| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lästige Werbung im Browser nach Update von FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.04.2014, 19:55
| #1 |
| |  Lästige Werbung im Browser nach Update von Firefox Hallo ich benötige Hilfe. Ich habe die Aufforderung Firefox zu aktualisieren befolgt und habe diese angeklickt. Es wurden verschiedenste Programme gleichzeit gedownloadet. Diese habe ich deinstalliert. Beim Öffnen des Firefox-Browsers popt nun ständig Werbung auf. Können Sie mir bei der Beseitigung behilflich sein. Avira ergab keine Treffer. |
|
14.04.2014, 20:15
| #2 |
| /// Malwareteam   | Lästige Werbung im Browser nach Update von Firefox Hallo Manni3105,
__________________ mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweis
 Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ |
|
14.04.2014, 20:23
| #3 |
| | Lästige Werbung im Browser nach Update von FirefoxCode:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:57 on 14/04/2014 (thea)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 14-04-2014 21:00:00
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\Program Files (x86)\SupTab\SearchProtect64.dll [102512 2014-04-02] (Skytech Co., Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => C:\Program Files (x86)\SupTab\SearchProtect32.dll [91248 2014-04-02] (Skytech Co., Ltd.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397468412&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793&q={searchTerms}
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: HQ-V-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-bho64.dll (HQ-V-1.9)
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO-x32: HQ-V-Pro-1.9 - {11111111-1111-1111-1111-110511311172} - C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-bho.dll (HQ-V-1.9)
BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: BrowseMark - {aeac172e-2e4b-4b92-9af6-b0cdb1acecdb} - C:\Program Files (x86)\BrowseMark\BrowseMarkbho.dll (BrowseMark)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF user.js: detected! => C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\user.js
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]
FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]
FF Extension: Quick Start - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\quick_start@gmail.com [2014-04-14]
FF Extension: BrowseMark - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\{b99c8534-7800-48fa-bd71-519a46cdc7e1}.xpi [2014-04-12]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\extensions\quick_start@gmail.com [2014-04-14]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 NewPlayerUpdaterService; C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-04-10] ()
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe [141824 2014-04-14] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
R2 Update BrowseMark; C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe [350496 2014-04-12] ()
R2 Util BrowseMark; C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe [350496 2014-04-14] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-14] (Cherished Technololgy LIMITED)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-14 21:00 - 2014-04-14 21:00 - 00020248 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 20:59 - 2014-04-14 21:00 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:52 - 2014-04-14 20:44 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2014-04-14 11:52 - 2014-04-14 20:21 - 00000000 ____D () C:\Users\thea\AppData\Roaming\systweak
2014-04-14 11:52 - 2014-01-21 17:28 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 20:40 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\newplayer
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:42 - 2014-04-14 20:40 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 11:42 - 2014-04-14 20:39 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 11:42 - 2014-04-14 11:45 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SupTab
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\WPM
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-14 11:41 - 2014-04-14 20:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 11:41 - 2014-04-14 20:40 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 11:41 - 2014-04-14 20:40 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:41 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 20:41 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 11:40 - 2014-04-14 20:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 11:40 - 2014-04-14 20:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 11:40 - 2014-04-14 20:39 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:39 - 2014-04-14 20:44 - 00000416 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-14 11:39 - 2014-04-14 20:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00003054 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SpeedyPC Software
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\DriverCure
2014-03-24 09:15 - 2014-04-14 20:39 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-24 09:15 - 2014-03-24 09:15 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
==================== One Month Modified Files and Folders =======
2014-04-14 21:00 - 2014-04-14 21:00 - 00020248 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 21:00 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-14 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:47 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 20:47 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 20:47 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:44 - 2014-04-14 11:52 - 00000000 ____D () C:\Program Files (x86)\BrowseMark
2014-04-14 20:44 - 2014-04-14 11:39 - 00000416 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-14 20:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 20:42 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 20:41 - 2014-04-14 11:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 20:41 - 2014-04-14 11:40 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 20:41 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 20:40 - 2014-04-14 11:43 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 20:40 - 2014-04-14 11:42 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 20:40 - 2014-04-14 11:41 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 20:40 - 2014-04-14 11:41 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 20:40 - 2014-04-14 11:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 20:40 - 2014-04-14 11:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 20:39 - 2014-04-14 11:42 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 20:39 - 2014-04-14 11:40 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 20:39 - 2014-04-14 11:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 20:39 - 2014-03-24 09:15 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:38 - 2012-11-08 01:17 - 00110194 _____ () C:\Windows\PFRO.log
2014-04-14 20:38 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 20:21 - 2014-04-14 11:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\systweak
2014-04-14 11:58 - 2014-04-14 11:43 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:45 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\newplayer
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SupTab
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\ProgramData\WPM
2014-04-14 11:42 - 2014-04-14 11:42 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-14 11:42 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\NewPlayer
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:41 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:41 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:40 - 2014-04-14 11:39 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00003054 _____ () C:\Windows\System32\Tasks\Re-markit Update
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-14 11:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-09 18:00 - 2014-03-24 09:16 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 12:57 - 2014-03-24 09:15 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 12:57 - 2014-03-24 09:15 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\SpeedyPC Software
2014-03-24 09:16 - 2014-03-24 09:16 - 00000000 ____D () C:\Users\thea\AppData\Roaming\DriverCure
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-24 09:15 - 2014-03-24 09:15 - 00000000 ____D () C:\ProgramData\SpeedyPC Software
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-15 12:47 - 2014-03-14 18:18 - 00000000 ____D () C:\Users\thea\AppData\Local\NETGEARGenie
Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-08 11:16
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by thea at 2014-04-14 21:00:38
Running from C:\Users\thea\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowseMark (HKLM\...\BrowseMark) (Version: 2014.04.12.002348 - BrowseMark)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
NVIDIA Control Panel 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Restore Points =========================
24-03-2014 11:21:41 Installed inSSIDer Home
31-03-2014 18:08:15 Geplanter Prüfpunkt
08-04-2014 09:17:30 Geplanter Prüfpunkt
10-04-2014 04:24:03 Garmin Express
13-04-2014 09:06:31 Windows Update
14-04-2014 09:40:39 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0AB1B703-856F-43D0-B2E0-9BC5E96714F5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E2D4E92-39FB-41B6-BF18-498F3CA2873B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {21C9DAFE-3EE9-4978-AD02-980284B497B4} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-05] (SpeedyPC Software)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ADDFB58-547F-4443-8620-54432E7EC951} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-14] (Freeven)
Task: {42C9DA15-2966-40F3-A49F-E3DB9DF42431} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2013-03-05] (SpeedyPC Software)
Task: {44ACF686-2231-42B8-848C-C158DD98A8BC} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe [2014-04-14] (HQ-V-1.9)
Task: {460AFC69-E096-4DE9-9EFC-67475DE2A0AD} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-14] (Freeven)
Task: {47799C6E-4F3D-4B9A-85EF-1C66705A438B} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe [2014-04-14] () <==== ATTENTION
Task: {5DA3C27B-DB74-45CB-9046-254570CF8E98} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-14] () <==== ATTENTION
Task: {6ED17475-4099-4894-9859-21B5D92EEB95} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {785EF32D-B393-4D59-9948-F7EAF8DD40E7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-14] (Freeven)
Task: {7BE07481-CFE3-4B36-8374-DF70794DD56B} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe [2014-04-14] (HQ-V-1.9)
Task: {8D7F0D29-F1C6-44D8-8237-E6D260D36128} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8FCBC8F9-73C9-40FA-BE69-8A43FC028C26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-01] ()
Task: {92BD4CB1-0965-4E4B-A1A1-73BD866471EB} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-14] (Freeven)
Task: {9C39FAA7-B176-4A06-8E2A-4600AF642F12} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe [2014-04-14] (HQ-V-1.9)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE9ABCF3-C177-47AB-94DC-67FB14ACBD9C} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe [2014-04-14] (HQ-V-1.9)
Task: {BD2C1796-2413-4598-8600-667C9AC00B51} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-14] (Freeven)
Task: {BD2D78C9-DFCB-431C-957F-E02F0E3443AA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C3393D35-4545-4B7D-BB2D-A98FD60EC8A2} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1 => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe [2014-04-14] (HQ-V-1.9)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DD9C1D32-CD68-4125-AD7B-EB00D9EB1240} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {E354C038-3F43-4150-990A-27ED4AA515A9} - System32\Tasks\SpeedyPC Pro => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: {E92A7EFF-995E-4C42-AE31-0706F2C134CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB1789FB-53C3-4D98-AAF1-10BF1D7BBF96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe <==== ATTENTION
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
==================== Loaded Modules (whitelisted) =============
2012-11-29 15:30 - 2012-11-29 14:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-02-14 20:40 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2014-04-14 11:39 - 2014-04-14 11:39 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
2014-04-10 11:42 - 2014-04-10 11:42 - 00011776 _____ () C:\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe
2014-04-14 11:39 - 2014-04-14 11:39 - 00141824 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
2012-11-08 23:07 - 2012-10-19 13:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-04-12 02:33 - 2014-04-12 02:33 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\updateBrowseMark.exe
2012-11-09 00:28 - 2012-10-22 19:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-11-29 15:30 - 2012-11-27 16:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2012-11-29 15:30 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2012-11-29 15:30 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-11-29 15:30 - 2012-08-08 19:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2014-04-14 20:44 - 2014-04-14 20:44 - 00350496 _____ () C:\Program Files (x86)\BrowseMark\bin\utilBrowseMark.exe
2013-02-14 18:36 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-14 11:39 - 2014-04-14 11:39 - 00133120 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.dll
2013-02-14 17:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-11-29 15:30 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-11-29 15:30 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2012-11-08 23:05 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-09 13:12 - 2014-03-09 13:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2012-11-15 13:13 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/14/2014 08:25:19 PM) (Source: Application Hang) (User: )
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 293c
Startzeit: 01cf580d5f6d9fb4
Endzeit: 0
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 172b3b40-c402-11e3-beec-6036dd22d31d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594
Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594
Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2014 09:42:33 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: CLMSServer.exe, Version: 2.0.0.8731, Zeitstempel: 0x4d9440c5
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000020
ID des fehlerhaften Prozesses: 0x7fc
Startzeit der fehlerhaften Anwendung: 0xCLMSServer.exe0
Pfad der fehlerhaften Anwendung: CLMSServer.exe1
Pfad des fehlerhaften Moduls: CLMSServer.exe2
Berichtskennung: CLMSServer.exe3
Vollständiger Name des fehlerhaften Pakets: CLMSServer.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CLMSServer.exe5
Error: (04/09/2014 09:39:47 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2313
Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2313
Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 09:47:32 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
System errors:
=============
Error: (04/14/2014 08:39:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/14/2014 08:39:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (04/13/2014 07:19:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/13/2014 07:19:24 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.
Error: (04/12/2014 10:16:16 AM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (04/10/2014 06:25:26 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (04/09/2014 04:45:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Garmin Core Update Service erreicht.
Error: (03/29/2014 00:31:27 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 10 MS Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/29/2014 10:38:52 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: 1053defragsvcNicht verfügbar{D20A3293-3341-4AE8-9AAF-8E397CB63C34}
Error: (03/29/2014 10:38:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Laufwerke optimieren" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (04/14/2014 08:25:19 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.2.9200.16628293c01cf580d5f6d9fb40C:\Windows\Explorer.EXE172b3b40-c402-11e3-beec-6036dd22d31d
Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15594
Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15594
Error: (04/13/2014 11:40:00 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/12/2014 09:42:33 AM) (Source: Application Error)(User: )
Description: CLMSServer.exe2.0.0.87314d9440c5unknown0.0.0.000000000c0000005000000207fc01cf55568e0b01a6C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exeunknown01729df7-c216-11e3-beeb-6036dd22d31d
Error: (04/09/2014 09:39:47 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2313
Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2313
Error: (04/07/2014 09:47:33 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (04/07/2014 09:47:32 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 3977.02 MB
Available physical RAM: 1886.69 MB
Total Pagefile: 4681.02 MB
Available Pagefile: 2296.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:812.17 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-14 21:17:22
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000003f ST1000LM024_HN-M101MBB rev.2AR10001 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\thea\AppData\Local\Temp\pgtoypog.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1156] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\nvvsvc.exe[1168] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\WLANExt.exe[1428] C:\Windows\system32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fc16861b32 4 bytes [86, 16, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2220] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fc16861b3a 4 bytes [86, 16, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3124] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[3236] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe[3556] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fc24af177a 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fc24af1782 4 bytes [AF, 24, FC, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fc21391532 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fc2139153a 4 bytes [39, 21, FC, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[2328] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fc2139165a 4 bytes [39, 21, FC, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [644:660] fffff960009555e8
Thread [1764:1796] 00000000776a50a7
Thread [1764:1804] 0000000076af8064
Thread [1764:1828] 00000000749fc59c
Thread [1764:1884] 00000000749fc59c
Thread [1764:1888] 00000000749fc59c
Thread [1764:1892] 00000000749fc59c
Thread [1764:1912] 000000007490304c
Thread [1764:2452] 0000000077694ba2
Thread [1764:3824] 00000000776a50a7
Thread [1764:3872] 00000000776a50a7
Thread [1764:6792] 00000000776a50a7
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WPM\wprotectmanager.exe (*** suspicious ***) @ C:\ProgramData\WPM\wprotectmanager.exe [1688] (WPM Service/Cherished Technololgy LIMITED)(2 0000000001010000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
14.04.2014, 20:36
| #4 |
| /// Malwareteam | Lästige Werbung im Browser nach Update von Firefox Du hast einiges an Adware gesammelt, aber das stellt kein Problem dar .Schritt 1 Bitte deinstalliere folgende Programme:
Windows XP: Start -> Systemsteuerung -> Kategorieansicht auswählen (falls nicht voreingestellt) -> Softwareund wähle die angegeben Programme aus. Drücke Entfernen (Windows XP) oder Deinstallieren (Windows Vista/7/8). Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 4 Starte noch einmal FRST.
Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
14.04.2014, 20:53
| #5 |
| | Lästige Werbung im Browser nach Update von FirefoxCode:
ATTFilter # AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 21:42:02
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : thea - MANNI
# Gestartet von : C:\Users\thea\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : IePluginService
Dienst Gelöscht : NewPlayerUpdaterService
Dienst Gelöscht : Re-markit
Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\NewPlayer
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Users\thea\AppData\Local\NewPlayer
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\DriverCure
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\user.js
Datei Gelöscht : C:\Windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\Re-markit Update
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEDIONhome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Welcome.lnk
Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\thea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.14 1738.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hppp&ts=1397504293&from=tugs&uid=ST1000LM024XHN-M101MBB_S2U5J9CCB45793");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1455f9dfae2c914cca845f82a7bc589e");
*************************
AdwCleaner[R0].txt - [10705 octets] - [14/04/2014 21:41:23]
AdwCleaner[S0].txt - [8314 octets] - [14/04/2014 21:42:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8374 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by thea on 14.04.2014 at 21:47:44,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\speedypc software
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\speedypc software
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\thea\AppData\Roaming\speedypc software"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\speedypc software"
~~~ FireFox
Emptied folder: C:\Users\thea\AppData\Roaming\mozilla\firefox\profiles\7a2yq0mb.default\minidumps [56 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.04.2014 at 21:51:23,45 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 14-04-2014 21:54:22
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]
FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-14 21:51 - 2014-04-14 21:51 - 00001150 _____ () C:\Users\thea\Desktop\JRT.txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00008518 _____ () C:\Users\thea\Desktop\AdwCleaner[S0].txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:17 - 2014-04-14 21:17 - 00010858 _____ () C:\Users\thea\Desktop\gmer.log
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 21:00 - 2014-04-14 21:54 - 00014186 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 21:00 - 2014-04-14 21:01 - 00022527 _____ () C:\Users\thea\Desktop\Addition.txt
2014-04-14 20:59 - 2014-04-14 21:54 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 21:45 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:42 - 2014-04-14 21:45 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 11:42 - 2014-04-14 21:45 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:41 - 2014-04-14 21:45 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 21:45 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:39 - 2014-04-14 21:45 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:15 - 2014-04-14 21:45 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
==================== One Month Modified Files and Folders =======
2014-04-14 21:54 - 2014-04-14 21:00 - 00014186 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 21:54 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-14 21:54 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 21:51 - 2014-04-14 21:51 - 00001150 _____ () C:\Users\thea\Desktop\JRT.txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00008518 _____ () C:\Users\thea\Desktop\AdwCleaner[S0].txt
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:46 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 21:45 - 2014-04-14 11:43 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 21:45 - 2014-04-14 11:42 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 21:45 - 2014-04-14 11:42 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 21:45 - 2014-04-14 11:41 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 21:45 - 2014-04-14 11:41 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 21:45 - 2014-04-14 11:41 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 21:45 - 2014-04-14 11:40 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 21:45 - 2014-04-14 11:39 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 21:45 - 2014-03-24 09:15 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-04-14 21:45 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 21:43 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:42 - 2012-11-08 01:17 - 00110764 _____ () C:\Windows\PFRO.log
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:17 - 2014-04-14 21:17 - 00010858 _____ () C:\Users\thea\Desktop\gmer.log
2014-04-14 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 21:01 - 2014-04-14 21:00 - 00022527 _____ () C:\Users\thea\Desktop\Addition.txt
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000470 _____ () C:\Users\thea\Desktop\defogger_disable.log
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:47 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-14 20:47 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-14 20:47 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 20:38 - 2014-04-14 11:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 20:38 - 2014-04-14 11:44 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 11:58 - 2014-04-14 11:43 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:43 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:41 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:41 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:40 - 2014-04-14 11:39 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-04-14 11:39 - 2014-04-14 11:39 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-14 11:38 - 2014-04-14 11:38 - 00634288 _____ () C:\Users\thea\Downloads\Setup.exe
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-09 18:00 - 2014-03-24 09:16 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 12:57 - 2014-03-24 09:15 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 12:57 - 2014-03-24 09:15 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-15 12:47 - 2014-03-14 18:18 - 00000000 ____D () C:\Users\thea\AppData\Local\NETGEARGenie
Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-08 11:16
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-04-2014
Ran by thea at 2014-04-14 21:54:46
Running from C:\Users\thea\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden
CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}) (Version: 2.6.1210.0278 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
NVIDIA Control Panel 307.17 (Version: 307.17 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.17 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.10.8 (Version: 1.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.16.0 - Synaptics Incorporated)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
==================== Restore Points =========================
24-03-2014 11:21:41 Installed inSSIDer Home
31-03-2014 18:08:15 Geplanter Prüfpunkt
08-04-2014 09:17:30 Geplanter Prüfpunkt
10-04-2014 04:24:03 Garmin Express
13-04-2014 09:06:31 Windows Update
14-04-2014 09:40:39 Uniblue SpeedUpMyPC installation
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0AB1B703-856F-43D0-B2E0-9BC5E96714F5} - System32\Tasks\SpeedyPC Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll" RunUns
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1E2D4E92-39FB-41B6-BF18-498F3CA2873B} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-09-21] (Synaptics Incorporated)
Task: {21C9DAFE-3EE9-4978-AD02-980284B497B4} - System32\Tasks\SpeedyPC Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2ADDFB58-547F-4443-8620-54432E7EC951} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe [2014-04-14] (Freeven)
Task: {42C9DA15-2966-40F3-A49F-E3DB9DF42431} - System32\Tasks\SpeedyPC Update Version3 => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: {44ACF686-2231-42B8-848C-C158DD98A8BC} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe [2014-04-14] (HQ-V-1.9)
Task: {460AFC69-E096-4DE9-9EFC-67475DE2A0AD} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe [2014-04-14] (Freeven)
Task: {47799C6E-4F3D-4B9A-85EF-1C66705A438B} - \Re-markit Update ATTENTION ====> No Task File
Task: {5DA3C27B-DB74-45CB-9046-254570CF8E98} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-14] () <==== ATTENTION
Task: {6ED17475-4099-4894-9859-21B5D92EEB95} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {785EF32D-B393-4D59-9948-F7EAF8DD40E7} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-14] (Freeven)
Task: {7BE07481-CFE3-4B36-8374-DF70794DD56B} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe [2014-04-14] (HQ-V-1.9)
Task: {8D7F0D29-F1C6-44D8-8237-E6D260D36128} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8FCBC8F9-73C9-40FA-BE69-8A43FC028C26} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-04-01] ()
Task: {92BD4CB1-0965-4E4B-A1A1-73BD866471EB} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe [2014-04-14] (Freeven)
Task: {9C39FAA7-B176-4A06-8E2A-4600AF642F12} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe [2014-04-14] (HQ-V-1.9)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AE9ABCF3-C177-47AB-94DC-67FB14ACBD9C} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4 => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe [2014-04-14] (HQ-V-1.9)
Task: {BD2C1796-2413-4598-8600-667C9AC00B51} - System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5 => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe [2014-04-14] (Freeven)
Task: {BD2D78C9-DFCB-431C-957F-E02F0E3443AA} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {C3393D35-4545-4B7D-BB2D-A98FD60EC8A2} - System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1 => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe [2014-04-14] (HQ-V-1.9)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D3683CA8-EAF2-462E-80C5-9F9CB8017C96} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DD9C1D32-CD68-4125-AD7B-EB00D9EB1240} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {E354C038-3F43-4150-990A-27ED4AA515A9} - System32\Tasks\SpeedyPC Pro => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: {E92A7EFF-995E-4C42-AE31-0706F2C134CF} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB1789FB-53C3-4D98-AAF1-10BF1D7BBF96} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job => C:\Program Files (x86)\HQ-V-Pro-1.9\HQ-V-Pro-1.9-codedownloader.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-2.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-3.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-4.exe
Task: C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job => C:\Program Files (x86)\HQ-V-Pro-1.9\0646f96d-e73e-48bf-9ca9-58255af83235-5.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.exe
Task: C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job => C:\Program Files (x86)\MediaPlayerplus\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedyPC Pro.job => C:\Users\thea\SpeedyPC\SpeedyPC.exe
Task: C:\Windows\Tasks\SpeedyPC Registration3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
Task: C:\Windows\Tasks\SpeedyPC Update Version3.job => C:\Program Files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe
==================== Loaded Modules (whitelisted) =============
2012-11-29 15:30 - 2012-11-29 14:53 - 00805888 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-02-14 20:40 - 2010-06-17 21:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2012-11-08 23:07 - 2012-10-19 13:27 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2012-11-29 15:30 - 2012-11-27 16:18 - 02215424 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2012-11-29 15:30 - 2010-01-12 18:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2014-04-14 11:39 - 2014-04-14 11:39 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
2012-11-29 15:30 - 2010-12-17 15:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2012-11-29 15:30 - 2012-10-23 19:07 - 03471872 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2012-11-29 15:30 - 2012-08-08 19:10 - 07536128 _____ () C:\Program Files (x86)\PHotkey\GPMTray.exe
2012-11-09 00:28 - 2012-10-22 19:39 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-02-14 18:36 - 2012-12-18 10:31 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-29 15:30 - 2009-12-18 16:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2012-11-29 15:30 - 2009-12-18 16:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2012-11-08 23:05 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-03-09 13:12 - 2014-03-09 13:12 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll
2012-11-15 13:13 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-14 17:53 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3977.02 MB
Available physical RAM: 2413.25 MB
Total Pagefile: 8073.02 MB
Available Pagefile: 6324.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Boot) (Fixed) (Total:869.8 GB) (Free:808.14 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3E99AF5C)
Partition: GPT Partition Type.
==================== End Of Log ============================
Geändert von Manni3105 (14.04.2014 um 21:00 Uhr) Grund: FRST Addition erst vergessen anzuklicken |
|
14.04.2014, 20:55
| #6 |
| /// Malwareteam | Lästige Werbung im Browser nach Update von Firefox Additions.txt fehlt noch .
__________________ --> Lästige Werbung im Browser nach Update von Firefox Geändert von sunjojo (14.04.2014 um 21:12 Uhr) |
|
14.04.2014, 21:01
| #7 |
| | Lästige Werbung im Browser nach Update von Firefox habe ich noch hinzugefügt. ist das ok? Werbung ist bisher weg. |
|
14.04.2014, 21:13
| #8 | |
| /// Malwareteam | Lästige Werbung im Browser nach Update von FirefoxZitat:
.Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
C:\Program Files (x86)\Re-markit-soft
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~1.DLL => "C:\PROGRA~2\SupTab\SEARCH~1.DLL" File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: webssearches
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF Extension: MediaPlayerplus - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-14]
FF Extension: HQ-V-Pro-1.9 - C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-14]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-14]2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:44 - 2014-04-14 20:38 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-14 11:44 - 2014-04-14 20:38 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-14 11:44 - 2014-04-14 11:44 - 00002808 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-14 11:44 - 2014-04-14 11:44 - 00002806 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-14 11:43 - 2014-04-14 21:45 - 00001536 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5.job
2014-04-14 11:43 - 2014-04-14 11:58 - 00000318 _____ () C:\Users\thea\AppData\Roaming\aps.uninstall.scan.results
2014-04-14 11:43 - 2014-04-14 11:43 - 00004540 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-5
2014-04-14 11:43 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\thea\AppData\Local\com
2014-04-14 11:42 - 2014-04-14 21:45 - 00001450 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1.job
2014-04-14 11:42 - 2014-04-14 21:45 - 00001434 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2.job
2014-04-14 11:42 - 2014-04-14 11:42 - 00004454 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-1
2014-04-14 11:42 - 2014-04-14 11:42 - 00004438 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-2
2014-04-14 11:41 - 2014-04-14 21:45 - 00003134 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00002228 _____ () C:\Windows\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4.job
2014-04-14 11:41 - 2014-04-14 21:45 - 00001472 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5.job
2014-04-14 11:41 - 2014-04-14 11:43 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-14 11:41 - 2014-04-14 11:41 - 00006138 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-3
2014-04-14 11:41 - 2014-04-14 11:41 - 00005232 _____ () C:\Windows\System32\Tasks\3d8c097a-d75d-43d1-aa88-eb4ad99df514-4
2014-04-14 11:41 - 2014-04-14 11:41 - 00004476 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-5
2014-04-14 11:41 - 2014-04-14 11:40 - 01097384 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\nsfFA5C.tmp
2014-04-14 11:40 - 2014-04-14 21:45 - 00002782 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00002380 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001382 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1.job
2014-04-14 11:40 - 2014-04-14 21:45 - 00001376 _____ () C:\Windows\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2.job
2014-04-14 11:40 - 2014-04-14 11:41 - 00004380 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-2
2014-04-14 11:40 - 2014-04-14 11:41 - 00000000 ____D () C:\Program Files (x86)\HQ-V-Pro-1.9
2014-04-14 11:40 - 2014-04-14 11:40 - 00005786 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-3
2014-04-14 11:40 - 2014-04-14 11:40 - 00005384 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-4
2014-04-14 11:40 - 2014-04-14 11:40 - 00004386 _____ () C:\Windows\System32\Tasks\0646f96d-e73e-48bf-9ca9-58255af83235-1
2014-04-14 11:39 - 2014-04-14 21:45 - 00000406 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-14 11:39 - 2014-04-14 11:40 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-14 11:39 - 2014-04-14 11:39 - 00002984 _____ () C:\Windows\System32\Tasks\Re-markit_wd
2014-03-24 09:16 - 2014-04-09 18:00 - 00000502 _____ () C:\Windows\Tasks\SpeedyPC Registration3.job
2014-03-24 09:16 - 2014-03-24 09:16 - 00003144 _____ () C:\Windows\System32\Tasks\SpeedyPC Registration3
2014-03-24 09:15 - 2014-04-14 21:45 - 00000526 _____ () C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000474 _____ () C:\Windows\Tasks\SpeedyPC Update Version3.job
2014-03-24 09:15 - 2014-03-24 12:57 - 00000322 _____ () C:\Windows\Tasks\SpeedyPC Pro.job
2014-03-24 09:15 - 2014-03-24 09:15 - 00003262 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3
2014-03-24 09:15 - 2014-03-24 09:15 - 00003220 _____ () C:\Windows\System32\Tasks\SpeedyPC Pro
2014-03-24 09:15 - 2014-03-24 09:15 - 00002930 _____ () C:\Windows\System32\Tasks\SpeedyPC Update Version3 Startup Task
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
Gibt es noch weitere Probleme mit dem Rechner? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
15.04.2014, 19:50
| #9 |
| | Lästige Werbung im Browser nach Update von Firefox ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=be7fbdb74ad4444fada2ad90ec6d9214 # engine=17886 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-15 06:20:33 # local_time=2014-04-15 08:20:33 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776574 100 94 2328106 46313349 0 0 # scanned=239763 # found=4 # cleaned=0 # scan_time=77706 sh=5A2788927EE1E67F9E945D10D562C4957A07BE34 ft=1 fh=c71c0011bb6d120b vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe" sh=8F3CC22D25D4E8696CDB208D45EDD0CEB761FD3D ft=1 fh=ca1eee2075d2f7bd vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe" sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe" sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\Re-markit_2040-2082.exe" |
|
15.04.2014, 20:10
| #10 |
| /// Malwareteam | Lästige Werbung im Browser nach Update von Firefox Fehlen noch die anderen Logfiles .
__________________ Gruß, Jonas |
|
15.04.2014, 20:35
| #11 |
| | Lästige Werbung im Browser nach Update von Firefox FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 15-04-2014 21:14:50
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-15 21:14 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:59 - 2014-04-15 21:14 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
==================== One Month Modified Files and Folders =======
2014-04-15 21:15 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-15 21:14 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-15 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 22:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:40 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:39 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 22:37 - 2012-11-08 01:17 - 00114378 _____ () C:\Windows\PFRO.log
2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-14 22:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-08 11:16
==================== End Of Log ============================
--- --- --- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2014
Ran by thea (administrator) on MANNI on 15-04-2014 21:14:50
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Lenovo) C:\Program Files (x86)\Lenovo\LenovoQuickLaunch\LenovoQuickLaunch.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [172144 2012-12-14] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe [399984 2012-12-14] (Intel Corporation)
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe [441968 2012-12-14] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-15 21:14 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:59 - 2014-04-15 21:14 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
==================== One Month Modified Files and Folders =======
2014-04-15 21:15 - 2014-04-15 21:14 - 00012923 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-15 21:14 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-15 21:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-15 21:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 22:44 - 2013-02-14 17:45 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:40 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:39 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-14 22:37 - 2012-11-08 01:17 - 00114378 _____ () C:\Windows\PFRO.log
2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-14 22:37 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:58 - 2014-04-14 20:58 - 02054144 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 20:27 - 2013-02-14 17:37 - 01524958 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-01 20:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 23:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-08 11:16
==================== End Of Log ============================
--- --- --- |
|
15.04.2014, 22:59
| #12 |
| /// Malwareteam | Lästige Werbung im Browser nach Update von Firefox Du hast mir zweimal das neue FRST Logfile gepostet. Es fehlen noch das Logfile vom FRST Fix (Schritt 1) und Malwarebytes Anti Malware (Schritt 2). Wenn ich die habe, gehts weiter .
__________________ Gruß, Jonas |
|
17.04.2014, 19:00
| #13 |
| | Lästige Werbung im Browser nach Update von Firefox Ohhh Sorry hab mit Hilfe geholt, jetzt kommen die Posts Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.04.2014 Suchlauf-Zeit: 22:36:26 Logdatei: Malwarebytes Anti-Malware .txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.14.07 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 8 CPU: x64 Dateisystem: NTFS Benutzer: thea Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 280281 Verstrichene Zeit: 14 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.MediaPlayerplus.A, HKLM\SOFTWARE\WOW6432NODE\MediaPlayerplus, In Quarantäne, [6898758bff0134cc853ebbb0837f827e], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [b14fd0301ce4fe02f1d46b00d82a56aa], PUP.Optional.MediaPlayerplus.A, HKU\S-1-5-21-1122175865-1022530374-3628578816-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MediaPlayerplus, In Quarantäne, [738d7c8404fc45bb35903b302dd5ec14], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 13 PUP.Optional.DomaIQ, C:\Users\thea\AppData\Local\Temp\s61f5sVN.exe.part, In Quarantäne, [8b751ee20cf406fa103e88b767994fb1], PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\ICReinstall_nsr4DD8.tmp, In Quarantäne, [3ec26997916fe11fc6eb1b506e93619f], PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\nsnAE4F.tmp, In Quarantäne, [758bae5237c9c838bdf44b2046bbd62a], PUP.Optional.InstallCore.A, C:\Users\thea\AppData\Local\Temp\nsr4DD8.tmp, In Quarantäne, [06fa7a8621dfce32cfe2363598698080], Backdoor.Bot, C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\android.exe, In Quarantäne, [5ea22fd1f808b34d17b35313d92822de], PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\lly_webssearches.exe, In Quarantäne, [3dc3ea160cf409f70b883f115fa25aa6], Backdoor.Bot, C:\Users\thea\AppData\Local\Temp\android\android.exe, In Quarantäne, [87796c946a96cf31408a2c3af30eae52], PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\alilog.dll, In Quarantäne, [6e921be5d42c0bf55eb4949e60a0a957], PUP.Optional.SkyTech.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\package1.zip, In Quarantäne, [f50b8779cd33857bd53d1f134eb2f30d], PUP.Optional.IePluginService.A, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\tmp\SupTab.exe, In Quarantäne, [55ab738dd729b14ffcb7e56bd829af51], PUP.Optional.WpManager, C:\Users\thea\AppData\Local\Temp\fullpackage_temp1397468390\tmp\wpm.exe, In Quarantäne, [41bff9076f9180805aaebf9ce8198977], PUP.Optional.RegCleanPro, C:\Users\thea\AppData\Local\Temp\is45637729\59619153_stp\rcpsetup_adppi15_adppi15.exe, In Quarantäne, [1ee279876997966aa2e72f0515eb17e9], PUP.Optional.DomaIQ, C:\Users\thea\Downloads\Setup.exe, In Quarantäne, [19e735cbf8089b65be90c17e7987e020], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=be7fbdb74ad4444fada2ad90ec6d9214
# engine=17916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-16 09:42:33
# local_time=2014-04-16 11:42:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 2426626 46411869 0 0
# scanned=239796
# found=4
# cleaned=0
# scan_time=11842
sh=5A2788927EE1E67F9E945D10D562C4957A07BE34 ft=1 fh=c71c0011bb6d120b vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe"
sh=8F3CC22D25D4E8696CDB208D45EDD0CEB761FD3D ft=1 fh=ca1eee2075d2f7bd vn="a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe"
sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\Re-markit-soft\Uninstall.exe"
sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\thea\AppData\Local\Temp\2047e576-cd52-41fd-9414-83f82c36dd8b\software\Re-markit_2040-2082.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014
Ran by thea (administrator) on MANNI on 17-04-2014 19:54:19
Running from C:\Users\thea\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\ATouch64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\PHotkey\POSD.exe
() C:\Program Files (x86)\PHotkey\GPMTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11582848 2012-09-30] (Motorola Solutions, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2930488 2012-09-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [FreePDF Assistant] => C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-01-10] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [118104 2014-04-01] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {6adf425d-966a-11e3-bee0-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a5693-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
HKU\S-1-5-21-1122175865-1022530374-3628578816-1002\...\MountPoints2: {fc8a57a0-934c-11e3-bedf-6036dd22d31d} - "F:\setup_vmc_lite.exe" /checkApplicationPresence
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {4D918CC8-062F-4856-9DF3-86FE05773D24} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\thea\AppData\Roaming\Mozilla\Firefox\Profiles\7a2yq0mb.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-22] (Avira Operations GmbH & Co. KG)
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [431960 2014-04-01] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [805888 2012-11-29] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132480 2012-10-01] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-10] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-03-14] (CACE Technologies, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-09-21] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-21] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-17 19:54 - 2014-04-17 19:54 - 00000000 ____D () C:\Users\thea\Desktop\FRST-OlderVersion
2014-04-17 07:09 - 2014-04-16 23:42 - 00001524 _____ () C:\Users\thea\Desktop\ESET.txt
2014-04-16 20:23 - 2014-04-16 20:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-15 21:14 - 2014-04-17 19:54 - 00012527 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:20 - 2014-04-14 22:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 22:20 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-14 22:20 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-14 22:20 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:41 - 2014-04-14 21:42 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:59 - 2014-04-17 19:54 - 00000000 ____D () C:\FRST
2014-04-14 20:58 - 2014-04-17 19:54 - 02158592 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:22 - 2014-04-13 20:11 - 00000426 _____ () C:\AVScanner.ini
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-14 11:39 - 2014-04-14 22:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 10:43 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-13 10:43 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-13 10:43 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-13 10:43 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-13 10:43 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-13 10:43 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-13 10:43 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-13 10:43 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-13 10:43 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-13 10:43 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-13 10:43 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-13 10:43 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 18:51 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-12 18:51 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-12 18:51 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-12 18:51 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-12 18:51 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-12 18:51 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-12 18:51 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-12 18:51 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-12 18:51 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-12 18:51 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-12 18:51 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-12 18:51 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-12 18:51 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-12 18:51 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-12 18:51 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-12 18:51 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-09 08:55 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 08:55 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 08:55 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-08 19:04 - 2014-04-08 19:05 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:24 - 2014-04-07 08:30 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:19 - 2014-03-24 13:20 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:10 - 2014-03-22 08:11 - 00000000 ____D () C:\Users\thea\Documents\Fax
==================== One Month Modified Files and Folders =======
2014-04-17 19:54 - 2014-04-17 19:54 - 00000000 ____D () C:\Users\thea\Desktop\FRST-OlderVersion
2014-04-17 19:54 - 2014-04-15 21:14 - 00012527 _____ () C:\Users\thea\Desktop\FRST.txt
2014-04-17 19:54 - 2014-04-14 20:59 - 00000000 ____D () C:\FRST
2014-04-17 19:54 - 2014-04-14 20:58 - 02158592 _____ (Farbar) C:\Users\thea\Desktop\FRST64.exe
2014-04-17 19:50 - 2013-07-13 07:27 - 00000000 ____D () C:\Users\thea\Documents\Youcam
2014-04-17 19:50 - 2013-04-28 13:09 - 00000000 ____D () C:\Users\thea\AppData\Local\FreePDF_XP
2014-04-17 19:49 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 19:48 - 2012-11-08 01:17 - 00114918 _____ () C:\Windows\PFRO.log
2014-04-17 19:11 - 2013-02-14 19:20 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 19:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-17 14:45 - 2013-02-14 17:37 - 01774156 _____ () C:\Windows\WindowsUpdate.log
2014-04-17 06:05 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-16 23:42 - 2014-04-17 07:09 - 00001524 _____ () C:\Users\thea\Desktop\ESET.txt
2014-04-16 22:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-16 20:23 - 2014-04-16 20:23 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-04-15 21:46 - 2013-02-14 17:45 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1122175865-1022530374-3628578816-1002
2014-04-15 05:23 - 2012-11-08 02:01 - 00754172 _____ () C:\Windows\system32\perfh007.dat
2014-04-15 05:23 - 2012-11-08 02:01 - 00156362 _____ () C:\Windows\system32\perfc007.dat
2014-04-15 05:23 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 22:40 - 2014-04-14 22:40 - 00003483 _____ () C:\Users\thea\Desktop\ Malwarebytes Anti-Malware .txt
2014-04-14 22:39 - 2014-04-14 22:20 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 22:37 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-14 22:20 - 2014-04-14 22:20 - 02347384 _____ (ESET) C:\Users\thea\Desktop\esetsmartinstaller_enu.exe
2014-04-14 22:20 - 2014-04-14 22:20 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-14 22:20 - 2014-04-14 22:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-04-14 22:18 - 2014-04-14 22:18 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\thea\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-14 22:16 - 2014-04-14 11:39 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-14 22:15 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-14 21:47 - 2014-04-14 21:47 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 21:42 - 2014-04-14 21:41 - 00000000 ____D () C:\AdwCleaner
2014-04-14 21:40 - 2014-04-14 21:40 - 01016261 _____ (Thisisu) C:\Users\thea\Desktop\JRT.exe
2014-04-14 21:39 - 2014-04-14 21:39 - 01426178 _____ () C:\Users\thea\Desktop\adwcleaner.exe
2014-04-14 21:38 - 2014-04-14 21:38 - 00000000 ___RD () C:\Users\thea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 21:08 - 2014-04-14 21:08 - 00294072 _____ () C:\Windows\Minidump\041414-23796-01.dmp
2014-04-14 21:08 - 2013-03-22 19:19 - 688096000 _____ () C:\Windows\MEMORY.DMP
2014-04-14 21:08 - 2013-03-22 19:19 - 00000000 ____D () C:\Windows\Minidump
2014-04-14 21:01 - 2014-04-14 21:01 - 00380416 _____ () C:\Users\thea\Downloads\Gmer-19357.exe
2014-04-14 20:57 - 2014-04-14 20:57 - 00000000 _____ () C:\Users\thea\defogger_reenable
2014-04-14 20:57 - 2013-02-14 17:37 - 00000000 ____D () C:\Users\thea
2014-04-14 20:56 - 2014-04-14 20:56 - 00050477 _____ () C:\Users\thea\Desktop\Defogger.exe
2014-04-14 20:38 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-14 11:39 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-13 20:31 - 2013-02-14 20:57 - 00000000 ____D () C:\Users\thea\Documents\Finanzamt Manni
2014-04-13 20:26 - 2013-02-14 17:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-13 20:24 - 2014-04-13 20:24 - 25454040 _____ (Mozilla) C:\Users\thea\Downloads\WEB.DE_Firefox_Setup.exe
2014-04-13 20:11 - 2014-04-14 20:22 - 00000426 _____ () C:\AVScanner.ini
2014-04-13 19:23 - 2014-04-13 19:23 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-13 19:23 - 2013-02-15 16:41 - 00000000 ____D () C:\Users\thea\AppData\Local\Adobe
2014-04-13 19:23 - 2013-02-14 19:20 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-13 19:15 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-11 23:13 - 2014-04-14 11:51 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
2014-04-11 09:19 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-10 18:51 - 2013-07-31 12:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 18:48 - 2012-11-08 21:48 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-10 06:27 - 2014-02-14 13:52 - 00000000 ____D () C:\Users\thea\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-04-10 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-04-10 06:26 - 2014-02-14 13:29 - 00000000 ____D () C:\ProgramData\Package Cache
2014-04-10 06:25 - 2014-03-12 10:47 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-04-10 06:25 - 2014-02-14 13:30 - 00001892 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\ProgramData\Garmin
2014-04-10 06:25 - 2014-02-14 13:30 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-04-08 19:05 - 2014-04-08 19:04 - 00000000 ____D () C:\Users\thea\Documents\CyberLink
2014-04-07 08:30 - 2014-04-07 08:24 - 00008192 _____ () C:\Users\thea\Documents\Gesamtkilometer 2013.xls
2014-04-03 09:51 - 2014-04-14 22:20 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-14 22:20 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-14 22:20 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 23:18 - 2013-11-15 18:40 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-11-15 18:40 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-29 10:31 - 2012-07-26 09:21 - 00041190 _____ () C:\Windows\setupact.log
2014-03-24 22:31 - 2013-02-14 20:52 - 00000000 ____D () C:\Users\thea\Documents\Sachtleben
2014-03-24 14:18 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-24 13:23 - 2014-03-24 13:23 - 00000000 ____D () C:\Users\thea\AppData\Local\MetaGeek,_LLC
2014-03-24 13:22 - 2014-03-24 13:22 - 00002443 _____ () C:\Users\Public\Desktop\inSSIDer Home.lnk
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\ne-NP
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\Modules
2014-03-24 13:22 - 2014-03-24 13:22 - 00000000 ____D () C:\Program Files (x86)\LocalNews
2014-03-24 13:20 - 2014-03-24 13:19 - 04767744 _____ () C:\Users\thea\Downloads\inSSIDer31-installer.msi
2014-03-24 12:57 - 2014-03-24 12:57 - 00335600 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-22 08:16 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-22 08:11 - 2014-03-22 08:10 - 00000000 ____D () C:\Users\thea\Documents\Fax
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-19 22:39 - 2013-04-30 19:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-19 22:38 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-19 22:37 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
Some content of TEMP:
====================
C:\Users\thea\AppData\Local\Temp\AskSLib.dll
C:\Users\thea\AppData\Local\Temp\avgnt.exe
C:\Users\thea\AppData\Local\Temp\BackupSetup.exe
C:\Users\thea\AppData\Local\Temp\COMAP.EXE
C:\Users\thea\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\thea\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-17 03:01
==================== End Of Log ============================
--- --- --- |
|
18.04.2014, 13:11
| #14 | ||||||||
| /// Malwareteam | Lästige Werbung im Browser nach Update von Firefox Wenn du keine Probleme mehr hast, sind wir fertig .Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF NewTab: chrome://quick_start/content/index.html
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Updates Internet Explorer 11
Cleanup Falls du Malwarebytes Anti-Malware und den ESET Online Scanner nicht mehr behalten möchtest, kannst du diese über die Systemsteuerung deinstallieren. Ich empfehle dir, mindestens ein Programm zu behalten (näheres in den Tipps). Windows XP: Start --> Systemsteuerung --> Kategorieansicht auswählen (falls nicht voreingestellt) --> SoftwareDie Reihenfolge ist hier entscheidend.
In deinen Logfiles sehe ich im Moment keine schädlichen Einträge mehr, du bist in meinen Augen Clean. Für die Zukunft habe ich dir Tipps aufgeschrieben, damit du uns in nächster Zeit nicht mehr brauchst .Tipps - Frequently Asked Questions (FAQ)/Häufig gestellte Fragen Welcher Antivirenscanner ist der beste?
Aber Updates muss ich immer installieren, oder?
Ok, muss ich auf etwas achten, wenn ich im Internet surfe?
Welche Programme sollte ich nicht verwenden?
Gibt es noch weitere Tipps, um mich zu schützen?
 .Wenn du die Arbeit des Trojaner-Boards unterstützen möchtest, kannst du gerne spenden .Ich wünsche dir eine schöne und malwarefreie Zeit  .
__________________ Gruß, Jonas |
|
19.04.2014, 19:36
| #15 |
| | Lästige Werbung im Browser nach Update von Firefox Ich habe soweit keine Probleme mehr! Vi....elen Dank und schöne Ostertage! Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-04-2014
Ran by thea at 2014-04-19 20:34:49 Run:2
Running from C:\Users\thea\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
FF NewTab: chrome://quick_start/content/index.html
2014-04-14 11:51 - 2014-04-11 23:13 - 01079839 _____ (AnyProtect.com) C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe
*****************
Firefox newtab deleted successfully.
C:\Users\thea\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
==== End of Fixlog ====
|
|
| Themen zu Lästige Werbung im Browser nach Update von Firefox |
| aktualisieren, aufforderung, befolgt, benötige, beseitigung, browser, firefox, lästige, programme, treffer, update, werbung, werbung im browser |
