszutauschen. Es ist möglich, dass du dir eine infizierte Datei herunterlädst (auch versteckt in angeblich legalen Versionen von bekannten Programmen). Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht oder gar nicht benutzt werden.
- Lade dir vor allem keine Cracks (illegale Version einer Software) herunter. Das ist rechtlich nicht erlaubt und du kannst dafür bestraft werden. Außerdem ist bei solcher Software das Infektionsrisiko am höchsten, da Cracks sehr häufig versteckte Malware enthalten.

Gibt es noch weitere Tipps, um mich zu schützen?

Achte auf die Endung von Dateien, die dir zugesendet wurden. Häufig versuchen Malwareschreiber mit Tricks wie Rechnung.pdf.exe dich zu täuschen. Wenn die Dateiendung ausgeblendet wird, bleibt Rechnung.pdf übrig, was den Anschein einer normalen PDF-Datei macht. Lass dir daher bekannte Dateiendung anzeigen (Anleitung: http://www.trojaner-board.de/59624-a...-sichtbar.html)

Surfe mit einem Konto mit eingeschränkten Rechten. Durch Administratorrechte kann Malware ohne Probleme zahlreiche Änderungen am System vornehmen, zum Beispiel Sicherheitseinstellungen verändern oder auf Systemdateien zugreifen.
Verwende nicht immer das gleiche Passwort. Falls dein Passwort durch entsprechende Malware herausgefunden wird, könnte auf alle Konten von dir zugegriffen werden.

Lege in regelmäßigen Abständen Backups (Was sind Backups?) von deinem System an. Dadurch ist ein Datenverlust durch Malware oder Hardwareschäden verkraftbar und es ist vergleichsweise einfach, den Rechner auf den Stand des letzten Backups zu bringen. Damit du deine Daten nicht manuell sichern musst, gibt es Backup-Programme wie Paragon Backup & Recovery.

Deaktiviere das Autorun-Feature von Windows. Dies ermöglicht, dass zum Beispiel CDs, DVDs oder Programme auf USB-Sticks alleine starten. Häufig nutzen Malwareschreiber genau diese Funktion aus. In solchen Fällen befindet sich Malware auf dem USB-Stick und wird automatisch beim Anschließen an den Computer ausgeführt. Um das zu verhinden, deaktiviere die Autorun-Funktion: http://www.trojaner-board.de/83238-a...sschalten.html.

Wenn dich das Thema Computersicherheit interessiert und du noch mehr Tipps und Tricks zum Schutz deines Rechners haben willst, ist der Emsisoft Blog genau richtig für dich ;).

Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden :).

Ich wünsche dir eine schöne und malwarefreie Zeit :daumenhoc.

Ich habe soweit keine Probleme mehr! Vi....elen Dank und schöne Ostertage!

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014

Ran by thea at 2014-04-19 20:34:49 Run:2

Running from C:\Users\thea\Desktop

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

FF NewTab: chrome://quick_start/content/index.html

2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe

         

*****************
 

Firefox newtab deleted successfully.

C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
 

==== End of Fixlog ====