Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
oh oh, wohl echt ggrr

oh oh, wohl echt ggrr


Plagegeister aller Art und deren Bekämpfung: oh oh, wohl echt ggrr

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 16.04.2014, 20:19   #1
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Hi ich brauche mal eure Hilfe...

ich habe mir wohl was eingefangen.. ich habe einige eurer Tips an andere hier bereits ausgeführt.. ich habe mir

bereits Adwcleaner bereits installiert und durchlaufen lassen..

ist auch einiges besser geworden.. das war der erste suchlauf

# AdwCleaner v3.023 - Bericht erstellt am 15/04/2014 um 10:41:20
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzername : SMCORDES - ASPIRE7730
# Gestartet von : C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : APNMCP
Dienst Gefunden : IePluginService
Dienst Gefunden : Wpm

***** [ Dateien / Ordner ] *****

Datei Gefunden : \END
Datei Gefunden : \END
Datei Gefunden : C:\END
Datei Gefunden : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\11-suche.xml
Datei Gefunden : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\Askcom.xml
Datei Gefunden : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\user.js
Ordner Gefunden : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\anttoolbar@ant.com
Ordner Gefunden : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\quick_start@gmail.com
Ordner Gefunden C:\Program Files (x86)\AskPartnerNetwork
Ordner Gefunden C:\Program Files (x86)\SupTab
Ordner Gefunden C:\ProgramData\apn
Ordner Gefunden C:\ProgramData\Ask
Ordner Gefunden C:\ProgramData\AskPartnerNetwork
Ordner Gefunden C:\ProgramData\IePluginService
Ordner Gefunden C:\ProgramData\WPM
Ordner Gefunden C:\Users\SMCORDES\AppData\Local\AskPartnerNetwork
Ordner Gefunden C:\Users\SMCORDES\AppData\Local\lollipop
Ordner Gefunden C:\Users\SMCORDES\AppData\Local\SearchProtect
Ordner Gefunden C:\Users\SMCORDES\AppData\Local\Temp\apn
Ordner Gefunden C:\Users\SMCORDES\AppData\Local\Tuguu_SL
Ordner Gefunden C:\Users\SMCORDES\AppData\Roaming\pdfforge
Ordner Gefunden C:\Users\SMCORDES\AppData\Roaming\SupTab
Ordner Gefunden C:\Users\SMCORDES\AppData\Roaming\webssearches

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AskPartnerNetwork
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\lollipop
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : [x64] HKCU\Software\AskPartnerNetwork
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\lollipop
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\Software\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0053172.BHO.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CrossriderApp0053172.Sandbox.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544314472}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gefunden : HKLM\Software\IePlugin
Schlüssel Gefunden : HKLM\Software\installedbrowserextensions
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gefunden : HKLM\Software\supTab
Schlüssel Gefunden : HKLM\Software\supWPM
Schlüssel Gefunden : HKLM\Software\Uniblue
Schlüssel Gefunden : HKLM\Software\webssearchesSoftware
Schlüssel Gefunden : HKLM\Software\Wpm
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511311172}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312272}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555315572}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566316672}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511311172}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16843

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX&q={searchTerms}
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://istart.webssearches.com/web/?type=ds&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX&q={searchTerms}
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://istart.webssearches.com/?type=hp&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://istart.webssearches.com/?type=hp&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX
Einstellung Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://istart.webssearches.com/web/?type=ds&ts=1396378923&from=tugs&uid=HitachiXHTS543232L9A300_080904FB0400LEGP176BX&q={searchTerms}

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\prefs.js ]

Zeile gefunden : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gefunden : user_pref("browser.search.order.1", "Ask.com");
Zeile gefunden : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gefunden : user_pref("extensions.crossrider.bic", "1451eae0f8800200ef4b1b6598ff0d7a");
Zeile gefunden : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

*************************

AdwCleaner[R0].txt - [12266 octets] - [15/04/2014 10:41:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12327 octets] ##########





übrig bleibt aber immer noch:


# AdwCleaner v3.023 - Bericht erstellt am 16/04/2014 um 20:54:53
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 8 Pro with Media Center (64 bits)
# Benutzername : SMCORDES - ASPIRE7730
# Gestartet von : C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.crossrider.bic", "145664465312f161154429f4faee2ddd");
Zeile gelöscht : user_pref("extensions.toolbar@ask.com.install-event-fired", true);

bin so leicht genervt..

bekomme auch ständig diese Nachrichten
da öffnet sich ein eigenes Fenster bei Firefox:

hxxp://rvzr-a.akamaihd.net/sd/dw32.html?u=http%3A%2F%2Fdlvr.readserver.net%2Fbp%3Fsection%3D2455%26type%3D2&p=OnlineBrowserAdvertising&a=&c=1700-1043&b=firefox&bv=28&t1=1397674964048&tt=1397674964048&r=www.trojaner-board.de&ua=3&n=apptv&sn=&mpa=0&mp=0

kann mir bitte jemand helfen???

Alt 16.04.2014, 20:29   #2
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 23.04.2014, 11:44   #3
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Hi.. Sorry das ich mich erst jetzt melde...

Aber mein kleiner Sohn hat mir einen Riss auf der Hornhaut im Auge beschert..
und ich durfte bis jetzt, bzw, darf eigentlich immer noch nicht an den PC...

und mein Mann kann leider noch weniger am PC als ich..

also bei dem addition kam dies raus:FRST Additions Logfile:
[CODE]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by SMCORDES at 2014-04-23 12:33:33
Running from C:\Users\SMCORDES\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version: - )
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Grafiktreiber 310.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 310.90 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.95.599 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 310.90 (Version: 310.90 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.4.12 - Synaptics Incorporated)
Windows Mobile Device Center Driver Update (HKLM\...\{92DBCA36-9B41-4DD1-941A-AED149DD37F0}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Restore Points =========================

01-04-2014 19:01:53 Uniblue SpeedUpMyPC installation
14-04-2014 14:07:25 Windows Update
22-04-2014 17:02:16 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3AB039E8-8EC8-4A1A-B22F-74C9DA527D52} - System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5 => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5.exe [2014-04-01] (High-QualityV9) <==== ATTENTION
Task: {57205ADC-117E-4E55-861B-D73BEAD420DE} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {58CABFF8-1594-44C7-8BA7-CCB5477B9B49} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {59E5254B-C5EE-4BA8-A320-330125BCE09A} - System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3 => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3.exe [2014-04-01] (High-QualityV9) <==== ATTENTION
Task: {62C2FF92-784C-478D-BF33-9B7EC2E514E4} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [2010-02-04] ()
Task: {6ACD67A8-40AD-45CF-BFAB-DEE4A51362F8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {742F202F-84A5-4B8D-92DC-C0064D31059E} - System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4 => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4.exe [2014-04-01] (High-QualityV9) <==== ATTENTION
Task: {859A4FFB-A16D-4EF0-BFB1-FA4F8D8D434E} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {95EBEA85-6DF3-40DD-963A-225918CD4141} - System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2 => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2.exe [2014-04-01] (High-QualityV9) <==== ATTENTION
Task: {A3238FF7-C7D1-407A-B2F8-B9E5BA46B5AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-15] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C4EB9726-0169-4A37-8246-ABBF9C8D2B21} - System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1 => C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe [2014-04-01] (High-QualityV9) <==== ATTENTION
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CEA4A2D8-EA69-4E15-8B38-CCCAE96E145E} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1.job => C:\Program Files (x86)\HQVid8.1\HQVid8.1-codedownloader.exe
Task: C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2.job => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2.exe
Task: C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3.job => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3.exe
Task: C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4.job => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4.exe
Task: C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5.job => C:\Program Files (x86)\HQVid8.1\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe

==================== Loaded Modules (whitelisted) =============

2013-01-20 18:24 - 2009-10-16 12:07 - 00186880 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdudrpp.dll
2013-10-01 19:33 - 2013-03-01 09:26 - 00085568 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2013-01-12 17:36 - 2013-01-12 17:38 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2013-01-13 08:23 - 2008-07-29 20:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2013-01-20 18:22 - 2010-02-04 06:10 - 00676520 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
2013-01-20 18:22 - 2010-02-04 06:10 - 00025256 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-01 19:34 - 2011-11-04 09:28 - 00260096 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\sqlite3.dll
2013-01-20 18:22 - 2010-02-04 05:28 - 00380928 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduscw.dll
2013-01-20 18:22 - 2009-10-16 11:53 - 00188416 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdudatr.dll
2013-01-20 18:22 - 2010-02-04 05:28 - 01036288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduDRS.dll
2013-01-20 18:22 - 2010-02-04 05:28 - 00081920 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducaps.dll
2013-01-20 18:22 - 2010-02-04 05:17 - 00069632 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\lxducnv4.dll
2013-01-20 18:22 - 2010-01-21 06:09 - 00028672 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2013-01-20 18:22 - 2010-01-21 06:09 - 00036864 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2013-01-20 18:22 - 2010-01-21 06:08 - 00065536 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2013-01-20 18:22 - 2008-03-25 04:53 - 00012288 _____ () C:\Program Files (x86)\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2014-03-19 18:48 - 2014-03-19 18:49 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-03-19 18:48 - 2014-03-19 18:49 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-19 18:48 - 2014-03-19 18:49 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-03-31 08:42 - 2014-03-31 08:42 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Nuvoton CIR Transceiver
Description: Nuvoton CIR Transceiver
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Nuvoton Technology Corporation
Service: nuvotoncir
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2014 06:11:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12636

Error: (04/22/2014 06:11:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12636

Error: (04/22/2014 06:11:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/18/2014 08:25:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1330642

Error: (04/18/2014 08:25:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1330642

Error: (04/18/2014 08:25:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/17/2014 07:11:42 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: Aspire7730)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/15/2014 06:30:55 PM) (Source: MsiInstaller) (User: Aspire7730)
Description: Produkt: Ask Shopping Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:

Mozilla Firefox

Error: (04/09/2014 11:21:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Aspire7730)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (04/08/2014 04:37:04 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12371


System errors:
=============
Error: (04/22/2014 09:39:32 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 10 Mal passiert.

Error: (04/22/2014 06:26:00 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 9 Mal passiert.

Error: (04/22/2014 06:11:41 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 8 Mal passiert.

Error: (04/21/2014 07:38:08 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 7 Mal passiert.

Error: (04/21/2014 06:27:49 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (04/18/2014 08:03:40 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 5 Mal passiert.

Error: (04/18/2014 08:29:01 AM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert.

Error: (04/18/2014 06:50:22 AM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.29
registriert werden. Der Computer mit IP-Adresse 192.168.178.25 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/17/2014 06:18:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.

Error: (04/17/2014 06:04:02 PM) (Source: Service Control Manager) (User: )
Description: Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (07/08/2013 08:57:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 232 seconds with 180 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 4090.87 MB
Available physical RAM: 2314.54 MB
Total Pagefile: 4794.87 MB
Available Pagefile: 2705.74 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.75 GB) (Free:203.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 0786FFA0)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)



==================== End Of Log ============================


beim FRST dies
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by SMCORDES (administrator) on ASPIRE7730 on 23-04-2014 12:32:43
Running from C:\Users\SMCORDES\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxduserv.exe
( ) C:\Windows\system32\lxducoms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe [347792 2011-12-23] (Expert System S.p.A.)
HKU\S-1-5-21-1189667614-2061807608-3763937058-1001\...\MountPoints2: {28a4d8be-5cbf-11e2-be65-806e6f6e6963} - "E:\start.exe" X
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FEF3C0B7A4DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKCU - {088971A6-36D7-4363-A2A5-4239962A40F4} URL = hxxp://www.search.ask.com/web?tpid=ORJ&o=100000027&pf=V7&p2=%5EU3%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.3.24&apn_uid=458BB0DB-0805-42B3-8737-1A80FF1F1843&apn_ptnrs=%5EU3&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ff_20.0.1&doi=2013-04-18&trgb=IE,FF&q={searchTerms}&psv=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://news.google.de/nwshp?hl=de&tab=wn
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HQVid8.1 - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\ee5ad154-f909-4cc0-aa51-d7e94e3fb0af@36204afd-f43e-4917-9c71-8384e2e4d3ad.com [2014-04-15]
FF Extension: Flashblock - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-18]
FF Extension: DownloadHelper - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-13]
FF Extension: Silvermel - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\silvermel@pardal.de.xpi [2013-01-13]
FF Extension: Silvermel and Charamel XT - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\silvermelxt@pardal.de.xpi [2013-01-13]
FF Extension: All-in-One Sidebar - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-01-13]
FF Extension: Adblock Plus - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-13]
FF Extension: Tab Mix Plus - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-13]

==================== Services (Whitelisted) =================

R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-03-01] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2013-03-11] (CyberLink)
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
S3 winbondcir; C:\Windows\system32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [130320 2013-03-11] (CyberLink Corp.)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-23 12:32 - 2014-04-23 12:33 - 00012581 _____ () C:\Users\SMCORDES\Desktop\FRST.txt
2014-04-23 12:32 - 2014-04-23 12:32 - 00000000 ____D () C:\FRST
2014-04-23 12:29 - 2014-04-23 12:29 - 02061312 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST64.exe
2014-04-23 12:29 - 2014-04-23 12:29 - 01048064 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST.exe
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 18:35 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-15 18:35 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-04-15 18:35 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-04-15 18:35 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-15 18:35 - 2014-02-27 01:40 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-15 18:35 - 2014-02-27 01:21 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-15 18:35 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-04-15 18:35 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-04-15 10:49 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:41 - 2014-04-16 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-15 10:38 - 2014-04-15 10:38 - 01426178 _____ () C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
2014-04-14 16:02 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 16:02 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 16:02 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-14 16:02 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-14 16:02 - 2014-02-01 08:55 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2014-04-14 16:02 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-14 16:02 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 16:02 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-14 16:02 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 16:02 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-14 16:02 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-14 16:02 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-14 16:02 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-14 16:02 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-14 16:02 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-14 16:02 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-14 16:02 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-14 16:02 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-14 16:02 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-14 16:02 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-14 16:02 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 16:02 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 16:02 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-14 16:02 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 16:02 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-14 16:02 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 16:02 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 16:02 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 12:02 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 21:13 - 2014-04-01 22:26 - 00001062 _____ () C:\Users\SMCORDES\Desktop\Continue VuuPC Installation.lnk
2014-04-01 21:06 - 2014-04-01 21:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-01 21:06 - 2014-04-01 21:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-01 21:06 - 2014-04-01 21:07 - 00004476 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5
2014-04-01 21:06 - 2014-04-01 21:06 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-01 21:05 - 2014-04-23 09:06 - 00001472 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5.job
2014-04-01 21:05 - 2014-04-01 21:54 - 00000382 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-01 21:05 - 2014-04-01 21:05 - 00000318 _____ () C:\Users\SMCORDES\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 21:04 - 2014-04-23 09:04 - 00001380 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2.job
2014-04-01 21:04 - 2014-04-01 21:06 - 00004384 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2
2014-04-01 21:03 - 2014-04-23 09:04 - 00001390 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1.job
2014-04-01 21:03 - 2014-04-01 21:05 - 00004394 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1
2014-04-01 21:02 - 2014-04-23 09:02 - 00002390 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4.job
2014-04-01 21:02 - 2014-04-01 21:02 - 01176864 _____ (AnyProtect.com) C:\Users\SMCORDES\AppData\Local\nsaB17F.tmp
2014-04-01 21:02 - 2014-04-01 21:02 - 00005394 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4
2014-04-01 21:01 - 2014-04-23 09:02 - 00002796 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3.job
2014-04-01 21:01 - 2014-04-01 21:50 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 21:01 - 2014-04-01 21:05 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-04-01 21:01 - 2014-04-01 21:02 - 00005800 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3
2014-03-31 08:42 - 2014-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-23 12:33 - 2014-04-23 12:32 - 00012581 _____ () C:\Users\SMCORDES\Desktop\FRST.txt
2014-04-23 12:32 - 2014-04-23 12:32 - 00000000 ____D () C:\FRST
2014-04-23 12:29 - 2014-04-23 12:29 - 02061312 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST64.exe
2014-04-23 12:29 - 2014-04-23 12:29 - 01048064 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST.exe
2014-04-23 12:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-23 11:42 - 2013-01-12 19:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-23 10:26 - 2013-01-20 18:28 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-04-23 09:06 - 2014-04-01 21:05 - 00001472 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5.job
2014-04-23 09:04 - 2014-04-01 21:04 - 00001380 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2.job
2014-04-23 09:04 - 2014-04-01 21:03 - 00001390 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1.job
2014-04-23 09:02 - 2014-04-01 21:02 - 00002390 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4.job
2014-04-23 09:02 - 2014-04-01 21:01 - 00002796 _____ () C:\Windows\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3.job
2014-04-22 20:31 - 2013-01-12 16:00 - 01891383 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 18:28 - 2012-07-26 12:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-21 18:28 - 2012-07-26 12:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-21 18:28 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-18 20:44 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-18 20:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 18:54 - 2013-01-13 18:20 - 00000000 ____D () C:\Users\SMCORDES\Sven Versammlung
2014-04-16 21:06 - 2014-04-15 10:41 - 00000000 ____D () C:\AdwCleaner
2014-04-16 20:56 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 12:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-16 08:54 - 2013-01-12 16:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1189667614-2061807608-3763937058-1001
2014-04-15 20:55 - 2013-01-13 09:39 - 00000000 ____D () C:\Users\SMCORDES\Documents\Haushaltsbücher
2014-04-15 18:51 - 2013-01-20 09:50 - 00000000 ____D () C:\Users\SMCORDES\AppData\Local\Adobe
2014-04-15 18:51 - 2013-01-12 19:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 11:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-15 10:54 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-15 10:49 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:49 - 2014-04-02 12:02 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-15 10:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-15 10:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-15 10:38 - 2014-04-15 10:38 - 01426178 _____ () C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
2014-04-14 16:20 - 2013-08-16 10:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 16:19 - 2013-01-12 18:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 16:19 - 2013-01-12 16:25 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 19:20 - 2013-10-01 19:08 - 00000000 ____D () C:\Users\SMCORDES\AppData\Roaming\vlc
2014-04-02 12:59 - 2013-03-31 11:54 - 00000000 ____D () C:\Users\SMCORDES\Documents\Mika
2014-04-02 12:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-01 22:26 - 2014-04-01 21:13 - 00001062 _____ () C:\Users\SMCORDES\Desktop\Continue VuuPC Installation.lnk
2014-04-01 21:54 - 2014-04-01 21:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-01 21:54 - 2014-04-01 21:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-01 21:54 - 2014-04-01 21:05 - 00000382 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-01 21:53 - 2014-03-18 16:20 - 00338056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 21:53 - 2013-01-12 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 21:53 - 2013-01-12 15:51 - 00013362 _____ () C:\Windows\PFRO.log
2014-04-01 21:50 - 2014-04-01 21:01 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 21:07 - 2014-04-01 21:06 - 00004476 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-5
2014-04-01 21:06 - 2014-04-01 21:06 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-01 21:06 - 2014-04-01 21:04 - 00004384 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-2
2014-04-01 21:05 - 2014-04-01 21:05 - 00000318 _____ () C:\Users\SMCORDES\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 21:05 - 2014-04-01 21:03 - 00004394 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-1
2014-04-01 21:05 - 2014-04-01 21:01 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-04-01 21:02 - 2014-04-01 21:02 - 01176864 _____ (AnyProtect.com) C:\Users\SMCORDES\AppData\Local\nsaB17F.tmp
2014-04-01 21:02 - 2014-04-01 21:02 - 00005394 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-4
2014-04-01 21:02 - 2014-04-01 21:01 - 00005800 _____ () C:\Windows\System32\Tasks\49fbdd13-75fe-4e64-ba34-02b3d72df5b2-3
2014-04-01 21:01 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-01 21:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-01 07:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-09-20 16:57 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-09-20 16:57 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 08:42 - 2014-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-25 12:23 - 2013-01-14 15:58 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-25 11:57 - 2013-01-14 17:49 - 00000000 ____D () C:\Users\SMCORDES\.VirtualBox
2014-03-25 11:51 - 2013-01-12 19:10 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-03-25 07:55 - 2013-10-01 19:08 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\SMCORDES\AppData\Local\Temp\APNStub.exe
C:\Users\SMCORDES\AppData\Local\Temp\BackupSetup.exe
C:\Users\SMCORDES\AppData\Local\Temp\COMAP.EXE
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\ose00000.exe
C:\Users\SMCORDES\AppData\Local\Temp\setup.exe
C:\Users\SMCORDES\AppData\Local\Temp\SetupAssistant.exe
C:\Users\SMCORDES\AppData\Local\Temp\vcredist_x64.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-21 19:24

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


ich hoffe du kannst damit etwas anfangen...

ich leider überhaupt nicht...

Danke,
mfg Mirjam
__________________
Alt 24.04.2014, 07:42   #4
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.04.2014, 12:24   #5
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Hi.. muss ich das im Anschluss an den ersten Schritt machen??

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Was meinst du mit:
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.??


Alt 24.04.2014, 13:20   #6
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


den ersten Schritt habe ich getan..

nur mit dem Beenden meiner Schutzsoftware kann ich nichts anfangen??


was meinst du damit? den windows defender schliessen.. ausser kraft setzten???

Danke für deine Mühe

Mirjam

Alt 25.04.2014, 08:32   #7
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Einfach Rechtsklick auf dein Antivirenprogramm machen, unten in der Taskleiste neben der Uhr, und beende, oder Schutz beenden.

Und logs bitte immer in das Thema posten, nicht anhängen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.04.2014, 12:38   #8
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Da in der Leiste ist nichts.. ich habe nur die Windows Firewall und den Windows Defender..

soll ich die Firewall ausschalten?

eben kam die Nachricht, dass Malwarebytes einiges geblockt hat.


und sorry mit dem Anhang.. brauchst du den noch so???

Mirjam

Alt 26.04.2014, 08:12   #9
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


POste einfach mal bitte ein frisches FRST Log.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.04.2014, 12:06   #10
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Moin...

einmal ein neues FRST.log
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 01
Ran by SMCORDES (administrator) on ASPIRE7730 on 26-04-2014 13:01:47
Running from C:\Users\SMCORDES\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxduserv.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
( ) C:\Windows\system32\lxducoms.exe
(Malwarebytes Corporation) C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe [347792 2011-12-23] (Expert System S.p.A.)
HKU\S-1-5-21-1189667614-2061807608-3763937058-1001\...\MountPoints2: {28a4d8be-5cbf-11e2-be65-806e6f6e6963} - "E:\start.exe" X
HKU\S-1-5-21-1189667614-2061807608-3763937058-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {28a4d8be-5cbf-11e2-be65-806e6f6e6963} - "E:\start.exe" X
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FEF3C0B7A4DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {088971A6-36D7-4363-A2A5-4239962A40F4} URL = hxxp://www.search.ask.com/web?tpid=ORJ&o=100000027&pf=V7&p2=%5EU3%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.3.24&apn_uid=458BB0DB-0805-42B3-8737-1A80FF1F1843&apn_ptnrs=%5EU3&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ff_20.0.1&doi=2013-04-18&trgb=IE,FF&q={searchTerms}&psv=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://news.google.de/nwshp?hl=de&tab=wn
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-18]
FF Extension: DownloadHelper - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-25]
FF Extension: Silvermel - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\silvermel@pardal.de.xpi [2013-01-13]
FF Extension: Silvermel and Charamel XT - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\silvermelxt@pardal.de.xpi [2013-01-13]
FF Extension: All-in-One Sidebar - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-01-13]
FF Extension: Adblock Plus - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-13]
FF Extension: Tab Mix Plus - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-13]

==================== Services (Whitelisted) =================

R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-03-01] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2013-03-11] (CyberLink)
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
S3 winbondcir; C:\Windows\system32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [130320 2013-03-11] (CyberLink Corp.)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-26 13:01 - 2014-04-26 13:01 - 00000000 ____D () C:\Users\SMCORDES\Desktop\FRST-OlderVersion
2014-04-24 14:17 - 2014-04-24 14:17 - 00039536 _____ () C:\Users\SMCORDES\Desktop\mbam.txt
2014-04-24 13:30 - 2014-04-26 12:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 13:30 - 2014-04-24 13:30 - 00000996 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 13:30 - 2014-04-24 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 13:29 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 13:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-24 13:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-24 13:26 - 2014-04-24 13:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SMCORDES\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 22:03 - 2014-04-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:03 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 22:03 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 22:03 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 22:03 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 22:02 - 2014-04-23 22:03 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 12:41 - 2014-04-23 12:42 - 00000000 ____D () C:\Users\SMCORDES\Documents\Virus
2014-04-23 12:33 - 2014-04-23 12:41 - 00016878 _____ () C:\Users\SMCORDES\Desktop\Addition.txt
2014-04-23 12:32 - 2014-04-26 13:01 - 00013257 _____ () C:\Users\SMCORDES\Desktop\FRST.txt
2014-04-23 12:32 - 2014-04-26 13:01 - 00000000 ____D () C:\FRST
2014-04-23 12:29 - 2014-04-26 13:01 - 02061824 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST64.exe
2014-04-15 18:47 - 2014-04-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 18:35 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-15 18:35 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-04-15 18:35 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-04-15 18:35 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-15 18:35 - 2014-02-27 01:40 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-15 18:35 - 2014-02-27 01:21 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-15 18:35 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-04-15 18:35 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-04-15 10:49 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:41 - 2014-04-16 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-15 10:38 - 2014-04-15 10:38 - 01426178 _____ () C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
2014-04-14 16:02 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 16:02 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 16:02 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-14 16:02 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-14 16:02 - 2014-02-01 08:55 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2014-04-14 16:02 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-14 16:02 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 16:02 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-14 16:02 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 16:02 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-14 16:02 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-14 16:02 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-14 16:02 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-14 16:02 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-14 16:02 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-14 16:02 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-14 16:02 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-14 16:02 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-14 16:02 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-14 16:02 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-14 16:02 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 16:02 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 16:02 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-14 16:02 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 16:02 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-14 16:02 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 16:02 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 16:02 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 12:02 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 21:13 - 2014-04-01 22:26 - 00001062 _____ () C:\Users\SMCORDES\Desktop\Continue VuuPC Installation.lnk
2014-04-01 21:06 - 2014-04-01 21:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-01 21:06 - 2014-04-01 21:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-01 21:06 - 2014-04-01 21:06 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-01 21:05 - 2014-04-01 21:54 - 00000382 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-01 21:05 - 2014-04-01 21:05 - 00000318 _____ () C:\Users\SMCORDES\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 21:02 - 2014-04-01 21:02 - 01176864 _____ (AnyProtect.com) C:\Users\SMCORDES\AppData\Local\nsaB17F.tmp
2014-04-01 21:01 - 2014-04-25 13:34 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-04-01 21:01 - 2014-04-01 21:50 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-03-31 08:42 - 2014-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-26 13:02 - 2014-04-23 12:32 - 00013257 _____ () C:\Users\SMCORDES\Desktop\FRST.txt
2014-04-26 13:01 - 2014-04-26 13:01 - 00000000 ____D () C:\Users\SMCORDES\Desktop\FRST-OlderVersion
2014-04-26 13:01 - 2014-04-23 12:32 - 00000000 ____D () C:\FRST
2014-04-26 13:01 - 2014-04-23 12:29 - 02061824 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST64.exe
2014-04-26 13:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-26 12:59 - 2014-04-24 13:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-25 14:57 - 2013-01-12 16:00 - 01084736 _____ () C:\Windows\WindowsUpdate.log
2014-04-25 14:42 - 2013-01-12 19:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-25 14:00 - 2012-07-26 12:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-25 14:00 - 2012-07-26 12:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-25 14:00 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-25 13:58 - 2013-01-20 18:28 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-04-25 13:34 - 2014-04-01 21:01 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-04-24 14:17 - 2014-04-24 14:17 - 00039536 _____ () C:\Users\SMCORDES\Desktop\mbam.txt
2014-04-24 14:11 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-24 14:10 - 2013-01-12 15:51 - 00037070 _____ () C:\Windows\PFRO.log
2014-04-24 13:30 - 2014-04-24 13:30 - 00000996 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 13:30 - 2014-04-24 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 13:26 - 2014-04-24 13:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SMCORDES\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 22:03 - 2014-04-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:03 - 2014-04-23 22:02 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 22:03 - 2013-07-22 12:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 12:42 - 2014-04-23 12:41 - 00000000 ____D () C:\Users\SMCORDES\Documents\Virus
2014-04-23 12:41 - 2014-04-23 12:33 - 00016878 _____ () C:\Users\SMCORDES\Desktop\Addition.txt
2014-04-23 12:41 - 2013-01-13 18:20 - 00000000 ____D () C:\Users\SMCORDES\Sven Arbeit
2014-04-18 20:44 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-18 20:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 18:54 - 2013-01-13 18:20 - 00000000 ____D () C:\Users\SMCORDES\Sven Versammlung
2014-04-16 21:06 - 2014-04-15 10:41 - 00000000 ____D () C:\AdwCleaner
2014-04-16 12:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-16 08:54 - 2013-01-12 16:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1189667614-2061807608-3763937058-1001
2014-04-15 20:55 - 2013-01-13 09:39 - 00000000 ____D () C:\Users\SMCORDES\Documents\Haushaltsbücher
2014-04-15 18:51 - 2013-01-20 09:50 - 00000000 ____D () C:\Users\SMCORDES\AppData\Local\Adobe
2014-04-15 18:51 - 2013-01-12 19:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 18:47 - 2014-04-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 11:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-15 10:54 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-15 10:49 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:49 - 2014-04-02 12:02 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-15 10:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-15 10:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-15 10:38 - 2014-04-15 10:38 - 01426178 _____ () C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
2014-04-14 20:13 - 2014-04-23 22:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-23 22:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-23 22:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-23 22:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 16:20 - 2013-08-16 10:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 16:19 - 2013-01-12 18:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 16:19 - 2013-01-12 16:25 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 19:20 - 2013-10-01 19:08 - 00000000 ____D () C:\Users\SMCORDES\AppData\Roaming\vlc
2014-04-03 09:51 - 2014-04-24 13:29 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-24 13:29 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-24 13:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 12:59 - 2013-03-31 11:54 - 00000000 ____D () C:\Users\SMCORDES\Documents\Mika
2014-04-02 12:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-01 22:26 - 2014-04-01 21:13 - 00001062 _____ () C:\Users\SMCORDES\Desktop\Continue VuuPC Installation.lnk
2014-04-01 21:54 - 2014-04-01 21:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-01 21:54 - 2014-04-01 21:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-01 21:54 - 2014-04-01 21:05 - 00000382 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-01 21:53 - 2014-03-18 16:20 - 00338056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 21:53 - 2013-01-12 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 21:51 - 2013-01-12 16:45 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-01 21:50 - 2014-04-01 21:01 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 21:06 - 2014-04-01 21:06 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-01 21:05 - 2014-04-01 21:05 - 00000318 _____ () C:\Users\SMCORDES\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 21:02 - 2014-04-01 21:02 - 01176864 _____ (AnyProtect.com) C:\Users\SMCORDES\AppData\Local\nsaB17F.tmp
2014-04-01 21:01 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-01 21:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-01 07:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-09-20 16:57 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-09-20 16:57 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 08:42 - 2014-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\SMCORDES\AppData\Local\Temp\APNStub.exe
C:\Users\SMCORDES\AppData\Local\Temp\BackupSetup.exe
C:\Users\SMCORDES\AppData\Local\Temp\COMAP.EXE
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\ose00000.exe
C:\Users\SMCORDES\AppData\Local\Temp\setup.exe
C:\Users\SMCORDES\AppData\Local\Temp\SetupAssistant.exe
C:\Users\SMCORDES\AppData\Local\Temp\vcredist_x64.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-21 19:24

==================== End Of Log ============================
--- --- ---



lg Mirjam

Alt 26.04.2014, 18:35   #11
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Jetzt einfach den Defender abschalten, das reicht.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.04.2014, 23:40   #12
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Nr. 1 erledigt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-04-2014 01
Ran by SMCORDES at 2014-04-27 20:29:26 Run:1
Running from C:\Users\SMCORDES\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====

Nr. 2
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b484f3dfeac90f4fa7e24a686c772ba9
# engine=18051
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-27 09:19:21
# local_time=2014-04-27 11:19:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode=5893 16776574 100 94 9488 15979490 0 0
# scanned=260951
# found=3
# cleaned=0
# scan_time=8885
sh=F05756271F0D10963DF44C3BAD76A37FFC34CD6D ft=1 fh=df7bcb053f854a02 vn="Variante von Win32/AdWare.NaviPromo.AT Anwendung" ac=I fn="C:\Users\SMCORDES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4G5R2CCM\download[1].php"
sh=C42DF14DFF742E29B06F093E1BB96BB9702E6D8C ft=1 fh=b753f2e166a0f39e vn="Variante von Win32/AdWare.Lollipop.U Anwendung" ac=I fn="C:\Users\SMCORDES\AppData\Local\Temp\9b73100c-d357-4acd-b17f-f4c9f87651b8\software\LollipopInstaller_14656.exe"
sh=A170F0DE67A89BADFB9205BC102D93C2EA839D21 ft=1 fh=4e70f50b44da4f5e vn="möglicherweise Variante von Win32/AdWare.AddLyrics.AJ Anwendung" ac=I fn="C:\Users\SMCORDES\AppData\Local\Temp\9b73100c-d357-4acd-b17f-f4c9f87651b8\software\Re-markit_2040-2082.exe"

Nr. 3

Results of screen317's Security Check version 0.99.82
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java version out of Date!
Adobe Flash Player 13.0.0.182
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Nr. 4
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-04-2014 01
Ran by SMCORDES (administrator) on ASPIRE7730 on 28-04-2014 00:31:05
Running from C:\Users\SMCORDES\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe
(Lexmark International, Inc.) C:\Windows\system32\spool\DRIVERS\x64\3\lxduserv.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
( ) C:\Windows\system32\lxducoms.exe
(Malwarebytes Corporation) C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamservice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Malwarebytes Corporation) C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Users\SMCORDES\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-14] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe [676520 2010-02-04] ()
HKLM\...\Run: [lxduamon] => C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduamon.exe [16040 2010-02-04] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl11] => C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe [237120 2013-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\.DEFAULT\...\Run: [Duden Korrektor SysTray] => C:\Program Files (x86)\Duden\Duden-Rechtschreibprüfung\DKTray.exe [347792 2011-12-23] (Expert System S.p.A.)
HKU\S-1-5-21-1189667614-2061807608-3763937058-1001\...\MountPoints2: {28a4d8be-5cbf-11e2-be65-806e6f6e6963} - "E:\start.exe" X

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7FEF3C0B7A4DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {088971A6-36D7-4363-A2A5-4239962A40F4} URL = hxxp://www.search.ask.com/web?tpid=ORJ&o=100000027&pf=V7&p2=%5EU3%5EOSJ000%5EYY%5EDE&gct=&itbv=12.10.3.24&apn_uid=458BB0DB-0805-42B3-8737-1A80FF1F1843&apn_ptnrs=%5EU3&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=ff_20.0.1&doi=2013-04-18&trgb=IE,FF&q={searchTerms}&psv=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO-x32: Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Lexmark  - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default
FF NewTab: chrome://quick_start/content/index.html
FF Homepage: hxxp://news.google.de/nwshp?hl=de&tab=wn
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Flashblock - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-18]
FF Extension: DownloadHelper - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-24]
FF Extension: Flash and Video Download - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2014-04-25]
FF Extension: Silvermel - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\silvermel@pardal.de.xpi [2013-01-13]
FF Extension: Silvermel and Charamel XT - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\silvermelxt@pardal.de.xpi [2013-01-13]
FF Extension: All-in-One Sidebar - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2013-01-13]
FF Extension: Adblock Plus - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-13]
FF Extension: Tab Mix Plus - C:\Users\SMCORDES\AppData\Roaming\Mozilla\Firefox\Profiles\exaygixr.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-01-13]

==================== Services (Whitelisted) =================

R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [85568 2013-03-01] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [77576 2013-03-11] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [294664 2013-03-11] (CyberLink)
R2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [29184 2009-10-16] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [1039360 2009-10-16] ( )
R2 lxdu_device; C:\Windows\SysWOW64\lxducoms.exe [589824 2009-10-16] ( )
R2 MBAMScheduler; C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 nuvotoncir; C:\Windows\system32\DRIVERS\nuvotoncir.sys [48128 2009-08-31] (Nuvoton Technology Corporation)
S3 winbondcir; C:\Windows\system32\DRIVERS\winbondcir.sys [46592 2007-03-28] (Winbond Electronics Corporation)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [130320 2013-03-11] (CyberLink Corp.)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-28 00:27 - 2014-04-28 00:27 - 00855379 _____ () C:\Users\SMCORDES\Desktop\SecurityCheck.exe
2014-04-26 13:03 - 2014-04-26 13:03 - 00034855 _____ () C:\Users\SMCORDES\Desktop\FRST1.txt
2014-04-26 13:01 - 2014-04-26 13:01 - 00000000 ____D () C:\Users\SMCORDES\Desktop\FRST-OlderVersion
2014-04-24 14:17 - 2014-04-24 14:17 - 00039536 _____ () C:\Users\SMCORDES\Desktop\mbam.txt
2014-04-24 13:30 - 2014-04-27 21:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-24 13:30 - 2014-04-24 13:30 - 00000996 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 13:30 - 2014-04-24 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 13:29 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-24 13:29 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-24 13:29 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-24 13:26 - 2014-04-24 13:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SMCORDES\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 22:03 - 2014-04-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:03 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-23 22:03 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-23 22:03 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-23 22:03 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-23 22:02 - 2014-04-23 22:03 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 12:41 - 2014-04-23 12:42 - 00000000 ____D () C:\Users\SMCORDES\Documents\Virus
2014-04-23 12:33 - 2014-04-23 12:41 - 00016878 _____ () C:\Users\SMCORDES\Desktop\Addition.txt
2014-04-23 12:32 - 2014-04-28 00:31 - 00013110 _____ () C:\Users\SMCORDES\Desktop\FRST.txt
2014-04-23 12:32 - 2014-04-28 00:31 - 00000000 ____D () C:\FRST
2014-04-23 12:29 - 2014-04-26 13:01 - 02061824 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST64.exe
2014-04-15 18:47 - 2014-04-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 18:35 - 2014-03-01 11:47 - 01258496 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-15 18:35 - 2014-03-01 11:47 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-04-15 18:35 - 2014-03-01 10:07 - 01075200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-04-15 18:35 - 2014-03-01 08:59 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-15 18:35 - 2014-02-27 01:40 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-15 18:35 - 2014-02-27 01:21 - 00668160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-15 18:35 - 2014-02-27 01:18 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00370688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-04-15 18:35 - 2014-02-27 01:18 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-04-15 18:35 - 2014-02-15 06:15 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-04-15 10:49 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:41 - 2014-04-16 21:06 - 00000000 ____D () C:\AdwCleaner
2014-04-15 10:38 - 2014-04-15 10:38 - 01426178 _____ () C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
2014-04-14 16:02 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-14 16:02 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-14 16:02 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-14 16:02 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-14 16:02 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-14 16:02 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-14 16:02 - 2014-02-01 08:55 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2014-04-14 16:02 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe
2014-04-14 16:02 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-14 16:02 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-14 16:02 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-14 16:02 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-14 16:02 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-14 16:02 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-14 16:02 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-14 16:02 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-14 16:02 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-14 16:02 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-14 16:02 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-14 16:02 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-14 16:02 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-14 16:02 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-14 16:02 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-14 16:02 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-14 16:02 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-14 16:02 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-14 16:02 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-14 16:02 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-14 16:02 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-14 16:02 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-14 16:02 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-14 16:02 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-14 16:02 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-14 16:01 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-14 16:01 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-02 12:02 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-01 21:13 - 2014-04-01 22:26 - 00001062 _____ () C:\Users\SMCORDES\Desktop\Continue VuuPC Installation.lnk
2014-04-01 21:06 - 2014-04-01 21:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-01 21:06 - 2014-04-01 21:54 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-01 21:06 - 2014-04-01 21:06 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-01 21:05 - 2014-04-01 21:54 - 00000382 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-01 21:05 - 2014-04-01 21:05 - 00000318 _____ () C:\Users\SMCORDES\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 21:02 - 2014-04-01 21:02 - 01176864 _____ (AnyProtect.com) C:\Users\SMCORDES\AppData\Local\nsaB17F.tmp
2014-04-01 21:01 - 2014-04-27 20:30 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-01 21:01 - 2014-04-25 13:34 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-03-31 08:42 - 2014-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-28 00:31 - 2014-04-23 12:32 - 00013110 _____ () C:\Users\SMCORDES\Desktop\FRST.txt
2014-04-28 00:31 - 2014-04-23 12:32 - 00000000 ____D () C:\FRST
2014-04-28 00:27 - 2014-04-28 00:27 - 00855379 _____ () C:\Users\SMCORDES\Desktop\SecurityCheck.exe
2014-04-28 00:13 - 2013-01-12 16:00 - 01268551 _____ () C:\Windows\WindowsUpdate.log
2014-04-28 00:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-27 23:42 - 2013-01-12 19:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-27 21:13 - 2014-04-24 13:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-27 20:45 - 2013-01-20 18:28 - 00000000 ____D () C:\ProgramData\Lx_cats
2014-04-27 20:41 - 2012-07-26 12:27 - 00753134 _____ () C:\Windows\system32\perfh007.dat
2014-04-27 20:41 - 2012-07-26 12:27 - 00155826 _____ () C:\Windows\system32\perfc007.dat
2014-04-27 20:41 - 2012-07-26 09:28 - 01745416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-27 20:30 - 2014-04-01 21:01 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-04-27 20:30 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-27 20:29 - 2012-07-26 10:12 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-27 20:29 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-26 13:03 - 2014-04-26 13:03 - 00034855 _____ () C:\Users\SMCORDES\Desktop\FRST1.txt
2014-04-26 13:01 - 2014-04-26 13:01 - 00000000 ____D () C:\Users\SMCORDES\Desktop\FRST-OlderVersion
2014-04-26 13:01 - 2014-04-23 12:29 - 02061824 _____ (Farbar) C:\Users\SMCORDES\Desktop\FRST64.exe
2014-04-25 13:34 - 2014-04-01 21:01 - 00000000 ____D () C:\Program Files (x86)\HQVid8.1
2014-04-24 14:17 - 2014-04-24 14:17 - 00039536 _____ () C:\Users\SMCORDES\Desktop\mbam.txt
2014-04-24 14:10 - 2013-01-12 15:51 - 00037070 _____ () C:\Windows\PFRO.log
2014-04-24 13:30 - 2014-04-24 13:30 - 00000996 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-04-24 13:30 - 2014-04-24 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\Users\SMCORDES\Downloads\ Malwarebytes Anti-Malware 
2014-04-24 13:29 - 2014-04-24 13:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-24 13:26 - 2014-04-24 13:26 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\SMCORDES\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-23 22:03 - 2014-04-23 22:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-23 22:03 - 2014-04-23 22:02 - 00004253 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-23 22:03 - 2013-07-22 12:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-23 12:42 - 2014-04-23 12:41 - 00000000 ____D () C:\Users\SMCORDES\Documents\Virus
2014-04-23 12:41 - 2014-04-23 12:33 - 00016878 _____ () C:\Users\SMCORDES\Desktop\Addition.txt
2014-04-23 12:41 - 2013-01-13 18:20 - 00000000 ____D () C:\Users\SMCORDES\Sven Arbeit
2014-04-18 20:44 - 2012-07-26 10:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-18 20:41 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-18 18:54 - 2013-01-13 18:20 - 00000000 ____D () C:\Users\SMCORDES\Sven Versammlung
2014-04-16 21:06 - 2014-04-15 10:41 - 00000000 ____D () C:\AdwCleaner
2014-04-16 12:31 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-16 08:54 - 2013-01-12 16:07 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1189667614-2061807608-3763937058-1001
2014-04-15 20:55 - 2013-01-13 09:39 - 00000000 ____D () C:\Users\SMCORDES\Documents\Haushaltsbücher
2014-04-15 18:51 - 2013-01-20 09:50 - 00000000 ____D () C:\Users\SMCORDES\AppData\Local\Adobe
2014-04-15 18:51 - 2013-01-12 19:31 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-15 18:47 - 2014-04-15 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-15 18:45 - 2014-04-15 18:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 11:50 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache
2014-04-15 10:49 - 2014-04-15 10:49 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-15 10:49 - 2014-04-02 12:02 - 00000000 ___RD () C:\Users\SMCORDES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-15 10:45 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-15 10:44 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore
2014-04-15 10:38 - 2014-04-15 10:38 - 01426178 _____ () C:\Users\SMCORDES\Downloads\adwcleaner3023.exe
2014-04-14 20:13 - 2014-04-23 22:03 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-23 22:03 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-23 22:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-23 22:03 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-14 16:20 - 2013-08-16 10:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-14 16:19 - 2013-01-12 18:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-14 16:19 - 2013-01-12 16:25 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-07 19:20 - 2013-10-01 19:08 - 00000000 ____D () C:\Users\SMCORDES\AppData\Roaming\vlc
2014-04-03 09:51 - 2014-04-24 13:29 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-24 13:29 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-24 13:29 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-02 12:59 - 2013-03-31 11:54 - 00000000 ____D () C:\Users\SMCORDES\Documents\Mika
2014-04-02 12:12 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-01 22:26 - 2014-04-01 21:13 - 00001062 _____ () C:\Users\SMCORDES\Desktop\Continue VuuPC Installation.lnk
2014-04-01 21:54 - 2014-04-01 21:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-01 21:54 - 2014-04-01 21:06 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-01 21:54 - 2014-04-01 21:05 - 00000382 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-01 21:53 - 2014-03-18 16:20 - 00338056 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 21:53 - 2013-01-12 16:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-01 21:51 - 2013-01-12 16:45 - 00001163 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-01 21:06 - 2014-04-01 21:06 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-01 21:06 - 2014-04-01 21:06 - 00002814 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-01 21:05 - 2014-04-01 21:05 - 00000318 _____ () C:\Users\SMCORDES\AppData\Roaming\aps.uninstall.scan.results
2014-04-01 21:02 - 2014-04-01 21:02 - 01176864 _____ (AnyProtect.com) C:\Users\SMCORDES\AppData\Local\nsaB17F.tmp
2014-04-01 21:01 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-01 07:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-31 23:18 - 2013-09-20 16:57 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-09-20 16:57 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 08:42 - 2014-03-31 08:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\SMCORDES\AppData\Local\Temp\APNStub.exe
C:\Users\SMCORDES\AppData\Local\Temp\BackupSetup.exe
C:\Users\SMCORDES\AppData\Local\Temp\COMAP.EXE
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\SMCORDES\AppData\Local\Temp\ose00000.exe
C:\Users\SMCORDES\AppData\Local\Temp\setup.exe
C:\Users\SMCORDES\AppData\Local\Temp\SetupAssistant.exe
C:\Users\SMCORDES\AppData\Local\Temp\vcredist_x64.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\SMCORDES\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-21 19:24

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

ÄHM....

ich wusste es jetzt nicht anders... ich habe die Firewall und den Defender wieder angemacht..

War das richtig???

Alt 28.04.2014, 09:19   #13
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Passt

Java updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.




Fertig

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 28.04.2014, 20:01   #14
MC79
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Hi..

was meinst du damit???

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)

Windowstaste + R > Combofix /Uninstall (eingeben) > OK
Alternative: Combofix.exe in uninstall.exe umbenennen und starten
Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.


finde dazu nix bei mir im PC...

Alt 29.04.2014, 17:21   #15
schrauber
/// the machine
/// TB-Ausbilder
 
oh oh, wohl echt ggrr - Standard

oh oh, wohl echt ggrr


Haben wir nicht benutzt, kannst gleich Delfix laufen lassen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort
Seite 1 von 2 1 2

Themen zu oh oh, wohl echt ggrr
appdatalow, backdoor.bot, betriebssystem, dateien, firefox, helper, heuristics.shuriken, iexplore.exe, internet explorer, microsoft, pup.optional.conduit.a, pup.optional.crossrider.a, pup.optional.iepluginservice.a, pup.optional.installcore.a, pup.optional.mediaplayerplus.a, pup.optional.qone8, pup.optional.silenceinstall, pup.optional.skytech.a, pup.optional.webssearches.a, pup.optional.wpmanager, quick_start, registrierungsdatenbank, roaming, suche, windows, wohl einen trojaner oder schlimmeres


« Download Protect 2.20 lässt sich nicht entfernen | Download Protect 2.2.0 Google Chrome »


Ähnliche Themen: oh oh, wohl echt ggrr


  1. Schrauber hilft echt gut
    Lob, Kritik und Wünsche - 06.11.2014 (0)
  2. Bundestrojaner echt
    Plagegeister aller Art und deren Bekämpfung - 30.03.2014 (2)
  3. Danke ihr seid echt klasse!
    Lob, Kritik und Wünsche - 27.09.2013 (0)
  4. Schrauber, du bist echt der Wahnsinn
    Lob, Kritik und Wünsche - 15.07.2013 (0)
  5. appround.net - Pop up nervt echt Versuch Nr.2
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (11)
  6. appround.net - Pop up nervt echt
    Plagegeister aller Art und deren Bekämpfung - 18.04.2013 (7)
  7. Trojaner oder echt ?
    Log-Analyse und Auswertung - 28.06.2012 (3)
  8. GVU Trojaner? oder echt?
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (27)
  9. 2 echt nervige probleme !
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (12)
  10. Fehlalarm oder echt
    Plagegeister aller Art und deren Bekämpfung - 15.07.2009 (1)
  11. USB 2.0 oder USB 1.1 schon echt seltsam!
    Alles rund um Windows - 04.03.2008 (2)
  12. Klopfgeräusche und Zischgeräusche, echt komisch!!!!!
    Plagegeister aller Art und deren Bekämpfung - 07.06.2005 (6)
  13. Echt Probleme!!!!
    Plagegeister aller Art und deren Bekämpfung - 18.05.2005 (4)
  14. rundl problem ECHT WICHTIG
    Plagegeister aller Art und deren Bekämpfung - 22.03.2005 (31)
  15. Angezeigte Einwahlnummer echt ?
    Plagegeister aller Art und deren Bekämpfung - 07.05.2004 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema oh oh, wohl echt ggrr - Hi ich brauche mal eure Hilfe... ich habe mir wohl was eingefangen.. ich habe einige eurer Tips an andere hier bereits ausgeführt.. ich habe mir bereits Adwcleaner bereits installiert und - oh oh, wohl echt ggrr...
Archiv
Du betrachtest: oh oh, wohl echt ggrr auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54