Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32:Evo-gen[Susp]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 29.04.2014, 17:25   #1
Sunni
 
Win32:Evo-gen[Susp] - Standard

Win32:Evo-gen[Susp]



Avast free Antivirus lässt ein Fenster poppen indem steht das eine verdächtige Datei blockiert wurde, ich kann wenn ich will diese Datei zur "Ausnahmeliste" hinzufügen, was ich aber derzeit noch nicht mach. Das Problem ist das dieses Fenster jede Sekunde erscheint. DIE GANZE ZEIT, es nervt mich extrem, die ganze Zeit sagt eine Frauenstimme:" Verdächtiges Objekt wurde gefunden!"

Ich habe keine Ahnung wie ich mit sowas umzugehen habe,führe gerade einen Scan von Avast durch der aber bei 99% noch nichts gefunden hat.

Alt 29.04.2014, 17:40   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:Evo-gen[Susp] - Standard

Win32:Evo-gen[Susp]



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 29.04.2014, 18:06   #3
Sunni
 
Win32:Evo-gen[Susp] - Standard

Win32:Evo-gen[Susp]



Zitat:
Zitat von schrauber Beitrag anzeigen
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-04-2014
Ran by Annemarie at 2014-04-29 18:55:16
Running from C:\Users\Annemarie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activeris AntiMalware (HKLM-x32\...\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1) (Version: 1.0.0.1 - Activeris)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.6.636 - Adobe Systems, Inc.)
AMD Accelerated Video Transcoding (Version: 12.10.100.30620 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{399CF2C5-569E-98B2-8823-073041A3F9F5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.0620.342.4745 - Ihr Firmenname) Hidden
AMD Start Now (Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2013.0620.342.4745 - Ihr Firmenname) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0620.0341.4745 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0620.342.4745 - Advanced Micro Devices, Inc.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.3919 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3919 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2817 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2817 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.6.6119 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Freeven pro 1.2 (HKLM-x32\...\Freeven pro 1.2) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
fst_de_7 (HKLM-x32\...\fst_de_7_is1) (Version:  - free_soft_today)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{AE2F1669-5B1F-47C5-B639-78D74DD0BCE4}) (Version: 6.0.10.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{F86C62DC-1600-426B-981C-F398EF7CCB24}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Recovery Manager (x32 Version: 10.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{90EB00F7-A0D2-419B-82DE-59AADCA11790}) (Version: 1.0.6 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{2AFEFC93-F0C7-4390-BB51-F914EC546B30}) (Version: 2.1.6 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Ihr Firmenname)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Ralink Bluetooth Stack64 (HKLM\...\{307AA214-8490-9119-DA81-C8E875AD1C94}) (Version: 11.0.737.5 - Mediatek)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.25.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29057 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.13.314.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6914 - Realtek Semiconductor Corp.)
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.3 - Uniblue Systems Limited) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version:  - webssearches) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

21-02-2014 08:37:23 Windows Update
01-04-2014 16:13:10 Windows Update
06-04-2014 15:57:27 Windows Update
24-04-2014 12:24:45 Installed Java 8 Update 5 (64-bit)
29-04-2014 15:08:38 Uniblue SpeedUpMyPC installation

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {13091EA6-D16A-479B-820B-D4E9F184604B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {1610B760-3457-4F36-A2EF-CB21346A96DF} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1 => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {19790962-01BD-44BB-B972-075B2357B41C} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2 => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-2.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1AF58742-7C3D-4482-8D9B-BA3C4AAF7257} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {1C253943-4269-4A31-A860-26583F9A4CB6} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {20F4D224-401F-4600-A87F-02A50B61DF80} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1 => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {268889B3-C824-41D2-B0BD-1694DB2A841F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {32503853-736A-4542-AFC6-36A6CF3640BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {3F84C9C4-D8D6-4F36-AA8D-297D6C091686} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-29] (AnyProtect by CMI) <==== ATTENTION
Task: {4B88A718-1EF1-40EC-B51C-6C708430C35F} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5 => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-5.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {4FEB91F0-03D8-4BEF-9963-E297F8769C37} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-29] (AnyProtect by CMI) <==== ATTENTION
Task: {522CD129-EA02-44A4-9267-24B1C6BCE5CC} - System32\Tasks\Activeris AntiMalware_startup => C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe [2014-01-23] (Activeris)
Task: {69B67946-647A-446A-BC03-1DE7E74016E3} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {7780E567-7E65-4314-9CE1-4537D8DD6121} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3 => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-3.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {7E216137-A09C-4519-B980-8D786F09AF3D} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5 => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-5.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {84D27124-2A3D-408D-83B1-900865482CE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {869C66D9-5CE9-420C-A8B0-106F2DA6B090} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8EEF30C2-94A3-4387-89EE-C849032AEB96} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {9D1A96DA-4319-45DC-A952-A48E0459D99A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {9DC995FE-C0C7-4B39-AF81-37DC1D689C6C} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {A28AD1CD-D4AA-4691-88BD-3A991FF1952E} - System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2 => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-2.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {A2E63F5D-7FA8-418C-AD12-0E3BC23A1720} - System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3 => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-3.exe [2014-04-29] (Freeven) <==== ATTENTION
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B11703F9-9581-4394-A0E0-5E98317507F0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-29] (AnyProtect by CMI) <==== ATTENTION
Task: {C4D1AEFD-AFA0-489A-B7E0-FD08DFB52821} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-24] (AVAST Software)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D32AF669-9A1B-4B82-88E2-34F9331CF506} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-01] (Google Inc.)
Task: {E23A0352-00D1-4F9D-963D-4EA6BFF7A570} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1.job => C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2.job => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3.job => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5.job => C:\Program Files (x86)\Freeven pro 1.2\38a42648-bd73-4777-8dc8-b17dc2695900-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1.job => C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-codedownloader.exe
Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2.job => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-2.exe
Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3.job => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-3.exe
Task: C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5.job => C:\Program Files (x86)\MediaPlayerplus\48782ae5-b338-4216-a537-e1868ae58073-5.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-06-20 03:53 - 2013-06-20 03:53 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-06-20 03:53 - 2013-06-20 03:53 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\system32\BsHelpCSps.dll
2013-01-10 13:35 - 2013-01-10 13:35 - 00055296 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\system32\BsTrace.dll
2013-01-10 11:25 - 2013-01-10 11:25 - 00364544 _____ () C:\Windows\system32\BsExtendFunc.dll
2013-06-20 03:53 - 2013-06-20 03:53 - 00016896 _____ () C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2013-06-20 03:53 - 2013-06-20 03:53 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-04-29 17:09 - 2014-04-28 11:09 - 03267536 _____ () C:\Users\Annemarie\AppData\Local\fst_de_7\upfst_de_7.exe
2014-04-26 19:58 - 2014-04-26 19:58 - 00052736 _____ () C:\Users\Annemarie\AppData\Roaming\VOPackage\VOsrv.exe
2014-04-29 16:55 - 2014-04-29 16:55 - 00078848 _____ () C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
2014-04-26 00:07 - 2014-04-26 00:07 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042501\algo.dll
2014-04-29 17:09 - 2014-04-29 17:09 - 02252800 _____ () C:\Program Files\AVAST Software\Avast\defs\14042801\algo.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-10 13:30 - 2013-01-10 13:30 - 00022528 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2013-01-10 13:35 - 2013-01-10 13:35 - 00009728 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2013-01-10 13:35 - 2013-01-10 13:35 - 00055296 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-03-22 10:06 - 2013-03-22 10:06 - 00387936 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll
2011-07-05 10:53 - 2011-07-05 10:53 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll
2013-12-26 12:10 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-01-31 17:04 - 2013-01-31 17:04 - 00080120 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2013-01-10 11:25 - 2013-01-10 11:25 - 00364544 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2014-04-24 17:44 - 2014-04-24 17:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-04-29 17:09 - 2012-09-26 15:31 - 00886272 _____ () C:\Program Files (x86)\Activeris AntiMalware\System.Data.SQLite.dll
2014-04-29 17:09 - 2014-01-23 19:04 - 01718264 _____ () C:\Program Files (x86)\Activeris AntiMalware\acrissys.dll
2014-04-29 17:10 - 2012-09-26 15:31 - 00168448 _____ () C:\Program Files (x86)\Activeris AntiMalware\UNRAR.DLL
2014-04-29 17:16 - 2014-04-29 17:16 - 00117248 _____ () C:\Users\Annemarie\AppData\Local\Temp\nsq9524.tmp\IpConfig.dll
2014-04-29 17:16 - 2014-04-29 17:16 - 00020992 _____ () C:\Users\Annemarie\AppData\Local\Temp\nsq9524.tmp\inetc.dll
2014-03-29 13:08 - 2014-03-29 13:08 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-29 17:45 - 2014-04-29 17:45 - 00117248 _____ () C:\Users\Annemarie\AppData\Local\Temp\nshEFF1.tmp\IpConfig.dll
2014-04-11 18:36 - 2014-04-02 03:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-11 18:36 - 2014-04-02 03:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-11 18:36 - 2014-04-02 03:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2014 05:50:43 PM) (Source: Application Hang) (User: )
Description: Programm chrome.exe, Version 34.0.1847.116 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2e28

Startzeit: 01cf63c2b74f3791

Endzeit: 4294967295

Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID: 03ac84fe-cfb6-11e3-be80-3c77e617fd52

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/29/2014 05:50:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: ANNICOMPUTER)
Description: Das Paket „DefaultBrowser_NOPUBLISHERID“ wurde beendet, da das Anhalten zu lange dauerte.

Error: (04/29/2014 05:15:50 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1fa8

Startzeit: 01cf63bdb1c6c7de

Endzeit: 169

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 20cdea95-cfb1-11e3-be80-3c77e617fd52

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/29/2014 05:09:31 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/28/2014 09:37:23 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2b64

Startzeit: 01cf630fbc4758d1

Endzeit: 268

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 7f8c9437-cf0c-11e3-be80-3c77e617fd52

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/27/2014 05:53:30 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 3e8

Startzeit: 01cf622b3b233243

Endzeit: 359

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 1067f82e-ce24-11e3-be80-3c77e617fd52

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (04/26/2014 06:28:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wwahost.exe, Version: 6.2.9200.16420, Zeitstempel: 0x505a9152
Name des fehlerhaften Moduls: Microsoft.WindowsLive.ClientAccessLibrary.dll, Version: 16.4.4388.928, Zeitstempel: 0x50656efe
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000277cb5
ID des fehlerhaften Prozesses: 0x1f34
Startzeit der fehlerhaften Anwendung: 0xwwahost.exe0
Pfad der fehlerhaften Anwendung: wwahost.exe1
Pfad des fehlerhaften Moduls: wwahost.exe2
Berichtskennung: wwahost.exe3
Vollständiger Name des fehlerhaften Pakets: wwahost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: wwahost.exe5

Error: (04/26/2014 02:18:40 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (04/26/2014 01:39:15 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x51c2ab8e
Name des fehlerhaften Moduls: atieclxx.exe, Version: 6.14.11.1143, Zeitstempel: 0x51c2ab8e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000002ea19
ID des fehlerhaften Prozesses: 0x718
Startzeit der fehlerhaften Anwendung: 0xatieclxx.exe0
Pfad der fehlerhaften Anwendung: atieclxx.exe1
Pfad des fehlerhaften Moduls: atieclxx.exe2
Berichtskennung: atieclxx.exe3
Vollständiger Name des fehlerhaften Pakets: atieclxx.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: atieclxx.exe5

Error: (04/26/2014 00:16:02 AM) (Source: ATIeRecord) (User: )
Description: ATI EEU maximum number of session has been surpassed


System errors:
=============
Error: (04/29/2014 05:53:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/29/2014 05:52:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! EmHWID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/29/2014 05:36:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/29/2014 05:28:47 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/29/2014 05:19:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/29/2014 05:10:34 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/28/2014 05:55:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/27/2014 02:52:10 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/26/2014 07:28:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127

Error: (04/26/2014 01:40:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "avast! HardwareID" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%127


Microsoft Office Sessions:
=========================
Error: (04/29/2014 05:50:43 PM) (Source: Application Hang)(User: )
Description: chrome.exe34.0.1847.1162e2801cf63c2b74f37914294967295C:\Program Files (x86)\Google\Chrome\Application\chrome.exe03ac84fe-cfb6-11e3-be80-3c77e617fd52

Error: (04/29/2014 05:50:37 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: ANNICOMPUTER)
Description: DefaultBrowser_NOPUBLISHERID

Error: (04/29/2014 05:15:50 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.51861fa801cf63bdb1c6c7de169C:\Program Files (x86)\Mozilla Firefox\firefox.exe20cdea95-cfb1-11e3-be80-3c77e617fd52

Error: (04/29/2014 05:09:31 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/28/2014 09:37:23 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.51862b6401cf630fbc4758d1268C:\Program Files (x86)\Mozilla Firefox\firefox.exe7f8c9437-cf0c-11e3-be80-3c77e617fd52

Error: (04/27/2014 05:53:30 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.51863e801cf622b3b233243359C:\Program Files (x86)\Mozilla Firefox\firefox.exe1067f82e-ce24-11e3-be80-3c77e617fd52

Error: (04/26/2014 06:28:10 PM) (Source: Application Error)(User: )
Description: wwahost.exe6.2.9200.16420505a9152Microsoft.WindowsLive.ClientAccessLibrary.dll16.4.4388.92850656efec00000050000000000277cb51f3401cf616c747a7ee1C:\Windows\system32\wwahost.exeC:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.ClientAccessLibrary.dllc132d281-cd5f-11e3-be80-3c77e617fd52microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbweMicrosoft.WindowsLive.ModernPhotos

Error: (04/26/2014 02:18:40 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (04/26/2014 01:39:15 PM) (Source: Application Error)(User: )
Description: atieclxx.exe6.14.11.114351c2ab8eatieclxx.exe6.14.11.114351c2ab8ec0000005000000000002ea1971801cf60d43b03fe15C:\Windows\system32\atieclxx.exeC:\Windows\system32\atieclxx.exe647ddd53-cd37-11e3-be80-3c77e617fd52

Error: (04/26/2014 00:16:02 AM) (Source: ATIeRecord)(User: )
Description: 


==================== Memory info =========================== 

Percentage of memory in use: 54%
Total physical RAM: 3546.25 MB
Available physical RAM: 1599.11 MB
Total Pagefile: 4186.25 MB
Available Pagefile: 1869.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:447.16 GB) (Free:400.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.83 GB) (Free:1.8 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B4D436BA)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
--- --- ---


Zitat:
Zitat von schrauber Beitrag anzeigen
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2014
Ran by Annemarie (administrator) on ANNICOMPUTER on 29-04-2014 18:46:58
Running from C:\Users\Annemarie\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\core-static\CCC.exe
() C:\Users\Annemarie\AppData\Local\fst_de_7\upfst_de_7.exe
(Activeris) C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
() C:\Users\Annemarie\AppData\Roaming\VOPackage\VOsrv.exe
( ) C:\Users\Annemarie\AppData\Roaming\VOPackage\VOPackage.exe
() C:\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
( ) C:\Users\Annemarie\AppData\Roaming\VOPackage\vopackage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188040 2013-05-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-06-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [379904 2013-01-10] (IVT Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-03-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-04-24] (AVAST Software)
HKLM-x32\...\Run: [fst_de_7] => "C:\Program Files (x86)\fst_de_7\fst_de_7.exe"
HKLM-x32\...\RunOnce: [upfst_de_7.exe] - C:\Users\Annemarie\AppData\Local\fst_de_7\upfst_de_7.exe -runonce [3267536 2014-04-28] ()
HKLM-x32\...\RunOnce: [VOPackage] - C:\Users\Annemarie\AppData\Roaming\VOPackage\VOPackage.exe /runonce [296161 2014-04-29] ( )
HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\de15d3b9-2e74-4153-8c14-385c97120fe0.exe /check [181136 2014-04-29] (AVAST Software)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
SearchScopes: HKLM - {742F5B54-2814-4148-98A2-519FD76D0944} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
SearchScopes: HKLM-x32 - {742F5B54-2814-4148-98A2-519FD76D0944} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
SearchScopes: HKCU - {742F5B54-2814-4148-98A2-519FD76D0944} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO: Freeven pro 1.2 - {11111111-1111-1111-1111-110511421153} - C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho64.dll (Freeven)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
BHO-x32: Freeven pro 1.2 - {11111111-1111-1111-1111-110511421153} - C:\Program Files (x86)\Freeven pro 1.2\Freeven pro 1.2-bho.dll (Freeven)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default\Extensions\quick_start@gmail.com [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013-12-25]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-24]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Annemarie\AppData\Roaming\Mozilla\Firefox\Profiles\xmrj6eug.default\extensions\quick_start@gmail.com [2014-04-29]

Chrome: 
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1398784127&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX51A73U0707U0707&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-01]
CHR Extension: (Google Drive) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-01]
CHR Extension: (YouTube) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-01]
CHR Extension: (Google Search) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-01]
CHR Extension: (Freeven pro 1.2) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb [2014-04-29]
CHR Extension: (MediaPlayerplus) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-29]
CHR Extension: (Norton Identity Protection) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-01]
CHR Extension: (Google Wallet) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-01]
CHR Extension: (Gmail) - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-24]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Annemarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-29]

==================== Services (Whitelisted) =================

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-06-20] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-06-20] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-24] (AVAST Software)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1619704 2013-03-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2013-01-10] (IVT Corporation)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-04-11] (Hewlett-Packard Development Company, L.P.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [224840 2013-05-10] (Realtek Semiconductor)
R2 vosr; C:\Users\Annemarie\AppData\Roaming\VOPackage\VOsrv.exe [52736 2014-04-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-29] (Cherished Technololgy LIMITED)

==================== Drivers (Whitelisted) ====================

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-08] (Advanced Micro Devices, INC.)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-04-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-04-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-04-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-24] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98744 2013-04-24] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg; 
U4 BthHFEnum; 
U4 bthhfhid; 
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49584 2013-03-25] (Ralink Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140222.007\ENG64.SYS [126040 2013-12-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140222.007\EX64.SYS [2099288 2013-12-25] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-03-29] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [1204424 2013-12-02] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-26] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [33968 2012-12-19] (IVT Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-29 18:46 - 2014-04-29 18:48 - 00025649 _____ () C:\Users\Annemarie\Downloads\FRST.txt
2014-04-29 18:46 - 2014-04-29 18:46 - 00000000 ____D () C:\FRST
2014-04-29 18:45 - 2014-04-29 18:45 - 02061824 _____ (Farbar) C:\Users\Annemarie\Downloads\FRST64.exe
2014-04-29 17:50 - 2014-04-29 17:50 - 00001859 _____ () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-04-29 17:28 - 2014-04-29 18:05 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
2014-04-29 17:20 - 2014-04-29 17:44 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-29 17:20 - 2014-04-29 17:20 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-29 17:19 - 2014-04-29 17:23 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\SupTab
2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-29 17:18 - 2014-04-29 17:20 - 00001202 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.quick.results
2014-04-29 17:18 - 2014-04-29 17:20 - 00000318 _____ () C:\Users\Annemarie\AppData\Roaming\aps.uninstall.scan.results
2014-04-29 17:18 - 2014-04-29 17:18 - 00000000 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.results
2014-04-29 17:17 - 2014-04-29 17:18 - 00000000 ____D () C:\ProgramData\WPM
2014-04-29 17:17 - 2014-04-29 17:17 - 00004570 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5
2014-04-29 17:17 - 2014-04-29 17:17 - 00004522 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5
2014-04-29 17:17 - 2014-04-29 17:17 - 00004458 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2
2014-04-29 17:17 - 2014-04-29 17:17 - 00001566 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5.job
2014-04-29 17:17 - 2014-04-29 17:17 - 00001518 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5.job
2014-04-29 17:17 - 2014-04-29 17:17 - 00001454 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2.job
2014-04-29 17:17 - 2014-04-29 17:17 - 00001052 _____ () C:\Users\Annemarie\Desktop\AnyProtect.lnk
2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-04-29 17:16 - 2014-04-29 17:17 - 00004410 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2
2014-04-29 17:16 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-04-29 17:16 - 2014-04-29 17:16 - 00004486 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1
2014-04-29 17:16 - 2014-04-29 17:16 - 00004438 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1
2014-04-29 17:16 - 2014-04-29 17:16 - 00001482 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1.job
2014-04-29 17:16 - 2014-04-29 17:16 - 00001434 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1.job
2014-04-29 17:16 - 2014-04-29 17:16 - 00001406 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2.job
2014-04-29 17:16 - 2014-04-29 17:15 - 01745360 _____ (AnyProtect.com) C:\Users\Annemarie\AppData\Local\nsf9C00.tmp
2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\VOPackage
2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-29 17:12 - 2014-04-29 18:12 - 00000312 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-04-29 17:12 - 2014-04-29 17:12 - 00003230 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-04-29 17:11 - 2014-04-29 17:12 - 00002534 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-04-29 17:11 - 2014-04-29 17:12 - 00000306 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-04-29 17:11 - 2014-04-29 17:11 - 00001172 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Activeris
2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-04-29 17:10 - 2014-04-29 17:10 - 00001165 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk
2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today
2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
2014-04-29 17:09 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-29 17:09 - 2014-04-29 17:13 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\fst_de_7
2014-04-29 17:09 - 2014-04-29 17:10 - 00000000 ____D () C:\Program Files (x86)\fst_de_7
2014-04-29 17:09 - 2014-04-29 17:10 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3
2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3
2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3.job
2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3.job
2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Uniblue
2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\ProgramData\Activeris
2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-04-29 17:09 - 2012-09-26 19:03 - 00020480 _____ () C:\Windows\system32\acrisnative64.exe
2014-04-29 17:08 - 2014-04-29 17:17 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2
2014-04-24 17:45 - 2014-04-24 17:45 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\AVAST Software
2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-24 17:44 - 2014-04-24 17:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-24 17:44 - 2014-04-24 17:44 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-24 17:44 - 2014-04-24 17:44 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-24 17:44 - 2014-04-24 17:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-24 17:43 - 2014-04-24 17:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-24 17:42 - 2014-04-24 17:43 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-24 17:40 - 2014-04-24 17:42 - 88882192 _____ (AVAST Software) C:\Users\Annemarie\Downloads\avast_free18_antivirus_setup.exe
2014-04-24 14:26 - 2014-04-24 14:25 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 14:25 - 2014-04-24 14:25 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 14:25 - 2014-04-24 14:25 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-24 14:25 - 2014-04-24 14:25 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\Program Files\Java
2014-04-24 14:22 - 2014-04-24 14:23 - 34131368 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\jre-8u5-windows-x64.exe
2014-04-11 18:12 - 2014-04-11 18:13 - 00318592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 13:52 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 13:52 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-09 13:52 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-09 13:52 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-02 15:46 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-02 15:46 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-02 15:43 - 2014-02-23 10:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-02 15:43 - 2014-02-23 08:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-02 15:42 - 2014-02-23 10:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-02 15:42 - 2014-02-23 08:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-01 18:56 - 2014-02-23 10:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-01 18:56 - 2014-02-23 10:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-01 18:56 - 2014-02-23 10:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-01 18:56 - 2014-02-23 10:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-01 18:56 - 2014-02-23 10:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-01 18:56 - 2014-02-23 10:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-01 18:56 - 2014-02-23 10:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-01 18:56 - 2014-02-23 10:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-01 18:56 - 2014-02-23 08:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-01 18:56 - 2014-02-23 08:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-01 18:56 - 2014-02-23 08:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-01 18:56 - 2014-02-23 08:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-01 18:56 - 2014-02-23 08:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-01 18:56 - 2014-02-23 08:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-01 18:56 - 2014-02-23 06:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-01 18:56 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-01 18:55 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-01 18:55 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-01 18:55 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-01 18:55 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-01 18:55 - 2013-12-07 08:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-01 18:55 - 2013-12-07 07:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-30 19:08 - 2014-04-12 12:00 - 00000000 ____D () C:\Users\Annemarie\Documents\H&M Bestellung-Dateien
2014-03-30 19:08 - 2014-03-30 19:08 - 00015027 _____ () C:\Users\Annemarie\Documents\H&M Bestellung.htm

==================== One Month Modified Files and Folders =======

2014-04-29 18:48 - 2014-04-29 18:46 - 00025649 _____ () C:\Users\Annemarie\Downloads\FRST.txt
2014-04-29 18:46 - 2014-04-29 18:46 - 00000000 ____D () C:\FRST
2014-04-29 18:45 - 2014-04-29 18:45 - 02061824 _____ (Farbar) C:\Users\Annemarie\Downloads\FRST64.exe
2014-04-29 18:37 - 2013-12-25 00:49 - 01673508 _____ () C:\Windows\WindowsUpdate.log
2014-04-29 18:27 - 2014-01-01 12:42 - 00001142 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-29 18:14 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-04-29 18:12 - 2014-04-29 17:12 - 00000312 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-04-29 18:05 - 2014-04-29 17:28 - 00003106 _____ () C:\Windows\System32\Tasks\Activeris AntiMalware_startup
2014-04-29 18:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2014-04-29 17:50 - 2014-04-29 17:50 - 00001859 _____ () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-04-29 17:44 - 2014-04-29 17:20 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-29 17:23 - 2014-04-29 17:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-29 17:20 - 2014-04-29 17:20 - 00002818 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-29 17:20 - 2014-04-29 17:20 - 00002816 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-29 17:20 - 2014-04-29 17:20 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-29 17:20 - 2014-04-29 17:18 - 00001202 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.quick.results
2014-04-29 17:20 - 2014-04-29 17:18 - 00000318 _____ () C:\Users\Annemarie\AppData\Roaming\aps.uninstall.scan.results
2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\SupTab
2014-04-29 17:19 - 2014-04-29 17:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-29 17:18 - 2014-04-29 17:18 - 00000000 _____ () C:\Users\Annemarie\AppData\Roaming\aps.scan.results
2014-04-29 17:18 - 2014-04-29 17:17 - 00000000 ____D () C:\ProgramData\WPM
2014-04-29 17:17 - 2014-04-29 17:17 - 00004570 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5
2014-04-29 17:17 - 2014-04-29 17:17 - 00004522 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5
2014-04-29 17:17 - 2014-04-29 17:17 - 00004458 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2
2014-04-29 17:17 - 2014-04-29 17:17 - 00001566 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-5.job
2014-04-29 17:17 - 2014-04-29 17:17 - 00001518 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-5.job
2014-04-29 17:17 - 2014-04-29 17:17 - 00001454 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-2.job
2014-04-29 17:17 - 2014-04-29 17:17 - 00001052 _____ () C:\Users\Annemarie\Desktop\AnyProtect.lnk
2014-04-29 17:17 - 2014-04-29 17:17 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-04-29 17:17 - 2014-04-29 17:16 - 00004410 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2
2014-04-29 17:17 - 2014-04-29 17:16 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-04-29 17:17 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-29 17:17 - 2014-04-29 17:08 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 1.2
2014-04-29 17:16 - 2014-04-29 17:16 - 00004486 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1
2014-04-29 17:16 - 2014-04-29 17:16 - 00004438 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1
2014-04-29 17:16 - 2014-04-29 17:16 - 00001482 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-1.job
2014-04-29 17:16 - 2014-04-29 17:16 - 00001434 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-1.job
2014-04-29 17:16 - 2014-04-29 17:16 - 00001406 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-2.job
2014-04-29 17:15 - 2014-04-29 17:16 - 01745360 _____ (AnyProtect.com) C:\Users\Annemarie\AppData\Local\nsf9C00.tmp
2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\VOPackage
2014-04-29 17:14 - 2014-04-29 17:14 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-29 17:13 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Annemarie\AppData\Local\fst_de_7
2014-04-29 17:12 - 2014-04-29 17:12 - 00003230 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-04-29 17:12 - 2014-04-29 17:11 - 00002534 _____ () C:\Windows\System32\Tasks\SpeedUpMyPC Startup
2014-04-29 17:12 - 2014-04-29 17:11 - 00000306 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-04-29 17:12 - 2014-01-01 12:44 - 00002406 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-29 17:12 - 2014-01-01 12:39 - 00001378 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-29 17:12 - 2013-12-25 00:54 - 00001681 _____ () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-29 17:11 - 2014-04-29 17:11 - 00001172 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Activeris
2014-04-29 17:11 - 2014-04-29 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-04-29 17:10 - 2014-04-29 17:10 - 00001165 _____ () C:\Users\Public\Desktop\Activeris AntiMalware.lnk
2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free_soft_today
2014-04-29 17:10 - 2014-04-29 17:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activeris AntiMalware
2014-04-29 17:10 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\fst_de_7
2014-04-29 17:10 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\Activeris AntiMalware
2014-04-29 17:10 - 2014-01-01 12:39 - 00001390 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3
2014-04-29 17:09 - 2014-04-29 17:09 - 00005452 _____ () C:\Windows\System32\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3
2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\48782ae5-b338-4216-a537-e1868ae58073-3.job
2014-04-29 17:09 - 2014-04-29 17:09 - 00002448 _____ () C:\Windows\Tasks\38a42648-bd73-4777-8dc8-b17dc2695900-3.job
2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\Uniblue
2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\ProgramData\Activeris
2014-04-29 17:09 - 2014-04-29 17:09 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-04-29 16:36 - 2013-03-22 10:00 - 00000983 _____ () C:\Windows\SysWOW64\bscs.ini
2014-04-29 16:34 - 2014-01-01 12:42 - 00001138 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-29 16:34 - 2013-09-20 17:59 - 00003620 _____ () C:\Windows\SysWOW64\LOCALSERVICE.INI
2014-04-29 16:33 - 2013-09-20 17:59 - 00000043 _____ () C:\Windows\SysWOW64\LOCALDEVICE.INI
2014-04-28 22:06 - 2013-09-20 17:41 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-04-26 17:03 - 2013-07-19 00:18 - 00830120 _____ () C:\Windows\system32\perfh007.dat
2014-04-26 17:03 - 2013-07-19 00:18 - 00188224 _____ () C:\Windows\system32\perfc007.dat
2014-04-26 17:03 - 2012-07-26 09:28 - 01949368 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-26 13:42 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-26 00:18 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-26 00:17 - 2012-08-04 00:23 - 00018220 _____ () C:\Windows\PFRO.log
2014-04-26 00:16 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-24 17:45 - 2014-04-24 17:45 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\Users\Annemarie\AppData\Roaming\AVAST Software
2014-04-24 17:45 - 2014-04-24 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-04-24 17:45 - 2014-04-24 17:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-24 17:44 - 2014-04-24 17:44 - 01039096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00423240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-04-24 17:44 - 2014-04-24 17:44 - 00208416 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00085328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-04-24 17:44 - 2014-04-24 17:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-04-24 17:44 - 2014-04-24 17:44 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-04-24 17:43 - 2014-04-24 17:43 - 00000000 ____D () C:\Program Files\AVAST Software
2014-04-24 17:43 - 2014-04-24 17:42 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-04-24 17:42 - 2014-04-24 17:40 - 88882192 _____ (AVAST Software) C:\Users\Annemarie\Downloads\avast_free18_antivirus_setup.exe
2014-04-24 14:25 - 2014-04-24 14:26 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-24 14:25 - 2014-04-24 14:25 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-24 14:25 - 2014-04-24 14:25 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-24 14:25 - 2014-04-24 14:25 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-24 14:25 - 2014-04-24 14:25 - 00000000 ____D () C:\Program Files\Java
2014-04-24 14:23 - 2014-04-24 14:22 - 34131368 _____ (Oracle Corporation) C:\Users\Annemarie\Downloads\jre-8u5-windows-x64.exe
2014-04-21 18:13 - 2014-01-26 12:49 - 00000000 ____D () C:\Users\Annemarie\Schule
2014-04-12 12:00 - 2014-03-30 19:08 - 00000000 ____D () C:\Users\Annemarie\Documents\H&M Bestellung-Dateien
2014-04-11 18:13 - 2014-04-11 18:12 - 00318592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 17:54 - 2013-12-29 00:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 17:50 - 2013-12-29 00:20 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-08 19:07 - 2013-12-25 00:54 - 00000000 ___RD () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-08 19:07 - 2013-12-25 00:54 - 00000000 ___RD () C:\Users\Annemarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData
2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-07 20:25 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-02 16:22 - 2014-01-01 12:42 - 00004114 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-02 16:22 - 2014-01-01 12:42 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 18:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-04-01 18:23 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\en-GB
2014-03-31 23:18 - 2013-12-29 11:53 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 23:18 - 2013-12-29 11:53 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 19:08 - 2014-03-30 19:08 - 00015027 _____ () C:\Users\Annemarie\Documents\H&M Bestellung.htm
2014-03-30 16:17 - 2014-01-01 12:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Annemarie\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Annemarie\AppData\Local\Temp\GoogleSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-26 20:21

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 30.04.2014, 23:31   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Win32:Evo-gen[Susp] - Standard

Win32:Evo-gen[Susp]



Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Win32:Evo-gen[Susp]
ahnung, antivirus, avast, avast free antivirus, blockiert, datei, datei blockiert, erschein, extrem, fenster, free, gefunde, hinzufügen, keine ahnung, nervt, nichts, objekt, poppen, problem, scan, stimme, verdächtige, verdächtiges, virus computer hilfe, win, win32



Ähnliche Themen: Win32:Evo-gen[Susp]


  1. win32:Evo-gen (Susp)
    Log-Analyse und Auswertung - 14.02.2015 (9)
  2. Avast Meldung Win32:Evo-gen [susp]
    Log-Analyse und Auswertung - 30.01.2015 (15)
  3. Windows XP Win32:evo-gen [SUSP]
    Log-Analyse und Auswertung - 07.01.2015 (2)
  4. Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 01.12.2014 (11)
  5. Avast! meldet Win32:Evo-gen[Susp] ORT: FirewallAPI.dll, Prozess: unterschiedlich
    Plagegeister aller Art und deren Bekämpfung - 19.11.2014 (28)
  6. Avast findet ständig Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 11.09.2014 (7)
  7. Windows XP Avast: Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 27.08.2014 (24)
  8. Win32:Evo-gen (Susp) wenn ich ein bestimmtes Programm öffne meldet sich Avast
    Log-Analyse und Auswertung - 24.07.2014 (7)
  9. Win32:Evo-gen [Susp]
    Log-Analyse und Auswertung - 24.07.2014 (5)
  10. Windows 7: Win32:Evo-gen[Susp]
    Log-Analyse und Auswertung - 01.12.2013 (14)
  11. Windows 7: Win32:Evo-gen[Susp]
    Log-Analyse und Auswertung - 06.10.2013 (14)
  12. Win32 Evo-gen (susp)
    Plagegeister aller Art und deren Bekämpfung - 05.09.2013 (5)
  13. avast! Mail-Schutz meldet Win32:Evo-gen [Susp]
    Plagegeister aller Art und deren Bekämpfung - 21.07.2013 (3)
  14. win32:evo-gen[susp] bei Installation von Patch
    Plagegeister aller Art und deren Bekämpfung - 13.04.2013 (7)
  15. Verdächtige Datei Stalkt mich! [Win32:Evo-gen [Susp] C:\Windows\InstallDir\sound.exe
    Plagegeister aller Art und deren Bekämpfung - 27.03.2013 (4)
  16. Win32:Evo-gen[susp] Virus
    Plagegeister aller Art und deren Bekämpfung - 11.02.2013 (11)
  17. Avast findet Win32:BogEnt [Susp]
    Plagegeister aller Art und deren Bekämpfung - 24.10.2011 (11)

Zum Thema Win32:Evo-gen[Susp] - Avast free Antivirus lässt ein Fenster poppen indem steht das eine verdächtige Datei blockiert wurde, ich kann wenn ich will diese Datei zur "Ausnahmeliste" hinzufügen, was ich aber derzeit noch - Win32:Evo-gen[Susp]...
Archiv
Du betrachtest: Win32:Evo-gen[Susp] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.