Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 8: SearchProtector, Pup.optional.conduit, rießen Problem! (https://www.trojaner-board.de/150005-windows-8-searchprotector-pup-optional-conduit-riessen-problem.html)

toresali 19.02.2014 21:20
Windows 8: SearchProtector, Pup.optional.conduit, rießen Problem!
 
Hallo liebes Trojaner-Board-Team,
auf dem Laptop meiner Mutter haben sich ein paar Probleme eingeschlichen :eek:

In der Taskleiste befand sich auf einmal das SecurityProtect-Symbol. Das habe ich dann auch gleich in der Systemsteuerung deinstalliert.
Danach habe ich MWB drüber laufen lassen.... 71 infizierte Dateien..... :stirn:
Könnt Ihr da bitte mal drüber schauen und mir Anleitung zum Entfernen geben? :dankeschoen:

LG

Hier das Logfile von MalwareBytes:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.19.09

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Renate :: FAULSTICH [Administrator]

19.02.2014 18:16:35
mbam-log-2014-02-19 (18-16-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 400328
Laufzeit: 1 Stunde(n), 5 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\Software\AppDataLow\Software\PriceGong (PUP.Optional.PriceGong.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Daten: "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\Renate\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit.A) -> Bösartig: (hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN12318157222019223&UM=UM_ID&UP=SP03D6FD09-8484-4B9D-9CBA-E725D26C557A&SSPV=) Gut: (hxxp://www.google.com) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 7
C:\Users\Renate\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\2743449198E24192A4B019BF05C7D197 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\37549A3154F84A0783A6C3ECB539581E (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\xpi\defaults (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 60
C:\$RECYCLE.BIN\S-1-5-21-509279158-2296096163-1640781931-1001\$R58P2D0\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Conduit\CT3281675\PokkiAutoUpdateHelper.exe (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\540JQFPP\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\91QSSH24\Pokki[1].exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\nsbE244.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\nsh89CE.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\nsjDB2A.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\nsk554C.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\nsuAAC9.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\SecondStepInstaller.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\SPSetup.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\AU\SPSetup.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\ffLogic.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\ieLogic.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\spff.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\statisticsStub.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\LocalLow\Pokki\hk64tbPok0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\LocalLow\Pokki\hktbPok0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\LocalLow\Pokki\ldrtbPok0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\LocalLow\Pokki\tbPok0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsa279.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsb3B9C.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsc48C2.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsc48C3.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nse5834.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsgB841.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsh3301.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsj64B8.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsk43DC.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsk5D41.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsk5DFC.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsl39CC.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsl73EF.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsn5870.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsnE9F5.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nso660F.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nso9459.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nst1A8B.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nst1A8C.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nst3564.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nst54E.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nst5843.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsu8B21.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsv73DF.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsx212.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsx9808.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsy40DE.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\nsyEB3D.exe (PUP.Optional.SearchProtect.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\2743449198E24192A4B019BF05C7D197\TuneUpUtilities2013-2200217-p3v0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\37549A3154F84A0783A6C3ECB539581E\5260.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\37549A3154F84A0783A6C3ECB539581E\conduitinstaller.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\37549A3154F84A0783A6C3ECB539581E\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Roaming\OpenCandy\37549A3154F84A0783A6C3ECB539581E\OCBrowserHelper_1.0.5.112.dll (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\conduit.xml (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\CT3281675.xpi (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\version.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\xpi\install.rdf (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Renate\AppData\Local\Temp\ct3281675\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

das FRST:


FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Renate (administrator) on FAULSTICH on 19-02-2014 21:00:06
Running from C:\Users\Renate\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [Facebook Update] - C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-06] (Facebook Inc.)
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [DMS-Kalenderchen] - C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3498496 2010-05-18] (Daniel Manger Software)
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN12318157222019223&UM=UM_ID&UP=SP03D6FD09-8484-4B9D-9CBA-E725D26C557A&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
URLSearchHook: HKLM-x32 - Pokki Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPokk.dll (Conduit Ltd.)
URLSearchHook: HKCU - Pokki Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPokk.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - DefaultScope {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN12318157222019223&UP=SP03D6FD09-8484-4B9D-9CBA-E725D26C557A&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN12318157222019223&UP=SP03D6FD09-8484-4B9D-9CBA-E725D26C557A&SSPV=
SearchScopes: HKCU - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL =
SearchScopes: HKCU - {CC2461EC-7E4F-4081-A8E0-74DF6E12455E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN12318157222019223
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Pokki Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPokk.dll (Conduit Ltd.)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - Pokki Toolbar - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\Pokki\prxtbPokk.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default
FF Homepage: hxxp://osthessen-news.de/
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN38177604691731256&UM=2&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Renate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Renate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Google Drive) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (YouTube) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google-Suche) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Google Wallet) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Google Mail) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2013-03-11] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2013-03-11] (Hauppauge Computer Works, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                          )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-19 21:00 - 2014-02-19 21:00 - 00018935 _____ () C:\Users\Renate\Desktop\FRST.txt
2014-02-19 20:59 - 2014-02-19 21:00 - 00000000 ____D () C:\FRST
2014-02-19 20:58 - 2014-02-19 20:58 - 00000474 _____ () C:\Users\Renate\Desktop\defogger_disable.log
2014-02-19 20:58 - 2014-02-19 20:58 - 00000000 _____ () C:\Users\Renate\defogger_reenable
2014-02-19 20:50 - 2014-02-19 20:50 - 00050477 _____ () C:\Users\Renate\Desktop\Defogger.exe
2014-02-19 20:23 - 2014-02-19 20:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renate\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 20:23 - 2014-02-19 20:23 - 02347384 _____ (ESET) C:\Users\Renate\Desktop\esetsmartinstaller_enu.exe
2014-02-19 20:22 - 2014-02-19 20:22 - 01037530 _____ (Thisisu) C:\Users\Renate\Desktop\JRT.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 02153472 _____ (Farbar) C:\Users\Renate\Desktop\FRST64.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 01241834 _____ () C:\Users\Renate\Desktop\adwcleaner.exe
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Renate\AppData\Roaming\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 18:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-15 13:12 - 2014-02-15 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 13:36 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-14 13:36 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-14 06:52 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-14 06:52 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-14 06:52 - 2013-11-27 01:19 - 00385614 _____ () C:\windows\system32\ApnDatabase.xml
2014-02-14 06:52 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-02-14 06:52 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-02-14 06:51 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 06:51 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 06:51 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 06:51 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 06:51 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-02-14 06:51 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-14 06:51 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 06:46 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-14 06:46 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-14 06:46 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-14 06:46 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-13 17:51 - 2014-02-19 20:56 - 00003376 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-05 19:56 - 2014-02-06 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-26 10:59 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-26 10:59 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-26 10:59 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-26 10:59 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-26 10:58 - 2014-01-26 10:59 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 08:23 - 2014-01-23 08:23 - 00000000 ____D () C:\Users믠Áenate

==================== One Month Modified Files and Folders =======

2014-02-19 21:00 - 2014-02-19 21:00 - 00018935 _____ () C:\Users\Renate\Desktop\FRST.txt
2014-02-19 21:00 - 2014-02-19 20:59 - 00000000 ____D () C:\FRST
2014-02-19 21:00 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-02-19 20:59 - 2013-04-04 06:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 20:58 - 2014-02-19 20:58 - 00000474 _____ () C:\Users\Renate\Desktop\defogger_disable.log
2014-02-19 20:58 - 2014-02-19 20:58 - 00000000 _____ () C:\Users\Renate\defogger_reenable
2014-02-19 20:58 - 2013-02-05 17:42 - 00000000 ____D () C:\Users\Renate
2014-02-19 20:58 - 2012-08-01 17:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-02-19 20:58 - 2012-08-01 17:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-02-19 20:58 - 2012-07-26 08:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-19 20:56 - 2014-02-13 17:51 - 00003376 _____ () C:\windows\System32\Tasks\BackgroundContainer Startup Task
2014-02-19 20:56 - 2013-02-06 11:50 - 00001126 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 20:55 - 2012-09-11 06:42 - 00042084 _____ () C:\windows\PFRO.log
2014-02-19 20:55 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-19 20:54 - 2012-07-26 06:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-02-19 20:50 - 2014-02-19 20:50 - 00050477 _____ () C:\Users\Renate\Desktop\Defogger.exe
2014-02-19 20:44 - 2013-02-05 17:42 - 02000499 _____ () C:\windows\WindowsUpdate.log
2014-02-19 20:33 - 2013-02-05 17:44 - 00000000 ____D () C:\Users\Renate\AppData\Local\Packages
2014-02-19 20:33 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-02-19 20:26 - 2013-02-06 11:50 - 00001130 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 20:23 - 2014-02-19 20:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renate\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 20:23 - 2014-02-19 20:23 - 02347384 _____ (ESET) C:\Users\Renate\Desktop\esetsmartinstaller_enu.exe
2014-02-19 20:22 - 2014-02-19 20:22 - 01037530 _____ (Thisisu) C:\Users\Renate\Desktop\JRT.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 02153472 _____ (Farbar) C:\Users\Renate\Desktop\FRST64.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 01241834 _____ () C:\Users\Renate\Desktop\adwcleaner.exe
2014-02-19 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Renate\AppData\Roaming\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 18:13 - 2013-02-06 21:08 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001UA.job
2014-02-19 18:02 - 2013-02-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 17:33 - 2013-02-12 12:45 - 00850432 ___SH () C:\Users\Renate\Desktop\Thumbs.db
2014-02-18 21:13 - 2013-02-06 21:08 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001Core.job
2014-02-16 16:12 - 2013-08-14 13:49 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 16:09 - 2013-02-09 09:44 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 13:12 - 2014-02-15 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 13:56 - 2013-03-05 18:38 - 00000000 ____D () C:\Users\Renate\AppData\Local\Nero
2014-02-09 19:11 - 2013-11-13 19:36 - 00000000 ____D () C:\Users\Renate\Desktop\Lisa-Marie
2014-02-06 10:34 - 2014-02-05 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 10:59 - 2013-04-04 06:05 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-01 10:20 - 2014-02-14 06:51 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-14 06:51 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-14 06:51 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-14 06:51 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-14 06:51 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-01-31 12:30 - 2013-02-11 17:17 - 00000000 ___RD () C:\Users\Renate\Desktop\Renate
2014-01-30 22:10 - 2013-11-17 15:27 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-17 15:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-29 21:53 - 2013-09-08 14:12 - 00056320 ___SH () C:\Users\Renate\Downloads\Thumbs.db
2014-01-26 10:59 - 2014-01-26 10:58 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-26 10:59 - 2013-10-19 19:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-26 10:59 - 2013-10-19 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-25 18:27 - 2013-08-30 17:37 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\ProgramData\Garmin
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-01-23 08:23 - 2014-01-23 08:23 - 00000000 ____D () C:\Users믠Áenate

Some content of TEMP:
====================
C:\Users\Renate\AppData\Local\Temp\7.2.20.2-EasyShrx.Dll
C:\Users\Renate\AppData\Local\Temp\AskSLib.dll
C:\Users\Renate\AppData\Local\Temp\avgnt.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 10:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


und das Addition von FRST:

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-02-2014
Ran by Renate at 2014-02-19 21:00:50
Running from C:\Users\Renate\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

5600 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
5600_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
5600Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (x32 Version: 11.0.06 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EasyWeather (x32 Version:  - 1.0)
Elevated Installer (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Empress of the Deep - The Darkest Secret (x32 Version: 2.2.0.98 - WildTangent) Hidden
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0 - Facebook)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.12.0.128 (x32 Version: 3.12.0.128 - DVDVideoSoft Ltd.)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.18.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hauppauge WinTV 7 (x32 Version: v7.0.31050 (CD 2.7) - Hauppauge Computer Works)
HP Customer Participation Program 14.0 (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (Version: 14.0 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15 - Intel)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2828 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.2.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Island Tribe (x32 Version: 2.2.0.98 - WildTangent) Hidden
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kalenderchen 5 (x32 Version:  - Daniel Manger)
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office (x32 Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (x32 Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (x32 Version: 24.3.0 - Mozilla)
Nero 12 Essentials Toshiba (x32 Version: 12.0.00400 - Nero AG)
Nero BackItUp (x32 Version: 12.0.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.12600 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero BurnRights Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.14800.0.48 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.17600.2.3 - Nero AG) Hidden
Nero Express (x32 Version: 12.0.14001 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.16800 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Launcher (x32 Version: 12.2.1000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.7002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (Version: 14.0 - HP)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - IncrediMail Ltd.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Toolbar (x32 Version: 6.10.3.27 - Pokki)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (Version: 1.12.4600 - SRS Labs, Inc.)
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp)
Realtek Bluetooth Filter Driver Package (x32 Version: 12.24.2012.0802 - REALTEK Semiconductor Corp) Hidden
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Shop for HP Supplies (Version: 14.0 - HP)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.3 - Synaptics Incorporated)
T24 on Tour (C:\Program Files (x86)\T24_on_Tour\) (x32 Version:  - )
T24 on Tour (x32 Version:  - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Desktop Assist (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (Version: 2.0.0.6415 - Toshiba Corporation)
TOSHIBA Function Key (Version: 1.00.6425 - Toshiba Corporation)
TOSHIBA Manuals (x32 Version: 10.10 - TOSHIBA)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation)
Toshiba Password Utility (x32 Version: 2.00.910 - Toshiba Corporation) Hidden
TOSHIBA PC Health Monitor (Version: 1.8.17.640104 - Toshiba Corporation)
Toshiba Places Icon Utility (Version: 2.1.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00 - TOSHIBA Corporation)
TOSHIBA Service Station (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (x32 Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002 - Toshiba Corporation)
Toshiba TEMPRO (x32 Version: 4.2.1 - Toshiba Europe GmbH)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A - Toshiba Corporation)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Welcome App (Start-up experience) (x32 Version: 12.0.13000 - Nero AG) Hidden
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.37 - WildTangent) Hidden
Windows Driver Package - Realtek Semiconductor Corp. RtkBtFilter Bluetooth  (07/11/2012 2.3.13.3) (Version: 07/11/2012 2.3.13.3 - Realtek Semiconductor Corp.)

==================== Restore Points  =========================

04-02-2014 08:11:41 Geplanter Prüfpunkt
14-02-2014 06:21:52 Windows Update

==================== Hosts content: ==========================

2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0CD45EEE-BA60-402C-83D0-7AE300826A81} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-08-14] (Toshiba Europe GmbH)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3568A1DC-E24E-413D-B060-4B743EB6F6A1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {387D1C38-6922-480C-B0E6-DF2481F2A1C1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001Core => C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-06] (Facebook Inc.)
Task: {51BABC79-BD87-4B7B-BD69-9408FC154A96} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {80AB437A-3B82-4064-ADC6-CBF9A49264E0} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {8E5E8614-215A-4C04-A4FD-BBEB3F13771D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-06] (Google Inc.)
Task: {931D27EC-60FB-41AE-B0A0-E1E7CAF74F8F} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Renate\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {A2437861-F249-4D5A-8AE2-042677E373E4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001UA => C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-02-06] (Facebook Inc.)
Task: {A67F3137-03C0-4FDE-8521-154571A22ED4} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C9E19BD9-CEA3-4EF4-BDC9-719EDFE41DDE} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {CE3AB0D3-0D5E-4F89-ADF9-B091E9A1F316} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-14] (Synaptics Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001Core.job => C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001UA.job => C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\WebReg HP Officejet 5600 series.job => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe

==================== Loaded Modules (whitelisted) =============

2011-10-13 23:38 - 2011-10-13 23:38 - 00156672 _____ () C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
2012-08-06 05:36 - 2012-08-06 05:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-19 03:38 - 2012-07-19 03:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-14 04:13 - 2012-08-14 04:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2012-07-31 08:11 - 2012-07-31 08:11 - 00024576 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2013-02-05 18:15 - 2013-02-05 18:13 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-03-11 20:11 - 2011-08-23 09:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll
2013-03-11 20:11 - 2012-10-29 17:29 - 00018944 _____ () C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServerps.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-11-16 14:41 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2014 08:57:46 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/19/2014 08:56:54 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (02/17/2014 07:59:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: FAULSTICH)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/17/2014 07:59:11 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: FAULSTICH)
Description: Bei der Aktivierung der App „microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail“ ist folgender Fehler aufgetreten: -2147467263. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (02/13/2014 09:10:14 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: cltmng.exe, Version: 2.10.20.64, Zeitstempel: 0x52f38d2e
Name des fehlerhaften Moduls: WININET.dll, Version: 10.0.9200.16750, Zeitstempel: 0x5269c725
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0006bb93
ID des fehlerhaften Prozesses: 0xbb8
Startzeit der fehlerhaften Anwendung: 0xcltmng.exe0
Pfad der fehlerhaften Anwendung: cltmng.exe1
Pfad des fehlerhaften Moduls: cltmng.exe2
Berichtskennung: cltmng.exe3
Vollständiger Name des fehlerhaften Pakets: cltmng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: cltmng.exe5

Error: (02/12/2014 06:05:44 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: cltmng.exe, Version: 2.9.65.0, Zeitstempel: 0x52ef701c
Name des fehlerhaften Moduls: WININET.dll, Version: 10.0.9200.16750, Zeitstempel: 0x5269c725
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000a03f1
ID des fehlerhaften Prozesses: 0x181c
Startzeit der fehlerhaften Anwendung: 0xcltmng.exe0
Pfad der fehlerhaften Anwendung: cltmng.exe1
Pfad des fehlerhaften Moduls: cltmng.exe2
Berichtskennung: cltmng.exe3
Vollständiger Name des fehlerhaften Pakets: cltmng.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: cltmng.exe5

Error: (02/09/2014 02:18:39 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: soffice.bin, Version: 3.4.9593.500, Zeitstempel: 0x5028bfc0
Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.2.9200.16622, Zeitstempel: 0x519e974e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f035
ID des fehlerhaften Prozesses: 0x1860
Startzeit der fehlerhaften Anwendung: 0xsoffice.bin0
Pfad der fehlerhaften Anwendung: soffice.bin1
Pfad des fehlerhaften Moduls: soffice.bin2
Berichtskennung: soffice.bin3
Vollständiger Name des fehlerhaften Pakets: soffice.bin4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: soffice.bin5

Error: (01/30/2014 08:23:57 PM) (Source: Application Hang) (User: )
Description: Programm NeroExpress.exe, Version 12.0.14.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2284

Startzeit: 01cf1defe4379c6b

Endzeit: 27814

Anwendungspfad: C:\Program Files (x86)\Nero\Nero 12\Nero Express\NeroExpress.exe

Berichts-ID: eff05f5f-89e3-11e3-be9f-24ec99faa5e7

Vollständiger Name des fehlerhaften Pakets:

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (01/29/2014 10:37:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: FAULSTICH)
Description: Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.

Error: (01/29/2014 10:34:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: FAULSTICH)
Description: Die App „Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.


System errors:
=============
Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/19/2014 06:02:19 PM) (Source: DCOM) (User: FAULSTICH)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (02/19/2014 08:57:46 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Renate\Desktop\esetsmartinstaller_enu.exe

Error: (02/19/2014 08:56:54 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestE:\esetsmartinstaller_enu.exe

Error: (02/17/2014 07:59:11 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: FAULSTICH)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (02/17/2014 07:59:11 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: FAULSTICH)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147467263

Error: (02/13/2014 09:10:14 PM) (Source: Application Error)(User: )
Description: cltmng.exe2.10.20.6452f38d2eWININET.dll10.0.9200.167505269c725c00004090006bb93bb801cf28db8d263a86C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exeC:\windows\SYSTEM32\WININET.dlld900f85a-94ea-11e3-bea1-24ec99faa5e7

Error: (02/12/2014 06:05:44 AM) (Source: Application Error)(User: )
Description: cltmng.exe2.9.65.052ef701cWININET.dll10.0.9200.167505269c725c0000409000a03f1181c01cf27b00f8f74cdC:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exeC:\windows\SYSTEM32\WININET.dll532acf6a-93a3-11e3-bea0-24ec99faa5e7

Error: (02/09/2014 02:18:39 PM) (Source: Application Error)(User: )
Description: soffice.bin3.4.9593.5005028bfc0RPCRT4.dll6.2.9200.16622519e974ec00000050001f035186001cf2495ca326f9eC:\Program Files (x86)\OpenOffice.org 3\program\soffice.binC:\windows\SYSTEM32\RPCRT4.dllb029bdd9-918c-11e3-bea0-24ec99faa5e7

Error: (01/30/2014 08:23:57 PM) (Source: Application Hang)(User: )
Description: NeroExpress.exe12.0.14.0228401cf1defe4379c6b27814C:\Program Files (x86)\Nero\Nero 12\Nero Express\NeroExpress.exeeff05f5f-89e3-11e3-be9f-24ec99faa5e7

Error: (01/29/2014 10:37:38 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: FAULSTICH)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic

Error: (01/29/2014 10:34:19 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: FAULSTICH)
Description: Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3979.21 MB
Available physical RAM: 2802.89 MB
Total Pagefile: 7307.21 MB
Available Pagefile: 5867.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (TI30992300A) (Fixed) (Total:455.29 GB) (Free:393.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
==================== End Of Log ============================

schrauber 20.02.2014 09:19
hi,

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

toresali 20.02.2014 20:46
hallo... hier das log von adwcleaner:

Code:
# AdwCleaner v3.019 - Bericht erstellt am 20/02/2014 um 20:26:40
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Renate - FAULSTICH
# Gestartet von : C:\Users\Renate\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\Pokki
Ordner Gelöscht : C:\windows\SysWOW64\Searchprotect
Ordner Gelöscht : C:\Users\Renate\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Renate\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Renate\AppData\LocalLow\Pokki
Ordner Gelöscht : C:\Users\Renate\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Renate\AppData\Roaming\dvdvideosoftiehelpers
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\windows\System32\Tasks\BackgroundContainer Startup Task

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3281675
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E44A1809-4D10-4AB8-B343-3326B64C7CDD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{01335480-2AED-4070-AFF3-B4C8BC22FF35}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B7147AEE-258C-4A88-9463-913F9A8C858B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5B0AF4DB-A782-49B0-B6E2-581FF9018869}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E44A1809-4D10-4AB8-B343-3326B64C7CDD}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\BackgroundContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Pokki
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\Pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pokki Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16798

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default\prefs.js ]

Zeile gelöscht : user_pref("CT3281675_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1362421327926,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3281675&octid=CT3281675&SearchSource=61&CUI=UN38177604691731256&UM=2&UP=SP03D6FD09-8484-4B9D-9CBA-E725D26C557A");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Pokki Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN38177604691731256&UM=2&q=");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281675");
Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Pokki Customized Web Search");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&CUI=UN38177604691731256&UM=2&SearchSource=3&q={searchTerms}");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3281675&SearchSource=2&CUI=UN38177604691731256&UM=2&q=");
Zeile gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT3281675");

-\\ Google Chrome v32.0.1700.107

[ Datei : C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8121 octets] - [20/02/2014 20:23:50]
AdwCleaner[S0].txt - [6360 octets] - [20/02/2014 20:26:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6420 octets] ##########

das JRT log:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 8 x64
Ran by Renate on 20.02.2014 at 20:32:41,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CC2461EC-7E4F-4081-A8E0-74DF6E12455E}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Renate\AppData\Roaming\mozilla\firefox\profiles\2fphbztm.default\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2014 at 20:37:37,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

und das frische FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014
Ran by Renate (administrator) on FAULSTICH on 20-02-2014 20:39:41
Running from C:\Users\Renate\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [Facebook Update] - C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-06] (Facebook Inc.)
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [DMS-Kalenderchen] - C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3498496 2010-05-18] (Daniel Manger Software)
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL =
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default
FF Homepage: hxxp://osthessen-news.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Renate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Renate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Google Drive) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (YouTube) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google-Suche) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Google Wallet) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Google Mail) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2013-03-11] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2013-03-11] (Hauppauge Computer Works, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                          )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-20 20:39 - 2014-02-20 20:39 - 00016560 _____ () C:\Users\Renate\Desktop\FRST.txt
2014-02-20 20:32 - 2014-02-20 20:32 - 00000000 ____D () C:\windows\ERUNT
2014-02-20 20:23 - 2014-02-20 20:31 - 00000000 ____D () C:\AdwCleaner
2014-02-19 20:59 - 2014-02-20 20:39 - 00000000 ____D () C:\FRST
2014-02-19 20:58 - 2014-02-19 20:58 - 00000474 _____ () C:\Users\Renate\Desktop\defogger_disable.log
2014-02-19 20:58 - 2014-02-19 20:58 - 00000000 _____ () C:\Users\Renate\defogger_reenable
2014-02-19 20:50 - 2014-02-19 20:50 - 00050477 _____ () C:\Users\Renate\Desktop\Defogger.exe
2014-02-19 20:23 - 2014-02-19 20:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renate\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 20:23 - 2014-02-19 20:23 - 02347384 _____ (ESET) C:\Users\Renate\Desktop\esetsmartinstaller_enu.exe
2014-02-19 20:22 - 2014-02-19 20:22 - 01037530 _____ (Thisisu) C:\Users\Renate\Desktop\JRT.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 02153472 _____ (Farbar) C:\Users\Renate\Desktop\FRST64.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 01241834 _____ () C:\Users\Renate\Desktop\adwcleaner.exe
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Renate\AppData\Roaming\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 18:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-15 13:12 - 2014-02-15 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 13:36 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-14 13:36 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-14 06:52 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-14 06:52 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-14 06:52 - 2013-11-27 01:19 - 00385614 _____ () C:\windows\system32\ApnDatabase.xml
2014-02-14 06:52 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-02-14 06:52 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-02-14 06:51 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 06:51 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 06:51 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 06:51 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 06:51 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-02-14 06:51 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-14 06:51 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 06:46 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-14 06:46 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-14 06:46 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-14 06:46 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-05 19:56 - 2014-02-06 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-26 10:59 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-26 10:59 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-26 10:59 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-26 10:59 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-26 10:58 - 2014-01-26 10:59 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 08:23 - 2014-01-23 08:23 - 00000000 ____D () C:\Users믠Áenate

==================== One Month Modified Files and Folders =======

2014-02-20 20:39 - 2014-02-20 20:39 - 00016560 _____ () C:\Users\Renate\Desktop\FRST.txt
2014-02-20 20:39 - 2014-02-19 20:59 - 00000000 ____D () C:\FRST
2014-02-20 20:39 - 2012-08-01 17:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-02-20 20:39 - 2012-08-01 17:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-02-20 20:39 - 2012-07-26 08:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-20 20:32 - 2014-02-20 20:32 - 00000000 ____D () C:\windows\ERUNT
2014-02-20 20:31 - 2014-02-20 20:23 - 00000000 ____D () C:\AdwCleaner
2014-02-20 20:29 - 2013-02-06 11:50 - 00001126 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-20 20:28 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-20 20:28 - 2012-07-26 06:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-02-20 20:27 - 2013-02-05 17:42 - 02045722 _____ () C:\windows\WindowsUpdate.log
2014-02-20 20:26 - 2013-02-06 11:50 - 00001130 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-20 20:23 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-02-19 21:13 - 2013-02-06 21:08 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001UA.job
2014-02-19 21:13 - 2013-02-06 21:08 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001Core.job
2014-02-19 21:06 - 2013-02-05 17:53 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-509279158-2296096163-1640781931-1001
2014-02-19 20:59 - 2013-04-04 06:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 20:58 - 2014-02-19 20:58 - 00000474 _____ () C:\Users\Renate\Desktop\defogger_disable.log
2014-02-19 20:58 - 2014-02-19 20:58 - 00000000 _____ () C:\Users\Renate\defogger_reenable
2014-02-19 20:58 - 2013-02-05 17:42 - 00000000 ____D () C:\Users\Renate
2014-02-19 20:55 - 2012-09-11 06:42 - 00042084 _____ () C:\windows\PFRO.log
2014-02-19 20:50 - 2014-02-19 20:50 - 00050477 _____ () C:\Users\Renate\Desktop\Defogger.exe
2014-02-19 20:33 - 2013-02-05 17:44 - 00000000 ____D () C:\Users\Renate\AppData\Local\Packages
2014-02-19 20:33 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-02-19 20:23 - 2014-02-19 20:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renate\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 20:23 - 2014-02-19 20:23 - 02347384 _____ (ESET) C:\Users\Renate\Desktop\esetsmartinstaller_enu.exe
2014-02-19 20:22 - 2014-02-19 20:22 - 01037530 _____ (Thisisu) C:\Users\Renate\Desktop\JRT.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 02153472 _____ (Farbar) C:\Users\Renate\Desktop\FRST64.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 01241834 _____ () C:\Users\Renate\Desktop\adwcleaner.exe
2014-02-19 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Renate\AppData\Roaming\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 18:02 - 2013-02-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 17:33 - 2013-02-12 12:45 - 00850432 ___SH () C:\Users\Renate\Desktop\Thumbs.db
2014-02-16 16:12 - 2013-08-14 13:49 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 16:09 - 2013-02-09 09:44 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 13:12 - 2014-02-15 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 13:56 - 2013-03-05 18:38 - 00000000 ____D () C:\Users\Renate\AppData\Local\Nero
2014-02-09 19:11 - 2013-11-13 19:36 - 00000000 ____D () C:\Users\Renate\Desktop\Lisa-Marie
2014-02-06 10:34 - 2014-02-05 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 10:59 - 2013-04-04 06:05 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-01 10:20 - 2014-02-14 06:51 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-14 06:51 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-14 06:51 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-14 06:51 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-14 06:51 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-01-31 12:30 - 2013-02-11 17:17 - 00000000 ___RD () C:\Users\Renate\Desktop\Renate
2014-01-30 22:10 - 2013-11-17 15:27 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-17 15:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-29 21:53 - 2013-09-08 14:12 - 00056320 ___SH () C:\Users\Renate\Downloads\Thumbs.db
2014-01-26 10:59 - 2014-01-26 10:58 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-26 10:59 - 2013-10-19 19:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-26 10:59 - 2013-10-19 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-25 18:27 - 2013-08-30 17:37 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\ProgramData\Garmin
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-01-23 08:23 - 2014-01-23 08:23 - 00000000 ____D () C:\Users믠Áenate

Some content of TEMP:
====================
C:\Users\Renate\AppData\Local\Temp\7.2.20.2-EasyShrx.Dll
C:\Users\Renate\AppData\Local\Temp\AskSLib.dll
C:\Users\Renate\AppData\Local\Temp\avgnt.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 10:19

==================== End Of Log ============================
--- --- ---

schrauber 21.02.2014 20:31

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

toresali 22.02.2014 11:54
Hallo,

hier das ESET-Log:
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d7ba1d2d49723a42b8fd95897469dff0
# engine=17177
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-22 10:20:36
# local_time=2014-02-22 11:20:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=1799 16775165 100 96 240648 32984085 233418 0
# compatibility_mode=5893 16776574 100 94 8198419 52570547 0 0
# scanned=202220
# found=0
# cleaned=0
# scan_time=5317

das SecurityCeck:
Code:
Results of screen317's Security Check version 0.99.79 
  x64 (UAC is enabled) 
 Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Defender 
Avira Desktop     
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware Version 1.75.0.1300 
 Java 7 Update 51 
 Adobe Flash Player        12.0.0.70 
 Adobe Reader XI 
 Mozilla Firefox (27.0.1)
 Mozilla Thunderbird (24.3.0)
 Google Chrome 32.0.1700.107 
 Google Chrome 33.0.1750.117 
````````Process Check: objlist.exe by Laurent```````` 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
und nochmal das neue FRST:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014
Ran by Renate (administrator) on FAULSTICH on 22-02-2014 11:41:14
Running from C:\Users\Renate\Desktop
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
() C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\windows\splwow64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-05] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-01] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaDynamicIconUtility] - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [1498624 2012-08-09] (Toshiba)
HKLM-x32\...\Run: [TPUReg(x86)] - "C:\Program Files\TOSHIBA\Password Utility\TosPU.exe" /Retimes
HKLM-x32\...\Run: [TPUReg] - C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe [6884352 2012-08-23] (Pegatron Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2014-02-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [Facebook Update] - C:\Users\Renate\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-02-06] (Facebook Inc.)
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [DMS-Kalenderchen] - C:\Program Files (x86)\Kalenderchen\Kalenderchen.exe [3498496 2010-05-18] (Daniel Manger Software)
HKU\S-1-5-21-509279158-2296096163-1640781931-1001\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-30] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\Renate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com
SearchScopes: HKLM - DefaultScope {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - {A76775C5-1134-4B7D-8F05-D5E42E485F48} URL =
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default
FF Homepage: hxxp://osthessen-news.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\Renate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Garmin Communicator - C:\Users\Renate\AppData\Roaming\Mozilla\Firefox\Profiles\2fphbztm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Facebook Desktop) - C:\Users\Renate\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File
CHR Extension: (Google Docs) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-16]
CHR Extension: (Google Drive) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-16]
CHR Extension: (YouTube) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-16]
CHR Extension: (Google-Suche) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-16]
CHR Extension: (Google Wallet) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-07]
CHR Extension: (Google Mail) - C:\Users\Renate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-16]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2014-02-18] (Avira Operations GmbH & Co. KG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-30] (Garmin Ltd or its subsidiaries)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe [156672 2011-10-13] ()
R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [577536 2013-01-25] (Hauppauge Computer Works)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-08-14] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 hcw95bda; C:\Windows\System32\Drivers\hcw95bda.sys [658944 2013-03-11] (Hauppauge Computer Works, Inc.)
S3 hcw95rc; C:\Windows\system32\DRIVERS\hcw95rc.sys [19840 2013-03-11] (Hauppauge Computer Works, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwNe64.sys [11400192 2012-06-02] (Intel Corporation)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [24208 2012-07-11] (Realtek Microelectronics)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1496720 2012-08-13] (Realtek Semiconductor Corporation                          )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-14] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-22 11:41 - 2014-02-22 11:41 - 00016512 _____ () C:\Users\Renate\Desktop\FRST.txt
2014-02-22 11:41 - 2014-02-22 11:41 - 00000000 ____D () C:\Users\Renate\Desktop\FRST-OlderVersion
2014-02-22 11:40 - 2014-02-22 11:40 - 00000947 _____ () C:\Users\Renate\Desktop\checkup.txt
2014-02-22 11:39 - 2014-02-22 09:05 - 00987425 _____ () C:\Users\Renate\Desktop\SecurityCheck.exe
2014-02-20 20:32 - 2014-02-20 20:32 - 00000000 ____D () C:\windows\ERUNT
2014-02-20 20:23 - 2014-02-20 20:31 - 00000000 ____D () C:\AdwCleaner
2014-02-19 20:59 - 2014-02-22 11:41 - 00000000 ____D () C:\FRST
2014-02-19 20:58 - 2014-02-19 20:58 - 00000474 _____ () C:\Users\Renate\Desktop\defogger_disable.log
2014-02-19 20:58 - 2014-02-19 20:58 - 00000000 _____ () C:\Users\Renate\defogger_reenable
2014-02-19 20:50 - 2014-02-19 20:50 - 00050477 _____ () C:\Users\Renate\Desktop\Defogger.exe
2014-02-19 20:23 - 2014-02-19 20:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renate\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 20:23 - 2014-02-19 20:23 - 02347384 _____ (ESET) C:\Users\Renate\Desktop\esetsmartinstaller_enu.exe
2014-02-19 20:22 - 2014-02-19 20:22 - 01037530 _____ (Thisisu) C:\Users\Renate\Desktop\JRT.exe
2014-02-19 20:21 - 2014-02-22 11:41 - 02154496 _____ (Farbar) C:\Users\Renate\Desktop\FRST64.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 01241834 _____ () C:\Users\Renate\Desktop\adwcleaner.exe
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Renate\AppData\Roaming\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 18:15 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-15 13:12 - 2014-02-15 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 13:36 - 2013-12-05 00:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-14 13:36 - 2013-12-05 00:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-14 06:52 - 2013-12-05 00:43 - 01845248 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-14 06:52 - 2013-12-05 00:37 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-14 06:52 - 2013-11-27 01:19 - 00385614 _____ () C:\windows\system32\ApnDatabase.xml
2014-02-14 06:52 - 2013-11-26 00:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-02-14 06:52 - 2013-11-01 06:53 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-02-14 06:51 - 2014-02-01 10:20 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-14 06:51 - 2014-02-01 10:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-14 06:51 - 2014-02-01 10:19 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-14 06:51 - 2014-02-01 10:18 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-14 06:51 - 2014-02-01 08:58 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-14 06:51 - 2014-02-01 08:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-14 06:51 - 2014-02-01 08:40 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-14 06:51 - 2014-02-01 08:34 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-14 06:51 - 2014-02-01 06:08 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-02-14 06:51 - 2013-12-09 01:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-14 06:51 - 2013-12-09 00:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-14 06:46 - 2014-01-13 00:30 - 02238976 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-14 06:46 - 2014-01-13 00:30 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-14 06:46 - 2013-11-20 01:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-14 06:46 - 2013-11-20 00:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-05 19:56 - 2014-02-06 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-26 10:59 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-26 10:59 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-26 10:59 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-26 10:59 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-26 10:58 - 2014-01-26 10:59 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-23 08:23 - 2014-01-23 08:23 - 00000000 ____D () C:\Users믠Áenate

==================== One Month Modified Files and Folders =======

2014-02-22 11:41 - 2014-02-22 11:41 - 00016512 _____ () C:\Users\Renate\Desktop\FRST.txt
2014-02-22 11:41 - 2014-02-22 11:41 - 00000000 ____D () C:\Users\Renate\Desktop\FRST-OlderVersion
2014-02-22 11:41 - 2014-02-19 20:59 - 00000000 ____D () C:\FRST
2014-02-22 11:41 - 2014-02-19 20:21 - 02154496 _____ (Farbar) C:\Users\Renate\Desktop\FRST64.exe
2014-02-22 11:40 - 2014-02-22 11:40 - 00000947 _____ () C:\Users\Renate\Desktop\checkup.txt
2014-02-22 11:26 - 2013-02-06 11:50 - 00001130 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-22 11:02 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\system32\sru
2014-02-22 10:59 - 2013-04-04 06:05 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-22 10:53 - 2013-02-05 17:42 - 01094456 _____ () C:\windows\WindowsUpdate.log
2014-02-22 09:59 - 2013-04-04 06:05 - 00003772 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-02-22 09:26 - 2012-08-01 17:38 - 00753134 _____ () C:\windows\system32\perfh007.dat
2014-02-22 09:26 - 2012-08-01 17:38 - 00155826 _____ () C:\windows\system32\perfc007.dat
2014-02-22 09:26 - 2012-07-26 08:28 - 01745416 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-22 09:25 - 2013-02-06 11:50 - 00001126 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-22 09:05 - 2014-02-22 11:39 - 00987425 _____ () C:\Users\Renate\Desktop\SecurityCheck.exe
2014-02-20 20:32 - 2014-02-20 20:32 - 00000000 ____D () C:\windows\ERUNT
2014-02-20 20:31 - 2014-02-20 20:23 - 00000000 ____D () C:\AdwCleaner
2014-02-20 20:28 - 2012-07-26 08:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-20 20:28 - 2012-07-26 06:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-02-19 21:13 - 2013-02-06 21:08 - 00000952 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001UA.job
2014-02-19 21:13 - 2013-02-06 21:08 - 00000930 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-509279158-2296096163-1640781931-1001Core.job
2014-02-19 21:06 - 2013-02-05 17:53 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-509279158-2296096163-1640781931-1001
2014-02-19 20:58 - 2014-02-19 20:58 - 00000474 _____ () C:\Users\Renate\Desktop\defogger_disable.log
2014-02-19 20:58 - 2014-02-19 20:58 - 00000000 _____ () C:\Users\Renate\defogger_reenable
2014-02-19 20:58 - 2013-02-05 17:42 - 00000000 ____D () C:\Users\Renate
2014-02-19 20:55 - 2012-09-11 06:42 - 00042084 _____ () C:\windows\PFRO.log
2014-02-19 20:50 - 2014-02-19 20:50 - 00050477 _____ () C:\Users\Renate\Desktop\Defogger.exe
2014-02-19 20:33 - 2013-02-05 17:44 - 00000000 ____D () C:\Users\Renate\AppData\Local\Packages
2014-02-19 20:33 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-02-19 20:23 - 2014-02-19 20:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Renate\Desktop\mbam-setup-1.75.0.1300 (1).exe
2014-02-19 20:23 - 2014-02-19 20:23 - 02347384 _____ (ESET) C:\Users\Renate\Desktop\esetsmartinstaller_enu.exe
2014-02-19 20:22 - 2014-02-19 20:22 - 01037530 _____ (Thisisu) C:\Users\Renate\Desktop\JRT.exe
2014-02-19 20:21 - 2014-02-19 20:21 - 01241834 _____ () C:\Users\Renate\Desktop\adwcleaner.exe
2014-02-19 19:47 - 2012-07-26 09:12 - 00000000 ____D () C:\windows\rescache
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Users\Renate\AppData\Roaming\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-19 18:15 - 2014-02-19 18:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-19 18:02 - 2013-02-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-19 17:33 - 2013-02-12 12:45 - 00850432 ___SH () C:\Users\Renate\Desktop\Thumbs.db
2014-02-16 16:12 - 2013-08-14 13:49 - 00000000 ____D () C:\windows\system32\MRT
2014-02-16 16:09 - 2013-02-09 09:44 - 88567024 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-02-15 13:12 - 2014-02-15 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 13:56 - 2013-03-05 18:38 - 00000000 ____D () C:\Users\Renate\AppData\Local\Nero
2014-02-09 19:11 - 2013-11-13 19:36 - 00000000 ____D () C:\Users\Renate\Desktop\Lisa-Marie
2014-02-06 10:34 - 2014-02-05 19:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-01 10:20 - 2014-02-14 06:51 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-01 10:19 - 2014-02-14 06:51 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-02-01 10:19 - 2014-02-14 06:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 19274240 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 15403520 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-01 10:18 - 2014-02-14 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-01 08:58 - 2014-02-14 06:51 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 14359040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 13760512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-01 08:57 - 2014-02-14 06:51 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-01 08:40 - 2014-02-14 06:51 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-01 08:34 - 2014-02-14 06:51 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-01 06:08 - 2014-02-14 06:51 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-01-31 12:30 - 2013-02-11 17:17 - 00000000 ___RD () C:\Users\Renate\Desktop\Renate
2014-01-30 22:10 - 2013-11-17 15:27 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-30 22:10 - 2013-11-17 15:27 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-29 21:53 - 2013-09-08 14:12 - 00056320 ___SH () C:\Users\Renate\Downloads\Thumbs.db
2014-01-26 10:59 - 2014-01-26 10:58 - 00005327 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-26 10:59 - 2013-10-19 19:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-26 10:59 - 2013-10-19 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-25 18:27 - 2013-08-30 17:37 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\ProgramData\Garmin
2014-01-25 18:27 - 2013-08-30 17:37 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-01-23 08:23 - 2014-01-23 08:23 - 00000000 ____D () C:\Users믠Áenate

Some content of TEMP:
====================
C:\Users\Renate\AppData\Local\Temp\7.2.20.2-EasyShrx.Dll
C:\Users\Renate\AppData\Local\Temp\AskSLib.dll
C:\Users\Renate\AppData\Local\Temp\avgnt.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-3.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe-4.exe
C:\Users\Renate\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Renate\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-16 10:19

==================== End Of Log ============================
--- --- ---



Muss ich jetzt noch was machen oder dürfte das jetzt alles wieder OK sein?

LG

schrauber 23.02.2014 11:11
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

toresali 23.02.2014 18:04
Hallo Schrauber,

jetzt hab ich leider delfix ausgeführt bevor ich das log hier gepostet habe :-(

soll ich den schritt jetzt einfach noch mal ausführen oder geht das jetzt nicht mehr?

schrauber 24.02.2014 17:21
Nee passt schon :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131