Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Lästige Werbung im Browser nach Update von Firefox

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.04.2014, 19:55   #1
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Hallo ich benötige Hilfe.

Ich habe die Aufforderung Firefox zu aktualisieren befolgt und habe diese angeklickt. Es wurden verschiedenste Programme gleichzeit gedownloadet. Diese habe ich deinstalliert. Beim Öffnen des Firefox-Browsers popt nun ständig Werbung auf. Können Sie mir bei der Beseitigung behilflich sein.

Avira ergab keine Treffer.

Alt 14.04.2014, 20:15   #2
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Hallo Manni3105,

mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:
Regeln zum Ablauf der Bereinigung
  • Arbeite die Anleitungen und Schritte sorgfältig und nacheinander ab.
  • Wenn du etwas nicht verstehst oder du dir unsicher bist, frage nach und schildere das Problem, so gut es geht. Handle nicht auf eigene Faust.
    • Die Ausführung diverser Bereinigungsprogramme (mit Scripts aus anderen Threads) können dein Betriebssystem zerschießen!
  • Die Bereinigung eines Rechners in verschiedenen Foren zur selben Zeit ist verboten (Crossposting).
  • Installiere oder deinstalliere keine zusätzlichen Programme, lösche keine Dateien und führe nicht selbstständig Systemupdates durch.
  • Die Symptome können verschwunden sein, jedoch bedeutet das Verschwinden von äußeren Merkmalen einer Infektion nicht, dass du wieder clean bist.
    • Ich werde dir ein eindeutiges Clean geben, solange arbeite bitte mit.
Hinweis
  • Die von uns benutzten Programme erstellen meist ein Ergebnisprotokoll (Logfile genannt). Bitte füge alle von mir in einem Schritt geforderten Logfiles in einer Antwort/einem Post ein.
Wenn du alles gelesen hast, kann es losgehen. Bitte speichere alle Programme auf dem Desktop und führe sie von dort aus.



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST-Scan
__________________

__________________

Alt 14.04.2014, 20:23   #3
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:57 on 14/04/2014 (thea)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 14-04-2014 21:00:00
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-04-02] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-04-02] (Skytech Co., Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: HQ-V-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-bho64.dll (HQ-V-1.9)
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO-x32: HQ-V-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-bho.dll (HQ-V-1.9)
BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: BrowseMark - {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} - C:\Program Files (x86)\BrowseMark\BrowseMarkbho.dll (BrowseMark)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF user.js: detected! => C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]
FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]
FF Extension: Quick Start - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\quick_start@gmail.com [2014-04-14]
FF Extension: BrowseMark - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.xpi [2014-04-12]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\extensions\quick_start@gmail.com [2014-04-14]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-04-10] ()
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe [141824 2014-04-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
R2 Update BrowseMark; C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe [350496 2014-04-12] ()
R2 Util BrowseMark; C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe [350496 2014-04-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-14] (Cherished Technololgy LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 21:00 - 2014-04-14 21:00 - 00020248 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 20:59 - 2014-04-14 21:00 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:52 - 2014-04-14 20:44 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2014-04-14 11:52 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\thea\AppData\Roaming\systweak
2014-04-14 11:52 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 20:40 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\newplayer
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:42 - 2014-04-14 20:40 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 11:42 - 2014-04-14 20:39 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 11:42 - 2014-04-14 11:45 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SupTab
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\WPM
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-14 11:41 - 2014-04-14 20:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 11:41 - 2014-04-14 20:40 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 11:41 - 2014-04-14 20:40 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:41 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 20:41 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 11:40 - 2014-04-14 20:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 11:40 - 2014-04-14 20:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 11:40 - 2014-04-14 20:39 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:39 - 2014-04-14 20:44 - 00000416 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-14 11:39 - 2014-04-14 20:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00003054 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SpeedyPC Software
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\DriverCure
2014-03-24 09:15 - 2014-04-14 20:39 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-24 09:15 - 2014-03-24 09:15 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax

==================== One Month Modified Files and Folders =======

2014-04-14 21:00 - 2014-04-14 21:00 - 00020248 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 21:00 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-14 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:47 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 20:47 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 20:47 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:44 - 2014-04-14 11:52 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2014-04-14 20:44 - 2014-04-14 11:39 - 00000416 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-14 20:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 20:42 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 20:41 - 2014-04-14 11:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 20:41 - 2014-04-14 11:40 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 20:41 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 20:40 - 2014-04-14 11:43 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 20:40 - 2014-04-14 11:42 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 20:40 - 2014-04-14 11:41 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 20:40 - 2014-04-14 11:41 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 20:40 - 2014-04-14 11:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 20:40 - 2014-04-14 11:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 20:39 - 2014-04-14 11:42 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 20:39 - 2014-04-14 11:40 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 20:39 - 2014-04-14 11:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 20:39 - 2014-03-24 09:15 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:38 - 2012-11-08 01:17 - 00110194 _____ () C:\Windows\PFRO.log
2014-04-14 20:38 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 20:21 - 2014-04-14 11:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\systweak
2014-04-14 11:58 - 2014-04-14 11:43 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:45 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\newplayer
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SupTab
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\WPM
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-14 11:42 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:41 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:41 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:40 - 2014-04-14 11:39 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00003054 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-14 11:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-09 18:00 - 2014-03-24 09:16 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 12:57 - 2014-03-24 09:15 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 12:57 - 2014-03-24 09:15 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SpeedyPC Software
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\DriverCure
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-24 09:15 - 2014-03-24 09:15 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-15 12:47 - 2014-03-14 18:18 - 00000000 ____D () C:\Users\thea\AppData\Local\NETGEARGenie

Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-08 11:16

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by thea at 2014-04-14 21:00:38
Running from C:\Users\thea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowseMark (HKLM\...\BrowseMark) (Version: 2014.04.12.002348 - BrowseMark)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
NVIDIA Control Panel 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Restore Points  =========================

24-03-2014 11:21:41 Installed inSSIDer Home
31-03-2014 18:08:15 Geplanter Prüfpunkt
08-04-2014 09:17:30 Geplanter Prüfpunkt
10-04-2014 04:24:03 Garmin Express
13-04-2014 09:06:31 Windows Update
14-04-2014 09:40:39 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AB1B703-856F-43D0-B2E0-9BC5E96714F5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E2D4E92-39FB-41B6-BF18-498F3CA2873B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {21C9DAFE-3EE9-4978-AD02-980284B497B4} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-05] (SpeedyPC Software)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ADDFB58-547F-4443-8620-54432E7EC951} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-14] (Freeven)
Task: {42C9DA15-2966-40F3-A49F-E3DB9DF42431} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-05] (SpeedyPC Software)
Task: {44ACF686-2231-42B8-848C-C158DD98A8BC} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe [2014-04-14] (HQ-V-1.9)
Task: {460AFC69-E096-4DE9-9EFC-67475DE2A0AD} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-14] (Freeven)
Task: {47799C6E-4F3D-4B9A-85EF-1C66705A438B} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe [2014-04-14] () <==== ATTENTION
Task: {5DA3C27B-DB74-45CB-9046-254570CF8E98} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-14] () <==== ATTENTION
Task: {6ED17475-4099-4894-9859-21B5D92EEB95} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {785EF32D-B393-4D59-9948-F7EAF8DD40E7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-14] (Freeven)
Task: {7BE07481-CFE3-4B36-8374-DF70794DD56B} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe [2014-04-14] (HQ-V-1.9)
Task: {8D7F0D29-F1C6-44D8-8237-E6D260D36128} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8FCBC8F9-73C9-40FA-BE69-8A43FC028C26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-01] ()
Task: {92BD4CB1-0965-4E4B-A1A1-73BD866471EB} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-14] (Freeven)
Task: {9C39FAA7-B176-4A06-8E2A-4600AF642F12} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe [2014-04-14] (HQ-V-1.9)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE9ABCF3-C177-47AB-94DC-67FB14ACBD9C} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe [2014-04-14] (HQ-V-1.9)
Task: {BD2C1796-2413-4598-8600-667C9AC00B51} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-14] (Freeven)
Task: {BD2D78C9-DFCB-431C-957F-E02F0E3443AA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C3393D35-4545-4B7D-BB2D-A98FD60EC8A2} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1 => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe [2014-04-14] (HQ-V-1.9)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DD9C1D32-CD68-4125-AD7B-EB00D9EB1240} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {E354C038-3F43-4150-990A-27ED4AA515A9} - System32\Tasks\SpeedyPC Pro => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: {E92A7EFF-995E-4C42-AE31-0706F2C134CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB1789FB-53C3-4D98-AAF1-10BF1D7BBF96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

==================== Loaded Modules (whitelisted) =============

2012-11-29 15:30 - 2012-11-29 14:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-02-14 20:40 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-04-14 11:39 - 2014-04-14 11:39 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
2014-04-10 11:42 - 2014-04-10 11:42 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-04-14 11:39 - 2014-04-14 11:39 - 00141824 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
2012-11-08 23:07 - 2012-10-19 13:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-12 02:33 - 2014-04-12 02:33 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
2012-11-09 00:28 - 2012-10-22 19:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-29 15:30 - 2012-11-27 16:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2012-11-29 15:30 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2012-11-29 15:30 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-11-29 15:30 - 2012-08-08 19:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-04-14 20:44 - 2014-04-14 20:44 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
2013-02-14 18:36 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-14 11:39 - 2014-04-14 11:39 - 00133120 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll
2013-02-14 17:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-29 15:30 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-11-29 15:30 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2012-11-08 23:05 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-09 13:12 - 2014-03-09 13:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2012-11-15 13:13 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2014 08:25:19 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 293c

Startzeit: 01cf580d5f6d9fb4

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: 172b3b40-c402-11e3-beec-6036dd22d31d

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2014 09:42:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000020
ID des fehlerhaften Prozesses: 0x7fc
Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0
Pfad der fehlerhaften Anwendung: CLMSServer.exe1
Pfad des fehlerhaften Moduls: CLMSServer.exe2
Berichtskennung: CLMSServer.exe3
Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5

Error: (04/09/2014 09:39:47 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2313

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2313

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 09:47:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109


System errors:
=============
Error: (04/14/2014 08:39:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/14/2014 08:39:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (04/13/2014 07:19:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (04/13/2014 07:19:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (04/12/2014 10:16:16 AM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/10/2014 06:25:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/09/2014 04:45:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht.

Error: (03/29/2014 00:31:27 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/29/2014 10:38:52 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: 1053defragsvcNicht verfügbar{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (03/29/2014 10:38:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Laufwerke optimieren" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053


Microsoft Office Sessions:
=========================
Error: (04/14/2014 08:25:19 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628293c01cf580d5f6d9fb40C:\Windows\Explorer.EXE172b3b40-c402-11e3-beec-6036dd22d31d

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594

Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/12/2014 09:42:33 AM) (Source: Application Error)(User: )
Description: CLMSServer.exe2.0.0.87314d9440c5unknown0.0.0.000000000c0000005000000207fc01cf55568e0b01a6C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exeunknown01729df7-c216-11e3-beeb-6036dd22d31d

Error: (04/09/2014 09:39:47 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2313

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2313

Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 09:47:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3977.02 MB
Available physical RAM: 1886.69 MB
Total Pagefile: 4681.02 MB
Available Pagefile: 2296.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:812.17 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-14 21:17:22
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000003f ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\thea\AppData\Local\Temp\pgtoypog.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                          000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                          000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                        000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                    000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                    000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                  000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                          000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                          000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!GradientFill + 690                                                                   000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!GradientFill + 698                                                                   000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246                                                                 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                        000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                        000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                      000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                              000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                              000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                            000007fc16861b32 4 bytes [86, 16, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                            000007fc16861b3a 4 bytes [86, 16, FC, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                            000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                            000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                          000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                          000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                          000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                    000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                    000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                  000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                             000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                             000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                           000007fc2139165a 4 bytes [39, 21, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                   000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text    C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                   000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                   000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                   000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                             000007fc21391532 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                             000007fc2139153a 4 bytes [39, 21, FC, 07]
.text    C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                           000007fc2139165a 4 bytes [39, 21, FC, 07]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [644:660]                                                                                                                    fffff960009555e8
Thread    [1764:1796]                                                                                                                                               00000000776a50a7
Thread    [1764:1804]                                                                                                                                               0000000076af8064
Thread    [1764:1828]                                                                                                                                               00000000749fc59c
Thread    [1764:1884]                                                                                                                                               00000000749fc59c
Thread    [1764:1888]                                                                                                                                               00000000749fc59c
Thread    [1764:1892]                                                                                                                                               00000000749fc59c
Thread    [1764:1912]                                                                                                                                               000000007490304c
Thread    [1764:2452]                                                                                                                                               0000000077694ba2
Thread    [1764:3824]                                                                                                                                               00000000776a50a7
Thread    [1764:3872]                                                                                                                                               00000000776a50a7
Thread    [1764:6792]                                                                                                                                               00000000776a50a7
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1688] (WPM Service/Cherished Technololgy LIMITED)(2  0000000001010000

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                      unknown MBR code

---- EOF - GMER 2.1 ----
         
Vielen Dank für die Hilfe
__________________

Alt 14.04.2014, 20:36   #4
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Du hast einiges an Adware gesammelt, aber das stellt kein Problem dar .



Schritt 1
Bitte deinstalliere folgende Programme:
  • BrowseMark
  • MyPC Backup
Gehe dafür auf:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Software
Windows Vista/7: Start -> Systemsteuerung -> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) -> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
und wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8).

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Starte noch einmal FRST.
  • Setze einen Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, wird zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt der Logfiles bitte hier in deinen Thread.



Poste folgende Logfiles in deiner nächsten Antwort:
  • AdwCleaner-Scan
  • JRT-Scan
  • FRST-Scan
__________________
Gruß,

Jonas

Alt 14.04.2014, 20:53   #5
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Code:
ATTFilter
# AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 21:42:02
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : thea - MANNI
# Gestartet von : C:\Users\thea\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : IePluginService
Dienst Gelöscht : NewPlayerUpdaterService
Dienst Gelöscht : Re-markit
Dienst Gelöscht : Wpm

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\thea\AppData\Local\NewPlayer
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit Update

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.14 1738.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1397504293&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1455f9dfae2c914cca845f82a7bc589e");

*************************

AdwCleaner[R0].txt - [10705 octets] - [14/04/2014 21:41:23]
AdwCleaner[S0].txt - [8314 octets] - [14/04/2014 21:42:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8374 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by thea on 14.04.2014 at 21:47:44,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\thea\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"



~~~ FireFox

Emptied folder: C:\Users\thea\AppData\Roaming\mozilla\firefox\profiles\7a2yq0mb.default\minidumps [56 files]



~~~ Event Viewer Logs were cleared
         




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2014 at 21:51:23,45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 14-04-2014 21:54:22
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]
FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 21:51 - 2014-04-14 21:51 - 00001150 _____ () C:\Users\thea\Desktop\JRT.txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00008518 _____ () C:\Users\thea\Desktop\AdwCleaner[S0].txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:17 - 2014-04-14 21:17 - 00010858 _____ () C:\Users\thea\Desktop\gmer.log
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 21:00 - 2014-04-14 21:54 - 00014186 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 21:00 - 2014-04-14 21:01 - 00022527 _____ () C:\Users\thea\Desktop\Addition.txt
2014-04-14 20:59 - 2014-04-14 21:54 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 21:45 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:42 - 2014-04-14 21:45 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 11:42 - 2014-04-14 21:45 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:41 - 2014-04-14 21:45 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 21:45 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:39 - 2014-04-14 21:45 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:15 - 2014-04-14 21:45 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax

==================== One Month Modified Files and Folders =======

2014-04-14 21:54 - 2014-04-14 21:00 - 00014186 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 21:54 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-14 21:54 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 21:51 - 2014-04-14 21:51 - 00001150 _____ () C:\Users\thea\Desktop\JRT.txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00008518 _____ () C:\Users\thea\Desktop\AdwCleaner[S0].txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:46 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 21:45 - 2014-04-14 11:43 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 21:45 - 2014-04-14 11:42 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 21:45 - 2014-04-14 11:42 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 21:45 - 2014-04-14 11:41 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 21:45 - 2014-04-14 11:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 21:45 - 2014-04-14 11:41 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 21:45 - 2014-04-14 11:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 21:45 - 2014-03-24 09:15 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-04-14 21:45 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 21:43 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:42 - 2012-11-08 01:17 - 00110764 _____ () C:\Windows\PFRO.log
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:17 - 2014-04-14 21:17 - 00010858 _____ () C:\Users\thea\Desktop\gmer.log
2014-04-14 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 21:01 - 2014-04-14 21:00 - 00022527 _____ () C:\Users\thea\Desktop\Addition.txt
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:47 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 20:47 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 20:47 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:38 - 2014-04-14 11:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 11:58 - 2014-04-14 11:43 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:41 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:41 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:40 - 2014-04-14 11:39 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-09 18:00 - 2014-03-24 09:16 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 12:57 - 2014-03-24 09:15 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 12:57 - 2014-03-24 09:15 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-15 12:47 - 2014-03-14 18:18 - 00000000 ____D () C:\Users\thea\AppData\Local\NETGEARGenie

Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-08 11:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by thea at 2014-04-14 21:54:46
Running from C:\Users\thea\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Control Panel 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

==================== Restore Points  =========================

24-03-2014 11:21:41 Installed inSSIDer Home
31-03-2014 18:08:15 Geplanter Prüfpunkt
08-04-2014 09:17:30 Geplanter Prüfpunkt
10-04-2014 04:24:03 Garmin Express
13-04-2014 09:06:31 Windows Update
14-04-2014 09:40:39 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AB1B703-856F-43D0-B2E0-9BC5E96714F5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E2D4E92-39FB-41B6-BF18-498F3CA2873B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {21C9DAFE-3EE9-4978-AD02-980284B497B4} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ADDFB58-547F-4443-8620-54432E7EC951} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-14] (Freeven)
Task: {42C9DA15-2966-40F3-A49F-E3DB9DF42431} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: {44ACF686-2231-42B8-848C-C158DD98A8BC} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe [2014-04-14] (HQ-V-1.9)
Task: {460AFC69-E096-4DE9-9EFC-67475DE2A0AD} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-14] (Freeven)
Task: {47799C6E-4F3D-4B9A-85EF-1C66705A438B} - \Re-markit Update ATTENTION ====> No Task File
Task: {5DA3C27B-DB74-45CB-9046-254570CF8E98} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-14] () <==== ATTENTION
Task: {6ED17475-4099-4894-9859-21B5D92EEB95} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {785EF32D-B393-4D59-9948-F7EAF8DD40E7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-14] (Freeven)
Task: {7BE07481-CFE3-4B36-8374-DF70794DD56B} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe [2014-04-14] (HQ-V-1.9)
Task: {8D7F0D29-F1C6-44D8-8237-E6D260D36128} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8FCBC8F9-73C9-40FA-BE69-8A43FC028C26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-01] ()
Task: {92BD4CB1-0965-4E4B-A1A1-73BD866471EB} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-14] (Freeven)
Task: {9C39FAA7-B176-4A06-8E2A-4600AF642F12} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe [2014-04-14] (HQ-V-1.9)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE9ABCF3-C177-47AB-94DC-67FB14ACBD9C} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe [2014-04-14] (HQ-V-1.9)
Task: {BD2C1796-2413-4598-8600-667C9AC00B51} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-14] (Freeven)
Task: {BD2D78C9-DFCB-431C-957F-E02F0E3443AA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C3393D35-4545-4B7D-BB2D-A98FD60EC8A2} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1 => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe [2014-04-14] (HQ-V-1.9)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DD9C1D32-CD68-4125-AD7B-EB00D9EB1240} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {E354C038-3F43-4150-990A-27ED4AA515A9} - System32\Tasks\SpeedyPC Pro => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: {E92A7EFF-995E-4C42-AE31-0706F2C134CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB1789FB-53C3-4D98-AAF1-10BF1D7BBF96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe

==================== Loaded Modules (whitelisted) =============

2012-11-29 15:30 - 2012-11-29 14:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-02-14 20:40 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-11-08 23:07 - 2012-10-19 13:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-11-29 15:30 - 2012-11-27 16:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2014-04-14 11:39 - 2014-04-14 11:39 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
2012-11-29 15:30 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2012-11-29 15:30 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-11-29 15:30 - 2012-08-08 19:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2012-11-09 00:28 - 2012-10-22 19:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-14 18:36 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-29 15:30 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-11-29 15:30 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2012-11-08 23:05 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-09 13:12 - 2014-03-09 13:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2012-11-15 13:13 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-14 17:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 39%
Total physical RAM: 3977.02 MB
Available physical RAM: 2413.25 MB
Total Pagefile: 8073.02 MB
Available Pagefile: 6324.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:808.14 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)

Partition: GPT Partition Type.

==================== End Of Log ============================
         


Geändert von Manni3105 (14.04.2014 um 21:00 Uhr) Grund: FRST Addition erst vergessen anzuklicken

Alt 14.04.2014, 20:55   #6
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Additions.txt fehlt noch .
__________________
--> Lästige Werbung im Browser nach Update von Firefox

Geändert von sunjojo (14.04.2014 um 21:12 Uhr)

Alt 14.04.2014, 21:01   #7
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



habe ich noch hinzugefügt. ist das ok?

Werbung ist bisher weg.

Alt 14.04.2014, 21:13   #8
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Zitat:
habe ich noch hinzugefügt. ist das ok?
Klar .


Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
C:\Program Files (x86)\Re-markit-soft
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]
FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 21:45 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:42 - 2014-04-14 21:45 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 11:42 - 2014-04-14 21:45 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:41 - 2014-04-14 21:45 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 21:45 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:39 - 2014-04-14 21:45 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:15 - 2014-04-14 21:45 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, wird ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.

Gibt es noch weitere Probleme mit dem Rechner?



Poste folgende Logfiles in deiner nächsten Antwort:
  • FRST-Fix
  • MBAM-Scan
  • ESET-Scan
  • FRST-Scan
__________________
Gruß,

Jonas

Alt 15.04.2014, 19:50   #9
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=be7fbdb74ad4444fada2ad90ec6d9214
# engine=17886
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-15 06:20:33
# local_time=2014-04-15 08:20:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 2328106 46313349 0 0
# scanned=239763
# found=4
# cleaned=0
# scan_time=77706
sh=5A2788927EE1E67F9E945D10D562C4957A07BE34 ft=1 fh=c71c0011bb6d120b vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe"
sh=8F3CC22D25D4E8696CDB208D45EDD0CEB761FD3D ft=1 fh=ca1eee2075d2f7bd vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe"
sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe"
sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\Re-markit_2040-2082.exe"

Alt 15.04.2014, 20:10   #10
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Fehlen noch die anderen Logfiles .
__________________
Gruß,

Jonas

Alt 15.04.2014, 20:35   #11
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 15-04-2014 21:14:50
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 21:14 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:59 - 2014-04-15 21:14 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax

==================== One Month Modified Files and Folders =======

2014-04-15 21:15 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-15 21:14 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-15 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 22:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:40 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:39 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 22:37 - 2012-11-08 01:17 - 00114378 _____ () C:\Windows\PFRO.log
2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-14 22:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-08 11:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---



FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 15-04-2014 21:14:50
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-15 21:14 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:59 - 2014-04-15 21:14 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax

==================== One Month Modified Files and Folders =======

2014-04-15 21:15 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-15 21:14 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-15 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 22:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:40 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:39 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 22:37 - 2012-11-08 01:17 - 00114378 _____ () C:\Windows\PFRO.log
2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-14 22:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-08 11:16

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 15.04.2014, 22:59   #12
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Du hast mir zweimal das neue FRST Logfile gepostet. Es fehlen noch das Logfile vom FRST Fix (Schritt 1) und Malwarebytes Anti Malware (Schritt 2). Wenn ich die habe, gehts weiter .
__________________
Gruß,

Jonas

Alt 17.04.2014, 19:00   #13
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Ohhh Sorry hab mit Hilfe geholt, jetzt kommen die Posts

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 14.04.2014
Suchlauf-Zeit: 22:36:26
Logdatei:  Malwarebytes Anti-Malware .txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.04.14.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: thea

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 280281
Verstrichene Zeit: 14 Min, 24 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 3
PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, In Quarantäne, [6898758bff0134cc853ebbb0837f827e], 
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [b14fd0301ce4fe02f1d46b00d82a56aa], 
PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-1122175865-1022530374-3628578816-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [738d7c8404fc45bb35903b302dd5ec14], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 13
PUP.Optional.DomaIQ, C:\Users\thea\AppData\Local\Temp\s61f5sVN.exe.part, In Quarantäne, [8b751ee20cf406fa103e88b767994fb1], 
PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\ICReinstall_nsr4DD8.tmp, In Quarantäne, [3ec26997916fe11fc6eb1b506e93619f], 
PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\nsnAE4F.tmp, In Quarantäne, [758bae5237c9c838bdf44b2046bbd62a], 
PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\nsr4DD8.tmp, In Quarantäne, [06fa7a8621dfce32cfe2363598698080], 
Backdoor.Bot, C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\android.exe, In Quarantäne, [5ea22fd1f808b34d17b35313d92822de], 
PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\lly_webssearches.exe, In Quarantäne, [3dc3ea160cf409f70b883f115fa25aa6], 
Backdoor.Bot, C:\Users\thea\AppData\Local\Temp\android\android.exe, In Quarantäne, [87796c946a96cf31408a2c3af30eae52], 
PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\alilog.dll, In Quarantäne, [6e921be5d42c0bf55eb4949e60a0a957], 
PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\package1.zip, In Quarantäne, [f50b8779cd33857bd53d1f134eb2f30d], 
PUP.Optional.IePluginService.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\tmp\SupTab.exe, In Quarantäne, [55ab738dd729b14ffcb7e56bd829af51], 
PUP.Optional.WpManager, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\tmp\wpm.exe, In Quarantäne, [41bff9076f9180805aaebf9ce8198977], 
PUP.Optional.RegCleanPro, C:\Users\thea\AppData\Local\Temp\is45637729\59619153_stp\rcpsetup_adppi15_adppi15.exe, In Quarantäne, [1ee279876997966aa2e72f0515eb17e9], 
PUP.Optional.DomaIQ, C:\Users\thea\Downloads\Setup.exe, In Quarantäne, [19e735cbf8089b65be90c17e7987e020], 

Physische Sektoren: 0
(No malicious items detected)


(end)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=be7fbdb74ad4444fada2ad90ec6d9214
# engine=17916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-16 09:42:33
# local_time=2014-04-16 11:42:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 2426626 46411869 0 0
# scanned=239796
# found=4
# cleaned=0
# scan_time=11842
sh=5A2788927EE1E67F9E945D10D562C4957A07BE34 ft=1 fh=c71c0011bb6d120b vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe"
sh=8F3CC22D25D4E8696CDB208D45EDD0CEB761FD3D ft=1 fh=ca1eee2075d2f7bd vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe"
sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe"
sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\Re-markit_2040-2082.exe"
         

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by thea (administrator) on MANNI on 17-04-2014 19:54:19
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-17 19:54 - 2014-04-17 19:54 - 00000000 ____D () C:\Users\thea\Desktop\FRST-OlderVersion
2014-04-17 07:09 - 2014-04-16 23:42 - 00001524 _____ () C:\Users\thea\Desktop\ESET.txt
2014-04-16 20:23 - 2014-04-16 20:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-15 21:14 - 2014-04-17 19:54 - 00012527 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:59 - 2014-04-17 19:54 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-17 19:54 - 02158592 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax

==================== One Month Modified Files and Folders =======

2014-04-17 19:54 - 2014-04-17 19:54 - 00000000 ____D () C:\Users\thea\Desktop\FRST-OlderVersion
2014-04-17 19:54 - 2014-04-15 21:14 - 00012527 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-17 19:54 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-17 19:54 - 2014-04-14 20:58 - 02158592 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-17 19:50 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-17 19:50 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-17 19:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 19:48 - 2012-11-08 01:17 - 00114918 _____ () C:\Windows\PFRO.log
2014-04-17 19:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-17 14:45 - 2013-02-14 17:37 - 01774156 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 06:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-16 23:42 - 2014-04-17 07:09 - 00001524 _____ () C:\Users\thea\Desktop\ESET.txt
2014-04-16 22:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-16 20:23 - 2014-04-16 20:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-15 21:46 - 2013-02-14 17:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-17 03:01

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 18.04.2014, 13:11   #14
sunjojo
/// Malwareteam
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Wenn du keine Probleme mehr hast, sind wir fertig .



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF NewTab: chrome://quick_start/content/index.html
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Updates
Internet Explorer 11
  • Lade dir bitte den Internet Explorer 11 herunter und installiere diesen. Auch wenn du den Internet Explorer nicht primär verwenden solltest, ist es trotzdem wichtig, diesen aktuell zu halten.

Cleanup
Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps).
Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> Software
Windows Vista/7: Start --> Systemsteuerung --> Anzeige (oben-rechts) auf Kategorie stellen (falls nicht voreingestellt) --> Programme deinstallieren (Unterpunkt von Programme)
Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> Programme deinstallieren (Unterpunkt von Programme)
Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .




Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen

Welcher Antivirenscanner ist der beste?
  • Die Antwort auf die Frage ist im Grunde einfach: keiner. Es gibt keinen Antivirenscanner, der immer alle Schädlinge sofort erkennt und dich 100%ig schützt. Alles vom Menschen geschaffene ist fehlerhaft und es ist ratsam, sich nur begrenzt darauf zu verlassen. Das heißt nicht, dass die Verwendung eines Antivirenprogramms keinen Sinn macht, aber es sollte als zusätzliche Hilfe angesehen werden. Die Hauptverantwortung liegt bei dir und deinem Verhalten im Internet selbst.
  • Benutze nur einen Antivirenscanner/Hintergrundwächter, niemals zwei oder mehrere. Diese könnten sich gegenseitig blockieren und dir mehr schaden, als helfen. Achte darauf, dass immer die neuesten Updates heruntergeladen werden. Ein veralteter Antivirenscanner ist nutzlos!
  • Außerdem kannst du dein Betriebssystem mit On-Demand Sannern überprüfen. Solche Scanner laufen nicht permanent im Hintergrund, sondern scannen nur "auf Knopfdruck" dein System. Damit holst du dir eine zweite Meinung ein. Gute On-Demand Scanner, die auch wir zur Kontrolle benutzen, sind Malwarebytes Anti Malware und der ESET Online Scanner.
    • Malwarebytes Anti-Malware (Anleitung zur Verwendung) ist eines der besten und zuverlässigsten Programme in der Malwareentfernung. Scanne dein System einmal pro Woche oder einmal in zwei Wochen.
    • Der ESET Online Scanner (Anleitnung zur Verwendung) ist kostenlos und scannt dein System und deine Dateien sehr gründlich. Deswegen kann der Scan bei vielen Dateien mehrere Stunden dauern. Scanne dein System nach deinem eigenem Ermessen. Falls schädliche Dateien gefunden werden, handle nicht eigenmächtig!
Aber Updates muss ich immer installieren, oder?
  • Die Aktualität von Software ist sehr wichtig und unbedingt notwendig. Veraltete Programme stellen Schwachstellen dar, die sich Angreifer gerne zur Nutze machen. Daher ist es wichtig, immer die neueste Version der jeweiligen Software installiert zu haben. Dies fängt beim Betriebssystem an. Du solltest das neueste Service Pack installiert und automatische Updates eingeschaltet haben.
    Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
    Windows 8: Suchen --> "Systemsteuerung" in das Suchfeld eingeben --> Systemsteuerung auswählen --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Häufig werden Sicherheitslücken von älteren Java Versionen, dem Flash-Player und PDF-Reader ausgenutzt. Du kannst hier überprüfen, ob diese häufig missbrauchte Software aktuell ist: PluginCheck
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
  • Mit dem richtigen Verhalten im Internet fängt der Schutz vor Infektionen an. Es gibt inzwischen viele virtuelle Betrugsversuche oder Tricks zum Täuschen, sowie im echten Leben. Um sich dort zu schützen, hast du bestimmte Angewohnheiten. Diese können auf das Surfverhalten übertragen werden. Zur Verdeutlichung stelle ich dir einen kleinen Vergleich zum Leben her:

    Verhalten im LebenVerhalten im Internet
    Du überprüfst vorher die Läden, in denen du einkaufst.Klicke nicht auf alle Seiten/Werbungen/PopUps, weil diese bunt sind oder tolle Preise versprechen.
    Du achtest auf die Qualität, wenn du Produkte kaufst.Lade dir Programme nur von original Herstellerseiten herunter und nicht von Softonic oder ähnlichem. Diese birgen häufig die Gefahr, sich zusätzlich Adware herunterzuladen.
    Du öffnest keine Briefe oder Pakete ohne zu gucken, von wem diese sind.Öffne nur Anhänge von Emails, wenn der Absender bekannt ist. Überprüfe, ob zum Beispiel eine Rechnung im Anhang wirklich von der Firma versendet wurde. Häufig werden gefälschte Emails mit schädlichem Anhang verschickt!

    Handle mit Bedacht und überlege zuerst, bevor du etwas anklickst, herunterlädst oder öffnest!
  • Vermeide das Besuchen von pornographischen, Pokerspiel oder weiteren dubiosen Webseiten. Diese birgen ein besonders großes Infektionsrisiko.
Welche Programme sollte ich nicht verwenden?
  • Wenn du neue Software installierst, besteht häufig die Auswahl, eine weitere Toolbar (oder ähnliches) zu installieren. Entferne generell den Haken bei optionalen Zusatzprogrammen. Diese verlangsamen in der Regel deinen Browser und können ein erhöhtes Infektionsrisiko bedeuten.
  • Registry Cleaner versprechen meist einen großen Performancegewinn, wenn verwaiste Einträge in der Regsitry entfernt werden. Dieser angebliche Gewinn ist kaum bis gar nicht bemerkbar. Außerdem wird häufig verschwiegen, dass falsche Änderungen der Registry zu schwerwiegenden Folgen führen können. Deswegen sollte so wenig wie möglich an der Registry verändert werden. Zerstörst du die Registry, zerstörst du Windows!
  • Filesharing oder Peer-to-Peer Programme ermöglichen es, Dateien mit anderen Nutzern auszutauschen. Es ist möglich, dass du dir eine infizierte Datei herunterlädst (auch versteckt in angeblich legalen Versionen von bekannten Programmen). Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art von Software mit äußerster Vorsicht oder gar nicht benutzt werden.
    • Lade dir vor allem keine Cracks (illegale Version einer Software) herunter. Das ist rechtlich nicht erlaubt und du kannst dafür bestraft werden. Außerdem ist bei solcher Software das Infektionsrisiko am höchsten, da Cracks sehr häufig versteckte Malware enthalten.
Gibt es noch weitere Tipps, um mich zu schützen?
  • Achte auf die Endung von Dateien, die dir zugesendet wurden. Häufig versuchen Malwareschreiber mit Tricks wie Rechnung.pdf.exe dich zu täuschen. Wenn die Dateiendung ausgeblendet wird, bleibt Rechnung.pdf übrig, was den Anschein einer normalen PDF-Datei macht. Lass dir daher bekannte Dateiendung anzeigen (Anleitung: http://www.trojaner-board.de/59624-a...-sichtbar.html)
  • Surfe mit einem Konto mit eingeschränkten Rechten. Durch Administratorrechte kann Malware ohne Probleme zahlreiche Änderungen am System vornehmen, zum Beispiel Sicherheitseinstellungen verändern oder auf Systemdateien zugreifen.
  • Verwende nicht immer das gleiche Passwort. Falls dein Passwort durch entsprechende Malware herausgefunden wird, könnte auf alle Konten von dir zugegriffen werden.
  • Lege in regelmäßigen Abständen Backups (Was sind Backups?) von deinem System an. Dadurch ist ein Datenverlust durch Malware oder Hardwareschäden verkraftbar und es ist vergleichsweise einfach, den Rechner auf den Stand des letzten Backups zu bringen. Damit du deine Daten nicht manuell sichern musst, gibt es Backup-Programme wie Paragon Backup & Recovery.
  • Deaktiviere das Autorun-Feature von Windows. Dies ermöglicht, dass zum Beispiel CDs, DVDs oder Programme auf USB-Sticks alleine starten. Häufig nutzen Malwareschreiber genau diese Funktion aus. In solchen Fällen befindet sich Malware auf dem USB-Stick und wird automatisch beim Anschließen an den Computer ausgeführt. Um das zu verhinden, deaktiviere die Autorun-Funktion: http://www.trojaner-board.de/83238-a...sschalten.html.
Wenn dich das Thema Computersicherheit interessiert und du noch mehr Tipps und Tricks zum Schutz deines Rechners haben willst, ist der Emsisoft Blog genau richtig für dich .


Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .

Ich wünsche dir eine schöne und malwarefreie Zeit .
__________________
Gruß,

Jonas

Alt 19.04.2014, 19:36   #15
Manni3105
 
Lästige Werbung im Browser nach Update von Firefox - Standard

Lästige Werbung im Browser nach Update von Firefox



Ich habe soweit keine Probleme mehr! Vi....elen Dank und schöne Ostertage!

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014
Ran by thea at 2014-04-19 20:34:49 Run:2
Running from C:\Users\thea\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
FF NewTab: chrome://quick_start/content/index.html
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
         
*****************

Firefox newtab deleted successfully.
C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.

==== End of Fixlog ====
         

Antwort

Themen zu Lästige Werbung im Browser nach Update von Firefox
aktualisieren, aufforderung, befolgt, benötige, beseitigung, browser, firefox, lästige, programme, treffer, update, werbung, werbung im browser



Ähnliche Themen: Lästige Werbung im Browser nach Update von Firefox


  1. Wörter blau und doppelt unterstrichen + Werbung + Java Update und der Browser ka..t total ab
    Log-Analyse und Auswertung - 14.11.2014 (15)
  2. Firefox: Softcoup-Werbung + Aufforderung zum Java-Update
    Log-Analyse und Auswertung - 12.11.2014 (7)
  3. Win7 Firefox: Irrtümlich dubioser Aufforderung zum Browser-Update gefolgt (browserupdated.com)
    Log-Analyse und Auswertung - 07.11.2014 (12)
  4. Rechner vollig langsam ,Browser Firefox öffnet ständig Werbung
    Plagegeister aller Art und deren Bekämpfung - 30.10.2014 (11)
  5. Unerwünschte Werbung mit neuen Tab im browser (Firefox und explorer)
    Log-Analyse und Auswertung - 03.10.2014 (11)
  6. Lästige Werbung
    Plagegeister aller Art und deren Bekämpfung - 03.09.2014 (14)
  7. Firefox - Problem mit selbstständig öffnenden Seiten, Werbung, Hinweise zum Update
    Plagegeister aller Art und deren Bekämpfung - 29.07.2014 (16)
  8. Lästige Werbung im Browser bekomm ich nicht gelöscht
    Plagegeister aller Art und deren Bekämpfung - 14.07.2014 (6)
  9. Firefox...Nach Download ständig Popp-Up mit Werbung und "Warnung vor einem Virus,Update des Players"
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (27)
  10. nach firefox update nur noch werbung und popups manchmal auch abstürze!!
    Plagegeister aller Art und deren Bekämpfung - 18.03.2014 (20)
  11. Veralteter Browser Erkannt: http://www.browse-update.net/Firefox-DE/
    Plagegeister aller Art und deren Bekämpfung - 03.01.2014 (14)
  12. Firefox/Win7 – übermäßige Werbung (Pseudo-Links und WerbeFenster) nach Firefox-Update
    Log-Analyse und Auswertung - 12.12.2013 (9)
  13. Windows 7: Daily Deal Werbung im Browser (FireFox)
    Log-Analyse und Auswertung - 05.12.2013 (7)
  14. Windows 7: Im Firefox Browser mit Werbung überschüttet
    Log-Analyse und Auswertung - 22.10.2013 (15)
  15. Nach WIN und Firefox Update ruckeln im Firefox und verschwundene Emails
    Log-Analyse und Auswertung - 08.01.2013 (28)
  16. Werbung im Firefox Browser
    Log-Analyse und Auswertung - 16.03.2009 (2)
  17. FireFox Öffnet neuen browser mit werbung
    Mülltonne - 07.10.2008 (0)

Zum Thema Lästige Werbung im Browser nach Update von Firefox - Hallo ich benötige Hilfe. Ich habe die Aufforderung Firefox zu aktualisieren befolgt und habe diese angeklickt. Es wurden verschiedenste Programme gleichzeit gedownloadet. Diese habe ich deinstalliert. Beim Öffnen des Firefox-Browsers - Lästige Werbung im Browser nach Update von Firefox...
Archiv
Du betrachtest: Lästige Werbung im Browser nach Update von Firefox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.