Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Webseiten werden auf Werbung umgeleitet (https://www.trojaner-board.de/152176-webseiten-werbung-umgeleitet.html)

neu71 07.04.2014 23:36
Webseiten werden auf Werbung umgeleitet
 
Hallo,

ich bin im Moment ziemlich hilflos.
Seit ein paar Tagen ist es ein Graus, im Internet zu surfen. Permanent öffnen sich unerwünschte Popups und egal welche Website ich aufrufe, wird diese auf eine Werbeseite umgeleitet. Ich würde sagen, das passiert zu 90%.
Was der Auslöser dafür war, kann ich leider nicht genau sagen. Bewusst habe ich vor ein paar Wochen Software upgedatet bzw. down geloadet.

Gestern habe ich versucht, die Programme aufzuräumen und die zu deinstallieren, die meiner Meinung nach Maleware sind, z.B. "MediaPlayerEnhance", "HQ-Video-Profession-1.3", "Feven Pro 1.2", "Snap.Do", "Amazon Browser Settings", "awesomehp uninstaller"...
Sobald ich "VO Package" deinstalliere, sind alle Programme deinstalliert, auch die "Standardprogramme" wie z.B. Adobe etc..

Nachfolgend die Logfiles:

ADDITION:

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Administrator at 2014-04-07 22:20:58
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 6.1.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1530 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1530 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Advanced System Protector (HKLM\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1) (Version: 2.1.1000.10568 - Systweak Software) <==== ATTENTION
Advanced System Protector (HKLM\...\Advanced System Protector_is1) (Version: 2.1.1000.10225 - Systweak Software) <==== ATTENTION
Amazon Browser Settings (HKLM\...\Amazon Browser Settings) (Version: 3.0 - Amazon)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0A00}) (Version: 12.10.0.2949 - APN, LLC)
awesomehp uninstaller (HKLM\...\awesomehp uninstaller) (Version:  - awesomehp) <==== ATTENTION
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Canon MP550 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP550_series) (Version:  - )
DMUninstaller (HKLM\...\DMUninstaller) (Version:  - ) <==== ATTENTION
Feven Pro 1.2 (HKLM\...\Feven Pro 1.2) (Version: 1.34.2.13 - Feven) <==== ATTENTION
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Officejet 100 Mobile L411 (HKLM\...\{E34BAA98-E4EA-4C12-8B9C-ABAE82FECB2D}) (Version: 14.0 - HP)
HQ-Video-Profession-1.3 (HKLM\...\HQ-Video-Profession-1.3) (Version: 1.34.2.13 - HQ-Video) <==== ATTENTION
IePluginService12.27.0.3326 (HKLM\...\IePlugins) (Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1867 - Intel Corporation)
iTunes (HKLM\...\{11E568E0-3244-4BCB-875E-F334269DFDCB}) (Version: 11.0.3.42 - Apple Inc.)
L411_Help_Web (Version: 1.000.000.000 - Hewlett-Packard) Hidden
L411_Software_Min (Version: 140.0.000.000 - Hewlett-Packard) Hidden
L411_web (Version: 140.0.000.000 - Hewlett-Packard) Hidden
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.02.0018 - Lenovo)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MediaPlayerEnhance (HKLM\...\MediaPlayerEnhance) (Version: 1.34.2.13 - Feven) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
MyTomTom 3.2.0.1220 (HKLM\...\MyTomTom) (Version: 3.2.0.1220 - TomTom)
Napster 5 Beta (HKLM\...\com.Rhapsody.Napster5) (Version: 1.0.61 - Rhapsody International Inc)
Napster 5 Beta (Version: 1.0.61 - Rhapsody International Inc) Hidden
NewPlayer (HKLM\...\NewPlayer) (Version: v2.1.1.1 - TUGUU SL) <==== ATTENTION
PC Connectivity Solution (HKLM\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
RegClean Pro (HKLM\...\RegClean Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.0.13064_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Snap.Do (HKLM\...\{346AA1B5-A737-4110-9EEA-D6E87807556F}) (Version: 10.202.1.13712 - ReSoft Ltd.) <==== ATTENTION
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
SpeedUpMyPC (HKLM\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.2.0 - Uniblue Systems Limited)
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
System Migration Assistant (HKLM\...\{8A4DB1CA-8206-4ADC-805C-66ACF1611DA3}) (Version: 6.00.0009 - Lenovo Group Limited.)
Systweak PhotoStudio 2.1 (HKLM\...\PhotoStudio_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1) (Version: 2.1.2954.85 - Systweak Inc.)
ThinkPad Modem (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588) (Version: 7.62.00 - )
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.43 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.5.0 - )
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.5 - Lenovo)
TomTom HOME (HKLM\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 140.0.596.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update for Zip Opener (HKCU\...\DSite) (Version:  - ) <==== ATTENTION
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VO Package (HKLM\...\VOPackage) (Version: 1.0.0.0 - )
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
VTech Download Manager (HKLM\...\VTechDownloadManager) (Version:  - VTech)
WebReg (Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (HKLM\...\3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F) (Version: 10/12/2007 6.85.4.0 - Nokia)
Zip Opener Packages (HKCU\...\Zip Opener Packages) (Version:  - ) <==== ATTENTION

==================== Restore Points  =========================

07-04-2014 08:26:17 Wiederherstellungsvorgang
07-04-2014 08:46:14 Removed Microsoft Silverlight
07-04-2014 08:51:04 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
07-04-2014 08:58:06 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
07-04-2014 09:25:06 Wiederherstellungsvorgang
07-04-2014 09:44:33 Sony PC Companion
07-04-2014 09:52:15 Deinstallation Microsoft Security
07-04-2014 10:14:28 Deinstallation SpeedUpMyPC
07-04-2014 10:17:57 Deinstallation VO Package
07-04-2014 10:18:50 Deinstallation SupTab
07-04-2014 10:28:34 Wiederherstellungsvorgang
07-04-2014 11:02:32 RegClean Pro Mo, Apr 07, 14  13:02

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1B2185A4-F12D-4526-9A64-68985C62F4FF} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited)
Task: {1B3261E5-9809-4571-8517-CAFE7A980C8B} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-02-19] (Uniblue Systems Limited)
Task: {1EDB6A54-0918-403B-8E4C-D926BADCB80B} - System32\Tasks\Feven Pro 1.2-chromeinstaller => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-chromeinstaller.exe [2014-02-27] (Feven) <==== ATTENTION
Task: {2B692CE0-2B13-4C24-A7D9-127DA0922043} - System32\Tasks\MediaPlayerEnhance-firefoxinstaller => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe [2014-02-27] (Feven) <==== ATTENTION
Task: {30357775-5271-4272-9903-52F96D790EE3} - System32\Tasks\MediaPlayerEnhance-chromeinstaller => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe [2014-02-27] (Feven) <==== ATTENTION
Task: {3F78B1F5-E497-4055-A968-772567066F17} - System32\Tasks\Feven Pro 1.2-codedownloader => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-codedownloader.exe <==== ATTENTION
Task: {45B18927-19F7-4B26-8BDB-D5DCA5C74751} - System32\Tasks\Feven Pro 1.2-updater => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-updater.exe <==== ATTENTION
Task: {53471A5A-278A-4804-8AF1-9A4914CBA87F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5EAA36A4-1BE6-4322-ADB4-C90ADC69F7BD} - System32\Tasks\HQ-Video-Profession-1.3-chromeinstaller => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe [2014-02-27] (HQ-Video) <==== ATTENTION
Task: {6DD0A161-58CE-4CA7-B1E2-0A2E2361080B} - System32\Tasks\HQ-Video-Profession-1.3-codedownloader => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe <==== ATTENTION
Task: {6EC10355-92E3-451C-A1A8-598F84D0020A} - System32\Tasks\Advanced System Protector => C:\Program Files\Advanced System Protector\AspManager.exe [2012-10-31] (Systweak) <==== ATTENTION
Task: {73CBBDFA-C022-4F19-897B-1A407A15DEEA} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-01-01] (Systweak Inc) <==== ATTENTION
Task: {775C9BFF-0006-4A0E-A8BF-F751CABE9816} - System32\Tasks\DSite => C:\Users\ADMINI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7D605D40-1B1D-4814-A465-0DF1940101EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)
Task: {7DBA51F4-90EA-497A-8BD0-230E10F45E8F} - System32\Tasks\Feven Pro 1.2-firefoxinstaller => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-firefoxinstaller.exe [2014-02-27] (Feven) <==== ATTENTION
Task: {82960A93-4718-4A37-B216-A4768F099C6A} - System32\Tasks\HQ-Video-Profession-1.3-updater => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-updater.exe <==== ATTENTION
Task: {8CB77536-9D0D-42A1-A776-7EB98BF53389} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {A396C75B-88F2-43DF-B493-484762222F6A} - System32\Tasks\MediaPlayerEnhance-enabler => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: {ADD90EBB-0FE9-462C-A440-2C668612D801} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {B505A068-1940-45A6-A5E1-C5E6502AA786} - System32\Tasks\Feven Pro 1.2-enabler => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-enabler.exe <==== ATTENTION
Task: {D55F3741-EF85-4279-AD44-5401F452A463} - System32\Tasks\HQ-Video-Profession-1.3-enabler => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-enabler.exe <==== ATTENTION
Task: {D60ACEDC-E0B8-43CE-BC5F-99AE04CC710B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-24] (Google Inc.)
Task: {E3A8317B-429C-43A7-987E-2B5239F42C40} - System32\Tasks\HQ-Video-Profession-1.3-firefoxinstaller => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe [2014-02-27] (HQ-Video) <==== ATTENTION
Task: {E9272403-D744-4320-98D6-9DDFA3EDFD65} - System32\Tasks\Advanced System Protector_startup => C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe [2012-10-31] (Systweak) <==== ATTENTION
Task: {EB7252E8-1C61-4BE0-A628-6E4FAB6344FD} - System32\Tasks\RegClean Pro_DEFAULT => C:\Program Files\RegClean Pro\RegCleanPro.exe [2013-01-01] (Systweak Inc) <==== ATTENTION
Task: {F4A0855C-6CB3-47B4-AF52-1AECD6309275} - System32\Tasks\MediaPlayerEnhance-codedownloader => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe <==== ATTENTION
Task: {F4B4C8DE-AA29-4A72-947A-5521C369B987} - System32\Tasks\MediaPlayerEnhance-updater => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DSite.job => C:\Users\ADMINI~1\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro 1.2-chromeinstaller.job => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro 1.2-codedownloader.job => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro 1.2-enabler.job => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro 1.2-firefoxinstaller.job => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Feven Pro 1.2-updater.job => C:\Program Files\Feven Pro 1.2\Feven Pro 1.2-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-enabler.job => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HQ-Video-Profession-1.3-updater.job => C:\Program Files\HQ-Video-Profession-1.3\HQ-Video-Profession-1.3-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-enabler.job => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\MediaPlayerEnhance-updater.job => C:\Program Files\MediaPlayerEnhance\MediaPlayerEnhance-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: C:\Windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe
Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files\Uniblue\SpeedUpMyPC\speedupmypc.exe

==================== Loaded Modules (whitelisted) =============

2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-19 20:26 - 2012-07-25 13:03 - 00886272 _____ () C:\Program Files\Advanced System Protector\System.Data.SQLite.dll
2013-02-19 20:26 - 2012-10-31 18:41 - 01730488 _____ () C:\Program Files\Advanced System Protector\aspsys.dll
2013-02-19 20:26 - 2012-07-25 13:03 - 00168448 _____ () C:\Program Files\Advanced System Protector\UNRAR.DLL
2014-02-25 17:00 - 2014-02-25 17:00 - 00011776 _____ () C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
2013-03-21 20:24 - 2013-03-21 20:24 - 00222368 _____ () C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
2012-07-05 03:27 - 2012-06-28 10:53 - 00365512 _____ () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2012-07-05 03:27 - 2010-06-24 03:16 - 02150400 _____ () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2012-07-05 03:27 - 2010-07-13 15:07 - 07826432 _____ () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2012-07-05 03:27 - 2010-06-02 04:29 - 00934912 _____ () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2012-07-05 03:27 - 2010-06-02 04:28 - 00335360 _____ () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2012-07-05 03:27 - 2012-01-11 08:40 - 09843600 _____ () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2012-07-05 03:27 - 2010-06-02 04:56 - 00232960 _____ () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2012-07-05 03:27 - 2010-06-02 04:54 - 02530816 _____ () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2012-07-05 03:27 - 2010-07-05 11:19 - 00116736 _____ () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2012-07-05 03:27 - 2010-11-11 11:24 - 00028160 _____ () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2012-07-05 03:27 - 2010-06-02 07:05 - 00119808 _____ () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2014-03-05 04:14 - 2014-03-05 04:14 - 00186368 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\21871ce315d4257cfe2052454e583368\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-03-05 04:15 - 2014-03-05 04:15 - 14971904 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\c94e1e76e67ad518b4310a539f072832\Kies.Theme.ni.dll
2014-03-05 04:14 - 2014-03-05 04:14 - 01842688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\0107366ee1ddeb3e9873c6fac6344bc1\Kies.UI.ni.dll
2014-03-05 04:14 - 2014-03-05 04:14 - 00081920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8375369d3ac9c732c2ec8f6b5c9f2bb8\Kies.MVVM.ni.dll
2014-03-05 04:15 - 2014-03-05 04:15 - 00236032 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\cffeb31975c17760187d713cf2d7934d\ASF_cSharpAPI.ni.dll
2013-08-01 12:47 - 2013-08-01 12:47 - 00026040 _____ () C:\Program Files\MyTomTom 3\DeviceDetection.dll
2013-08-01 12:47 - 2013-08-01 12:47 - 00074680 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterBase.dll
2013-08-01 12:47 - 2013-08-01 12:47 - 00317880 _____ () C:\Program Files\MyTomTom 3\TomTomSupporterProxy.dll
2013-11-25 00:37 - 2012-04-30 11:57 - 00039936 _____ () C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
2013-11-25 00:37 - 2013-09-13 11:02 - 00208896 _____ () C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
2013-11-25 00:37 - 2013-10-31 12:35 - 00070880 _____ () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
2014-02-18 15:38 - 2014-02-18 15:38 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2013-09-06 22:31 - 2013-09-06 22:31 - 00911128 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2014-02-26 17:52 - 2014-02-26 17:52 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-11 18:30 - 2013-09-11 18:30 - 16177544 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Administrator\Documents\Das Futterhaus Heiligenhafen.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Administrator\Documents\Das Futterhaus Heiligenhafen.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Administrator\Documents\Das Futterhaus Oldenburg.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Administrator\Documents\Das Futterhaus Oldenburg.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 01:02:27 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {a171007c-fbfd-405e-9565-9955e591dcf6}

Error: (04/07/2014 00:43:09 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 00:42:40 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (04/07/2014 00:35:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/07/2014 00:34:39 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

Error: (04/07/2014 00:07:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 481169

Error: (04/07/2014 00:07:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 481169

Error: (04/07/2014 00:07:37 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2014 11:59:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14867

Error: (04/07/2014 11:59:51 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 14867


System errors:
=============
Error: (04/07/2014 00:42:40 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.

Error: (04/07/2014 00:42:12 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/07/2014 00:42:12 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (04/07/2014 00:41:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IePlugin Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/07/2014 00:41:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Infrarotüberwachungsdienst" wurde mit folgendem Fehler beendet:
%%2

Error: (04/07/2014 00:34:37 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%4.

Error: (04/07/2014 00:34:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/07/2014 00:34:13 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (04/07/2014 00:33:25 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IePlugin Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/07/2014 00:33:24 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Infrarotüberwachungsdienst" wurde mit folgendem Fehler beendet:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 88%
Total physical RAM: 2038.43 MB
Available physical RAM: 232 MB
Total Pagefile: 4076.86 MB
Available Pagefile: 1692.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.43 GB) (Free:28.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: CCCDCCCD)

Partition: GPT Partition Type.

==================== End Of Log ============================
DEFOGGER:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:08 on 07/04/2014 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
FRST:

Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Administrator (administrator) on NB001 on 07-04-2014 22:19:53
Running from C:\Users\Administrator\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Systweak) C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
() C:\Users\Administrator\Downloads\Defogger(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2342200 2012-07-05] (Synaptics Incorporated)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [365512 2012-06-28] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ApnTBMon] - "C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=e136830f-f3e7-77f9-232f-244f09c43896&searchtype=ds&q={searchTerms}&installDate=06/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x321D48DB7D3CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ie_sp_IS0
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=e136830f-f3e7-77f9-232f-244f09c43896&searchtype=ds&q={searchTerms}&installDate=06/09/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=e136830f-f3e7-77f9-232f-244f09c43896&searchtype=ds&q={searchTerms}&installDate=06/09/2013
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=e136830f-f3e7-77f9-232f-244f09c43896&searchtype=ds&q={searchTerms}&installDate=06/09/2013
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: MediaPlayerEnhance - {11111111-1111-1111-1111-110411411150} -  No File
BHO: HQ-Video-Profession-1.3 - {11111111-1111-1111-1111-110511151178} -  No File
BHO: Feven Pro 1.2 - {11111111-1111-1111-1111-110511161182} -  No File
BHO: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_nt_IS0
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_sp_IS0
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerEnhance - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com [2014-03-29]
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-03-29]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\donottrackplus@abine.com [2014-03-29]
FF Extension: Quick Start - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\quick_start@gmail.com [2014-03-25]
FF Extension: BrowserAdditions - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\toolbarbutton@browseradditions.com [2013-09-06]
FF HKLM\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\extensions\quick_start@gmail.com [2014-03-25]
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: Wajam - C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-04-18]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX

Chrome:
=======
CHR HomePage: hxxp://feed.snapdo.com/?publisher=SoftPublisherYB&dpid=SoftPublisherYB&co=DE&userid=e136830f-f3e7-77f9-232f-244f09c43896&searchtype=hp&installDate=17/09/2013
CHR DefaultSearchKeyword: awesomehp
CHR DefaultSearchProvider: awesomehp
CHR DefaultSearchURL: hxxp://www.awesomehp.com/web/?type=ds&ts=1393531193&from=tugs&uid=HTS541080G9SA00_MPBDL0XKJAYNLMJAYNLMX&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (McAfee Security Scan+) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-27]
CHR Extension: (Feven Pro 1.2) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-03-04]
CHR Extension: (Wajam) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-11-24]
CHR Extension: (MediaPlayerEnhance) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo [2014-03-04]
CHR Extension: (HQ-Video-Profession-1.3) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Quick Start) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma [2014-02-27]
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-02-27]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Administrator\AppData\Local\Wajam\Chrome\wajam.crx [2013-04-18]
CHR HKLM\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-02-27]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files\Amazon\ABB\AmazonChrome-bds-amzn.crx [2014-02-27]

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-02-18] (Just Develop It)
S2 Irmon; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R2 NewPlayerUpdaterService; C:\Program Files\NewPlayer\NewPlayerUpdaterService.exe [11776 2014-02-25] ()
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()
S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-01-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-01-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-01-03] (Avira Operations GmbH & Co. KG)
R3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-14] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pppop; system32\DRIVERS\pppop.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 22:19 - 2014-04-07 22:20 - 00020729 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-04-07 22:19 - 2014-04-07 22:19 - 00000000 ____D () C:\FRST
2014-04-07 22:17 - 2014-04-07 22:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-04-07 22:11 - 2014-04-07 22:11 - 00000260 _____ () C:\Users\Administrator\Downloads\defogger_enable.log
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe
2014-04-07 22:08 - 2014-04-07 22:08 - 00000462 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-04-07 21:56 - 2014-04-07 21:56 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-04-07 11:42 - 2014-04-07 11:42 - 00000000 ____D () C:\ProgramData\Sony
2014-04-04 13:52 - 2014-04-04 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2014-04-04 13:51 - 2014-04-04 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2014-04-04 13:39 - 2014-04-04 13:39 - 00000000 ____D () C:\Users\Administrator\Documents\PC Speed Maximizer
2014-04-04 13:26 - 2014-04-07 10:31 - 00000000 ____D () C:\Program Files\Opera
2014-03-23 15:35 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-23 15:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-23 15:35 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-23 15:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-23 15:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-23 15:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-23 15:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-23 15:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-23 15:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-23 15:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-23 15:35 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-23 15:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-23 15:35 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-23 15:35 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-23 15:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-23 15:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-23 15:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-23 15:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-23 15:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-23 15:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-23 15:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-23 15:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-23 15:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-23 15:35 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-23 15:34 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-23 15:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-23 15:33 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

==================== One Month Modified Files and Folders =======

2014-04-07 22:20 - 2014-04-07 22:19 - 00020729 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-04-07 22:19 - 2014-04-07 22:19 - 00000000 ____D () C:\FRST
2014-04-07 22:17 - 2014-04-07 22:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-04-07 22:15 - 2012-09-24 22:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 22:14 - 2013-09-06 22:14 - 00000308 _____ () C:\Windows\Tasks\DSite.job
2014-04-07 22:11 - 2014-04-07 22:11 - 00000260 _____ () C:\Users\Administrator\Downloads\defogger_enable.log
2014-04-07 22:11 - 2012-09-21 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe
2014-04-07 22:08 - 2014-04-07 22:08 - 00000462 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-04-07 22:00 - 2014-02-27 22:08 - 00000282 _____ () C:\Windows\Tasks\SpeedUpMyPC Maintenance.job
2014-04-07 21:56 - 2014-04-07 21:56 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-04-07 21:51 - 2013-11-24 03:53 - 00000000 ____D () C:\Program Files\Amazon Browser Bar
2014-04-07 21:30 - 2012-09-24 22:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 21:17 - 2014-02-27 22:05 - 00002398 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-04-07 21:16 - 2014-02-27 22:16 - 00001610 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-04-07 21:15 - 2014-02-27 22:15 - 00001584 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-updater.job
2014-04-07 21:15 - 2014-02-27 22:15 - 00001524 _____ () C:\Windows\Tasks\Feven Pro 1.2-updater.job
2014-04-07 21:15 - 2014-02-27 22:14 - 00001464 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-04-07 21:14 - 2014-02-27 22:13 - 00001566 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-04-07 21:14 - 2014-02-27 22:10 - 00001438 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-enabler.job
2014-04-07 21:13 - 2014-02-27 22:08 - 00001378 _____ () C:\Windows\Tasks\Feven Pro 1.2-enabler.job
2014-04-07 21:10 - 2014-02-27 22:05 - 00001540 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job
2014-04-07 21:08 - 2014-02-27 22:03 - 00001480 _____ () C:\Windows\Tasks\Feven Pro 1.2-codedownloader.job
2014-04-07 21:07 - 2014-02-27 22:01 - 00002284 _____ () C:\Windows\Tasks\Feven Pro 1.2-firefoxinstaller.job
2014-04-07 21:04 - 2014-02-27 22:03 - 00003124 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-04-07 21:03 - 2014-02-27 22:02 - 00002654 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
2014-04-07 21:01 - 2014-02-27 22:00 - 00003144 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job
2014-04-07 21:00 - 2014-02-27 22:00 - 00003104 _____ () C:\Windows\Tasks\Feven Pro 1.2-chromeinstaller.job
2014-04-07 17:21 - 2012-08-22 09:04 - 01093883 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 17:15 - 2012-09-24 22:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 15:01 - 2013-02-19 20:26 - 00000280 _____ () C:\Windows\Tasks\RegClean Pro_DEFAULT.job
2014-04-07 13:14 - 2014-02-26 17:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-07 12:51 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 12:51 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 12:43 - 2014-02-27 22:10 - 00001915 _____ () C:\Users\Administrator\Desktop\Sync Folder.lnk
2014-04-07 12:42 - 2014-02-27 22:04 - 00000276 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job
2014-04-07 12:41 - 2012-09-23 21:43 - 00028473 _____ () C:\Windows\setupact.log
2014-04-07 12:41 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 12:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-07 12:40 - 2014-02-27 22:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VOPackage
2014-04-07 12:40 - 2012-09-24 22:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-07 12:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-07 12:09 - 2012-09-21 12:54 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-07 11:46 - 2012-09-21 12:05 - 00213776 _____ () C:\Windows\DPINST.LOG
2014-04-07 11:46 - 2010-11-20 23:01 - 01627884 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 11:42 - 2014-04-07 11:42 - 00000000 ____D () C:\ProgramData\Sony
2014-04-07 11:39 - 2013-02-19 20:26 - 00000000 ____D () C:\Program Files\Advanced System Protector
2014-04-07 11:38 - 2013-02-19 20:26 - 00000288 _____ () C:\Windows\Tasks\RegClean Pro_UPDATES.job
2014-04-07 11:37 - 2013-02-19 20:25 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-04-07 11:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-07 11:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-07 11:35 - 2014-02-27 22:07 - 00000000 ____D () C:\Program Files\SupTab
2014-04-07 11:35 - 2014-02-27 22:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-04-07 11:35 - 2014-02-27 22:03 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-04-07 11:35 - 2014-02-27 22:02 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\awesomehp
2014-04-07 11:35 - 2014-02-27 22:02 - 00000000 ____D () C:\Program Files\Uniblue
2014-04-07 11:35 - 2014-02-27 22:02 - 00000000 ____D () C:\Program Files\MediaPlayerEnhance
2014-04-07 11:35 - 2014-02-27 22:00 - 00000000 ____D () C:\Program Files\Feven Pro 1.2
2014-04-07 11:35 - 2014-02-14 01:38 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-07 11:35 - 2013-11-25 00:37 - 00000000 ____D () C:\Program Files\Sony
2014-04-07 11:35 - 2013-09-06 22:15 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
2014-04-07 11:35 - 2013-02-19 20:26 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Systweak
2014-04-07 11:35 - 2012-11-20 18:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-07 11:35 - 2012-09-23 21:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-07 11:35 - 2012-08-23 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-07 11:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-07 11:29 - 2013-02-19 20:26 - 00000000 ____D () C:\ProgramData\Systweak
2014-04-07 11:29 - 2012-09-24 22:21 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-07 10:31 - 2014-04-04 13:26 - 00000000 ____D () C:\Program Files\Opera
2014-04-07 10:31 - 2011-04-12 03:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-04 15:07 - 2012-09-21 12:40 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-04 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-04-04 13:52 - 2014-04-04 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2014-04-04 13:51 - 2014-04-04 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2014-04-04 13:39 - 2014-04-04 13:39 - 00000000 ____D () C:\Users\Administrator\Documents\PC Speed Maximizer
2014-03-31 09:35 - 2012-08-22 09:52 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 04:37 - 2014-01-19 13:39 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-25 08:06 - 2014-02-27 22:07 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-25 08:06 - 2014-02-27 22:00 - 00000000 ____D () C:\Program Files\HQ-Video-Profession-1.3
2014-03-24 04:30 - 2009-07-14 06:33 - 00410064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 04:08 - 2012-08-23 15:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-24 04:06 - 2013-08-16 07:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-24 04:02 - 2012-08-22 10:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-23 15:50 - 2012-09-24 22:06 - 00002321 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.228.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 01:32

==================== End Of Log ============================
GMER:

Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-07 22:59:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HTS54108 rev.MB4I 74,53GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pxldqpog.sys


---- System - GMER 2.1 ----

SSDT            8E8E8EF6                                                                                                            ZwCreateSection
SSDT            8E8E8F00                                                                                                            ZwRequestWaitReplyPort
SSDT            8E8E8EFB                                                                                                            ZwSetContextThread
SSDT            8E8E8F05                                                                                                            ZwSetSecurityObject
SSDT            8E8E8F0A                                                                                                            ZwSystemDebugControl
SSDT            8E8E8E97                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                            82C81A15 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82CBB212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                  82CC258C 4 Bytes  [F6, 8E, 8E, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                  82CC28E8 4 Bytes  [00, 8F, 8E, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                  82CC292C 4 Bytes  [FB, 8E, 8E, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1614                                                                                  82CC29A9 3 Bytes  [8F, 8E, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                  82CC29FC 4 Bytes  [0A, 8F, 8E, 8E]
.text          ...                                                                                                                 

---- User code sections - GMER 2.1 ----

.text          C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2292] ntdll.dll!DbgBreakPoint                    77724108 1 Byte  [C3]
.text          C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2508] USER32.dll!RegisterMessagePumpHook + 2F1              77028B9E 7 Bytes  JMP 10053C10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text          C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2508] USER32.dll!PostMessageW + 43A                          770348B5 7 Bytes  JMP 10053AC0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text          C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2508] USER32.dll!SetDlgItemTextA + 25                        7704709F 7 Bytes  JMP 10053BF0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text          C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2508] USER32.dll!MessageBoxIndirectA + F5                    7707E95E 7 Bytes  JMP 10053C60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text          C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2508] USER32.dll!MessageBoxIndirectW + 61                    7707E9C4 7 Bytes  JMP 10053D30 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text          C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2508] USER32.dll!MessageBoxExA + 1F                          7707E9E8 7 Bytes  JMP 10053CE0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateFile + 6              7773560E 4 Bytes  [28, 50, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateFile + B              77735613 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateKey + 6                7773564E 4 Bytes  [68, 51, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateKey + B                77735653 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateMutant + 6            7773568E 4 Bytes  [68, 52, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateMutant + B            77735693 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateSection + 6            7773572E 4 Bytes  [A8, 52, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtCreateSection + B            77735733 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtMapViewOfSection + B        77735C73 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenFile + 6                77735D1E 4 Bytes  [68, 50, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenFile + B                77735D23 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenKey + 6                  77735D4E 4 Bytes  [A8, 51, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenKey + B                  77735D53 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenKeyEx + B                77735D63 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenMutant + 6              77735D9E 4 Bytes  [28, 52, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenMutant + B              77735DA3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenProcess + 6              77735DCE 4 Bytes  [68, 53, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenProcess + B              77735DD3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenProcessToken + 6        77735DDE 4 Bytes  [A8, 53, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenProcessToken + B        77735DE3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenProcessTokenEx + 6      77735DEE 4 Bytes  [68, 54, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenProcessTokenEx + B      77735DF3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenSection + B              77735E13 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenThread + 6              77735E4E 4 Bytes  [28, 53, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenThread + B              77735E53 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenThreadToken + 6          77735E5E 4 Bytes  [28, 54, 07, 00] {SUB [EDI+EAX+0x0], DL}
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenThreadToken + B          77735E63 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenThreadTokenEx + 6        77735E6E 4 Bytes  [A8, 54, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtOpenThreadTokenEx + B        77735E73 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtQueryAttributesFile + 6      77735F7E 4 Bytes  [A8, 50, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtQueryAttributesFile + B      77735F83 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtQueryFullAttributesFile + B  77736033 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtSetInformationFile + 6      7773667E 4 Bytes  [28, 51, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtSetInformationFile + B      77736683 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtSetInformationThread + B    777366E3 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtUnmapViewOfSection + 6      777369FE 4 Bytes  [28, 55, 07, 00]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ntdll.dll!NtUnmapViewOfSection + B      77736A03 1 Byte  [E2]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] kernel32.dll!CreateProcessW              7784204D 5 Bytes  JMP 00080030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] kernel32.dll!CreateProcessA              77842082 5 Bytes  JMP 00080070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!ActivateKeyboardLayout        77028203 5 Bytes  JMP 002304F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!ScreenToClient                7702A506 7 Bytes  JMP 00230670
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!RegisterClipboardFormatA      7702C091 5 Bytes  JMP 002302F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!RegisterClipboardFormatW      7702DF8D 5 Bytes  JMP 002302B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!SetCursor                    77033075 5 Bytes  JMP 00230530
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!MonitorFromWindow            77033622 7 Bytes  JMP 00230630
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!PostMessageW                  7703447B 5 Bytes  JMP 002305F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!IsWindowVisible              77034D69 7 Bytes  JMP 002306B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClientRect                770354DD 7 Bytes  JMP 002305B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!MapWindowPoints              77035CAA 5 Bytes  JMP 00230570
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetParent                    77036029 7 Bytes  JMP 002306F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!EmptyClipboard                7704290C 5 Bytes  JMP 00230130
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!SetClipboardData              77042962 5 Bytes  JMP 00230170
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClipboardData              77042BA7 5 Bytes  JMP 00230030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClipboardFormatNameW      77045FD2 5 Bytes  JMP 00230230
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!SetClipboardViewer            77046FF6 5 Bytes  JMP 002304B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClipboardFormatNameA      7704700A 5 Bytes  JMP 00230270
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!ChangeClipboardChain          7705147C 5 Bytes  JMP 00230430
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetTopWindow                  770524D9 7 Bytes  JMP 00230730
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!CloseClipboard                7705446C 5 Bytes  JMP 002300B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!OpenClipboard                7705447E 5 Bytes  JMP 00230070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!IsClipboardFormatAvailable    770544FF 5 Bytes  JMP 002300F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClipboardSequenceNumber    77054513 5 Bytes  JMP 00230330
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClipboardOwner            77054525 5 Bytes  JMP 00230370
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!CountClipboardFormats        7705470A 5 Bytes  JMP 002301F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!EnumClipboardFormats          770547EC 5 Bytes  JMP 002301B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetOpenClipboardWindow        7705480B 5 Bytes  JMP 002303F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!SetCursorPos                  7706C1B0 5 Bytes  JMP 00230770
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetClipboardViewer            77084AF7 5 Bytes  JMP 00230470
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] user32.DLL!GetPriorityClipboardFormat    77084BF9 5 Bytes  JMP 002303B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!DeleteObject                  76D35F14 5 Bytes  JMP 002401B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SelectObject                  76D36640 5 Bytes  JMP 002405F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetTextColor                  76D36906 5 Bytes  JMP 00240A30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetBkMode                      76D369B1 5 Bytes  JMP 002408F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!DeleteDC                      76D36EAA 5 Bytes  JMP 00240170
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetDeviceCaps                  76D36F7F 5 Bytes  JMP 002403B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!ExtSelectClipRgn              76D37114 5 Bytes  JMP 002402F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SelectClipRgn                  76D37242 5 Bytes  JMP 002405B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetStretchBltMode              76D37705 5 Bytes  JMP 002406B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetCurrentObject              76D37917 5 Bytes  JMP 00240370
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextMetricsW                76D37B8F 5 Bytes  JMP 00240E30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextAlign                  76D37DAF 5 Bytes  JMP 00240D70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!IntersectClipRect              76D37DFE 5 Bytes  JMP 002403F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!ExtTextOutW                    76D38192 5 Bytes  JMP 00240970
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetTextAlign                  76D3828E 5 Bytes  JMP 002409F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetClipBox                    76D38525 5 Bytes  JMP 00240330
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!MoveToEx                      76D38C21 5 Bytes  JMP 00240470
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!StretchDIBits                  76D3A53E 5 Bytes  JMP 00240770
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!RestoreDC                      76D3A67B 5 Bytes  JMP 00240530
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SaveDC                        76D3A74B 5 Bytes  JMP 00240570
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextExtentPoint32W          76D3B4B5 5 Bytes  JMP 00240670
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextFaceW                  76D3B73A 2 Bytes  JMP 00240D30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextFaceW + 3              76D3B73D 2 Bytes  [50, 89]
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetFontData                    76D3BCC4 5 Bytes  JMP 00240C70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetWorldTransform              76D3C90A 5 Bytes  JMP 002406F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!CreateDCA                      76D3CCA9 5 Bytes  JMP 002400B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!CreateDCW                      76D3CF79 5 Bytes  JMP 002400F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!CreateICW                      76D3CFD0 5 Bytes  JMP 00240130
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextMetricsA                76D3D0F2 5 Bytes  JMP 00240DF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!Rectangle                      76D3F1FF 5 Bytes  JMP 002409B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!LineTo                        76D3F59B 5 Bytes  JMP 00240430
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetICMMode                    76D3FAA4 5 Bytes  JMP 00240DB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!ExtTextOutA                    76D40D20 5 Bytes  JMP 00240930
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextExtentPoint32A          76D4117F 5 Bytes  JMP 00240630
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!ExtEscape                      76D42D49 5 Bytes  JMP 002402B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!Escape                        76D43400 5 Bytes  JMP 00240270
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!ResetDCW                      76D43A9B 5 Bytes  JMP 00240AB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!EndPage                        76D440DA 5 Bytes  JMP 00240230
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetPolyFillMode                76D467E1 5 Bytes  JMP 00240B30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SetMiterLimit                  76D4699D 5 Bytes  JMP 00240B70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetTextFaceA                  76D50D22 5 Bytes  JMP 00240CF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!GetGlyphOutlineW              76D5C2DA 5 Bytes  JMP 00240CB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!CreateScalableFontResourceW    76D5E937 5 Bytes  JMP 00240BB0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!AddFontResourceW              76D5ED33 5 Bytes  JMP 00240BF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!RemoveFontResourceW            76D5F229 5 Bytes  JMP 00240C30
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!AbortDoc                      76D64E29 5 Bytes  JMP 00240030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!EndDoc                        76D65270 5 Bytes  JMP 002401F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!StartPage                      76D6535B 5 Bytes  JMP 00240730
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!StartDocW                      76D65D76 5 Bytes  JMP 002407F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!BeginPath                      76D6651D 5 Bytes  JMP 00240830
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!SelectClipPath                76D66574 5 Bytes  JMP 00240AF0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!CloseFigure                    76D665CF 5 Bytes  JMP 00240070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!EndPath                        76D66626 5 Bytes  JMP 00240A70
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!StrokePath                    76D66859 5 Bytes  JMP 002407B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!FillPath                      76D668E6 5 Bytes  JMP 00240870
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!PolylineTo                    76D66D54 5 Bytes  JMP 002404F0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!PolyBezierTo                  76D66DE5 5 Bytes  JMP 002404B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] GDI32.dll!PolyDraw                      76D66E97 5 Bytes  JMP 002408B0
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ole32.dll!OleSetClipboard                75B80045 5 Bytes  JMP 00260030
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ole32.dll!OleIsCurrentClipboard          75B836B2 5 Bytes  JMP 00260070
.text          C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe[3140] ole32.dll!OleGetClipboard                75BAFDCD 5 Bytes  JMP 002600B0
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[4688] USER32.dll!RegisterMessagePumpHook + 2F1                77028B9E 7 Bytes  JMP 563076A0 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[4688] USER32.dll!IsDialogMessageW + 340                        77034444 7 Bytes  JMP 56307711 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[4688] USER32.dll!GetWindowInfo                                77034B5E 5 Bytes  JMP 5630B2EA C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\plugin-container.exe[4688] USER32.dll!ToUnicodeEx + 71                              77042223 7 Bytes  JMP 56304E6D C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5584] ntdll.dll!LdrGetProcedureAddress + 26                            777522A9 7 Bytes  JMP 59F01FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5584] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                    7788941E 7 Bytes  JMP 563B049D C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5584] kernel32.dll!QueryPerformanceCounter + 13                        7788C425 7 Bytes  JMP 563B0455 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5584] kernel32.dll!LoadAppInitDlls + 355                                7788F4E6 7 Bytes  JMP 55FC5A06 C:\Program Files\Mozilla Firefox\xul.dll
.text          C:\Program Files\Mozilla Firefox\firefox.exe[5584] GDI32.dll!GetViewportOrgEx + 26C                                  76D3884B 7 Bytes  JMP 563B04C4 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                              Wdf01000.sys
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                              Wdf01000.sys

Device          \Driver\BTHUSB \Device\00000072                                                                                      bthport.sys
Device          \Driver\BTHUSB \Device\00000074                                                                                      bthport.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0016cee7f750                                         
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0016cee7f750 (not active ControlSet)                     
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                                        1800

---- EOF - GMER 2.1 ----
Da die Logfiles zu groß sind, habe ich den Logfile von AVIRA ANTIVIRUS angehängt.


Vielen Dank und viele Grüße!

schrauber 08.04.2014 06:31
hi,

Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

neu71 08.04.2014 12:31
Hallo schrauber,

vielen Dank für Deine Hilfe!

Ich habe alle Aktionen wie beschrieben ausgeführt. Hier sind die Logfiles:

MALWAREBYTES ANTI-MALWARE:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 08.04.2014 11:31:26, SYSTEM, NB001, Protection, Malware Protection, Starting,
Protection, 08.04.2014 11:31:26, SYSTEM, NB001, Protection, Malware Protection, Started,
Protection, 08.04.2014 11:31:26, SYSTEM, NB001, Protection, Malicious Website Protection, Starting,
Update, 08.04.2014 11:31:32, SYSTEM, NB001, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 08.04.2014 11:31:44, SYSTEM, NB001, Manual, Malware Database, 2014.3.4.9, 2014.4.8.2,
Protection, 08.04.2014 11:31:46, SYSTEM, NB001, Protection, Refresh, Starting,
Protection, 08.04.2014 11:32:08, SYSTEM, NB001, Protection, Malicious Website Protection, Started,
Protection, 08.04.2014 11:32:08, SYSTEM, NB001, Protection, Malicious Website Protection, Stopping,
Protection, 08.04.2014 11:32:08, SYSTEM, NB001, Protection, Malicious Website Protection, Stopped,
Protection, 08.04.2014 11:32:15, SYSTEM, NB001, Protection, Refresh, Success,
Protection, 08.04.2014 11:32:15, SYSTEM, NB001, Protection, Malicious Website Protection, Starting,
Protection, 08.04.2014 11:32:16, SYSTEM, NB001, Protection, Malicious Website Protection, Started,
Detection, 08.04.2014 12:09:14, SYSTEM, NB001, Protection, Malware Protection, File, PUP.Optional.Searchprotect, C:\Program Files\Amazon Browser Bar\search_protect.exe, Quarantine, [657d3ceb59221e18e681fc186a97af51]
Protection, 08.04.2014 12:19:30, SYSTEM, NB001, Protection, Malware Protection, Starting,
Protection, 08.04.2014 12:19:30, SYSTEM, NB001, Protection, Malware Protection, Started,
Protection, 08.04.2014 12:19:30, SYSTEM, NB001, Protection, Malicious Website Protection, Starting,
Protection, 08.04.2014 12:22:50, SYSTEM, NB001, Protection, Malicious Website Protection, Started,
Detection, 08.04.2014 12:26:56, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49335, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:26:57, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49335, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:26:57, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49342, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:27:01, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49374, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:28:24, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49634, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:28:30, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49677, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:28:31, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49679, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:28:40, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49711, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,
Detection, 08.04.2014 12:28:41, SYSTEM, NB001, Protection, Malicious Website Protection, IP, 5.153.38.132, qop.frmclstr.net, 49712, Outbound, C:\Program Files\Mozilla Firefox\firefox.exe,

(end)
ADWCLEANER:

Code:
# AdwCleaner v3.023 - Bericht erstellt am 08/04/2014 um 12:43:01
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Administrator - NB001
# Gestartet von : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndipknmjijnalnkamonmljeaojdbpna
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EC10355-92E3-451C-A1A8-598F84D0020A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EC10355-92E3-451C-A1A8-598F84D0020A}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78A7CC67-DD2D-433C-86B1-DA5622D20E1F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{78A7CC67-DD2D-433C-86B1-DA5622D20E1F}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{775C9BFF-0006-4A0E-A8BF-F751CABE9816}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{775C9BFF-0006-4A0E-A8BF-F751CABE9816}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73CBBDFA-C022-4F19-897B-1A407A15DEEA}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB7252E8-1C61-4BE0-A628-6E4FAB6344FD}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB7252E8-1C61-4BE0-A628-6E4FAB6344FD}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73CBBDFA-C022-4F19-897B-1A407A15DEEA}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B2185A4-F12D-4526-9A64-68985C62F4FF}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B2185A4-F12D-4526-9A64-68985C62F4FF}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1B3261E5-9809-4571-8517-CAFE7A980C8B}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B3261E5-9809-4571-8517-CAFE7A980C8B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0044150.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051578.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051682.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051682.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051682.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0051682.Sandbox.1
Schlüssel Gelöscht : HKCU\Software\968c8db369bf10
Schlüssel Gelöscht : HKLM\SOFTWARE\968c8db369bf10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511151178}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511161182}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522152278}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522162282}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555155578}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555165582}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566156678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566166682}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544154478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544164482}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511151178}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511161182}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DSite
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.previous_page.value", "%22hxxp%3A//www.awesomehp.com/%3Ftype%3Dsc%26ts%3D1393531193%26from%[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "144ef06671dbb347601355ad49808046");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "6");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "3BA9B4D944838CA91285D573DD00828B");
Zeile gelöscht : user_pref("extensions.delta.id", "b0bd7eca0000000000000016cee7f750");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15954");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.622:15:21");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.622:15:21");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4997");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v33.0.1750.154

[ Datei : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : search_url
Gelöscht : keyword
Gelöscht : homepage

*************************

AdwCleaner[R0].txt - [22608 octets] - [08/04/2014 12:32:40]
AdwCleaner[R1].txt - [18503 octets] - [08/04/2014 12:40:42]
AdwCleaner[S0].txt - [4711 octets] - [08/04/2014 12:35:46]
AdwCleaner[S1].txt - [15372 octets] - [08/04/2014 12:43:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15433 octets] ##########
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Administrator on 08.04.2014 at 13:05:34,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1518153914-1331252380-3142676199-500\Software\sweetim



~~~ Files

Successfully deleted: [File] "C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\20maij8h.default\prefs.js

user_pref("extensions.a13c471d96cbb4c089dd18dc16c66bb1fcf5065afca24464aa637af7582a82514com51578.51578.cookie.previous_page.value", "%22hxxp%3A//www.awesomehp.com/%3Ftype%3Dsc%
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\20maij8h.default\minidumps [81 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.04.2014 at 13:10:59,24
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 26 days old and could be outdated)
Ran by Administrator (administrator) on NB001 on 08-04-2014 13:16:12
Running from C:\Users\Administrator\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2342200 2012-07-05] (Synaptics Incorporated)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [365512 2012-06-28] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x321D48DB7D3CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ie_sp_IS0
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_nt_IS0
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_sp_IS0
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-03-29]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\donottrackplus@abine.com [2014-03-29]
FF Extension: BrowserAdditions - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\toolbarbutton@browseradditions.com [2013-09-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: awesomehp
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (McAfee Security Scan+) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-27]
CHR Extension: (Feven Pro 1.2) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]

========================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 Irmon; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-01-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-01-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-01-03] (Avira Operations GmbH & Co. KG)
R3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-14] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pppop; system32\DRIVERS\pppop.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-08 13:16 - 2014-04-08 13:16 - 00015767 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-04-08 12:54 - 2014-04-08 12:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 12:53 - 2014-04-08 12:53 - 01016261 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-04-08 12:31 - 2014-04-08 12:43 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:31 - 2014-04-08 12:31 - 01426178 _____ () C:\Users\Administrator\Downloads\adwcleaner.exe
2014-04-08 11:31 - 2014-04-08 13:01 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 11:31 - 2014-04-08 11:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 11:30 - 2014-04-08 11:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 11:30 - 2014-04-08 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 11:30 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 11:30 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 11:30 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 11:27 - 2014-04-08 11:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:25 - 2014-04-08 10:25 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-04-08 10:25 - 2014-04-08 10:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-08 10:23 - 2014-04-08 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-04-07 23:54 - 2014-04-08 13:12 - 00000000 ____D () C:\Users\Administrator\Desktop\Dokumente Trojaner
2014-04-07 23:33 - 2014-04-07 23:37 - 148281272 _____ () C:\Users\Administrator\Downloads\avira_antivirus_suite_de.exe
2014-04-07 22:24 - 2014-04-07 22:24 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-04-07 22:19 - 2014-04-08 13:16 - 00000000 ____D () C:\FRST
2014-04-07 22:17 - 2014-04-07 22:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-04-07 22:11 - 2014-04-07 22:11 - 00000260 _____ () C:\Users\Administrator\Downloads\defogger_enable.log
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe
2014-04-07 21:56 - 2014-04-07 21:56 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-04-07 11:42 - 2014-04-07 11:42 - 00000000 ____D () C:\ProgramData\Sony
2014-04-04 13:52 - 2014-04-04 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2014-04-04 13:51 - 2014-04-04 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2014-04-04 13:26 - 2014-04-07 10:31 - 00000000 ____D () C:\Program Files\Opera
2014-03-23 15:35 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-23 15:35 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-23 15:35 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-23 15:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-23 15:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-23 15:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-23 15:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-23 15:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-23 15:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-23 15:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-23 15:35 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-23 15:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-23 15:35 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-23 15:35 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-23 15:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-23 15:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-23 15:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-23 15:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-23 15:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-23 15:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-23 15:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-23 15:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-23 15:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-23 15:35 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-23 15:34 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-23 15:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-23 15:33 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

==================== One Month Modified Files and Folders =======

2014-04-08 13:16 - 2014-04-08 13:16 - 00015767 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-04-08 13:16 - 2014-04-07 22:19 - 00000000 ____D () C:\FRST
2014-04-08 13:15 - 2012-09-24 22:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-08 13:12 - 2014-04-07 23:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Dokumente Trojaner
2014-04-08 13:07 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-08 13:07 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-08 13:01 - 2014-04-08 11:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 12:57 - 2014-02-27 22:16 - 00001610 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-04-08 12:57 - 2014-02-27 22:15 - 00001584 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-updater.job
2014-04-08 12:57 - 2014-02-27 22:15 - 00001524 _____ () C:\Windows\Tasks\Feven Pro 1.2-updater.job
2014-04-08 12:57 - 2014-02-27 22:14 - 00001464 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-04-08 12:57 - 2014-02-27 22:13 - 00001566 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-04-08 12:57 - 2014-02-27 22:10 - 00001438 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-enabler.job
2014-04-08 12:57 - 2014-02-27 22:08 - 00001378 _____ () C:\Windows\Tasks\Feven Pro 1.2-enabler.job
2014-04-08 12:57 - 2014-02-27 22:05 - 00002398 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-04-08 12:57 - 2014-02-27 22:05 - 00001540 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job
2014-04-08 12:57 - 2014-02-27 22:03 - 00003124 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-04-08 12:57 - 2014-02-27 22:03 - 00001480 _____ () C:\Windows\Tasks\Feven Pro 1.2-codedownloader.job
2014-04-08 12:57 - 2014-02-27 22:02 - 00002654 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-firefoxinstaller.job
2014-04-08 12:57 - 2014-02-27 22:01 - 00002284 _____ () C:\Windows\Tasks\Feven Pro 1.2-firefoxinstaller.job
2014-04-08 12:57 - 2014-02-27 22:00 - 00003144 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-chromeinstaller.job
2014-04-08 12:57 - 2014-02-27 22:00 - 00003104 _____ () C:\Windows\Tasks\Feven Pro 1.2-chromeinstaller.job
2014-04-08 12:57 - 2012-09-24 22:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 12:57 - 2012-09-23 21:43 - 00028697 _____ () C:\Windows\setupact.log
2014-04-08 12:57 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-08 12:56 - 2012-08-22 09:04 - 01129354 _____ () C:\Windows\WindowsUpdate.log
2014-04-08 12:54 - 2014-04-08 12:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 12:53 - 2014-04-08 12:53 - 01016261 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-04-08 12:43 - 2014-04-08 12:31 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:43 - 2013-09-17 14:54 - 00001037 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-08 12:43 - 2012-09-21 13:14 - 00001164 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-08 12:37 - 2012-09-24 22:06 - 00001236 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 12:37 - 2012-09-23 21:55 - 00001007 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-08 12:31 - 2014-04-08 12:31 - 01426178 _____ () C:\Users\Administrator\Downloads\adwcleaner.exe
2014-04-08 12:30 - 2012-09-24 22:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-08 12:18 - 2010-11-20 23:48 - 00379084 _____ () C:\Windows\PFRO.log
2014-04-08 11:31 - 2014-04-08 11:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 11:31 - 2014-04-08 11:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 11:30 - 2014-04-08 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 11:28 - 2014-04-08 11:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:25 - 2014-04-08 10:25 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-04-08 10:25 - 2014-04-08 10:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-08 10:23 - 2014-04-08 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-04-08 10:07 - 2012-09-23 21:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-08 00:04 - 2014-02-26 17:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-07 23:41 - 2013-10-27 14:15 - 00002012 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-07 23:37 - 2014-04-07 23:33 - 148281272 _____ () C:\Users\Administrator\Downloads\avira_antivirus_suite_de.exe
2014-04-07 22:24 - 2014-04-07 22:24 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-04-07 22:17 - 2014-04-07 22:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-04-07 22:11 - 2014-04-07 22:11 - 00000260 _____ () C:\Users\Administrator\Downloads\defogger_enable.log
2014-04-07 22:11 - 2012-09-21 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe
2014-04-07 21:56 - 2014-04-07 21:56 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-04-07 12:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-07 12:40 - 2012-09-24 22:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-07 12:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-07 12:09 - 2012-09-21 12:54 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-07 11:46 - 2012-09-21 12:05 - 00213776 _____ () C:\Windows\DPINST.LOG
2014-04-07 11:46 - 2010-11-20 23:01 - 01627884 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 11:42 - 2014-04-07 11:42 - 00000000 ____D () C:\ProgramData\Sony
2014-04-07 11:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-07 11:36 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-07 11:35 - 2014-02-27 22:00 - 00000000 ____D () C:\Program Files\Feven Pro 1.2
2014-04-07 11:35 - 2014-02-14 01:38 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-07 11:35 - 2013-11-25 00:37 - 00000000 ____D () C:\Program Files\Sony
2014-04-07 11:35 - 2012-11-20 18:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-07 11:35 - 2012-08-23 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-07 11:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-07 11:29 - 2012-09-24 22:21 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-07 10:31 - 2014-04-04 13:26 - 00000000 ____D () C:\Program Files\Opera
2014-04-07 10:31 - 2011-04-12 03:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-04 15:07 - 2012-09-21 12:40 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-04 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-04-04 13:52 - 2014-04-04 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2014-04-04 13:51 - 2014-04-04 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2014-04-03 09:51 - 2014-04-08 11:30 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 11:30 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 11:30 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2012-08-22 09:52 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-26 04:37 - 2014-01-19 13:39 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-24 04:30 - 2009-07-14 06:33 - 00410064 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-24 04:08 - 2012-08-23 15:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-24 04:06 - 2013-08-16 07:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-24 04:02 - 2012-08-22 10:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.228.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 01:32

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 09.04.2014 08:32

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

neu71 10.04.2014 21:04
Hallo schrauber,

anbei die Logfiles.

Die Probleme sind verschwunden.

Vielen Dank für Deine Hilfe!!!:daumenhoc:dankeschoen:

ESET:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=501d63f9bbc3d047b2760741927a69e7
# engine=17823
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-09 08:41:07
# local_time=2014-04-09 10:41:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 208207 148707258 0 0
# scanned=20298
# found=0
# cleaned=0
# scan_time=2892
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=501d63f9bbc3d047b2760741927a69e7
# engine=17823
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-09 11:49:23
# local_time=2014-04-10 01:49:23 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 219503 148718554 0 0
# scanned=126267
# found=2
# cleaned=0
# scan_time=11227
sh=1DDC39E810FA90F8B11DFE07640EC359F66FC1FC ft=1 fh=f2284be2c764232b vn="multiple threats" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98YHPYN2\WebCakesetup[1].exe"
sh=2B85B6F486D3007E991431C1045B95ADD706A503 ft=0 fh=0000000000000000 vn="Win32/TrojanDownloader.Wauchos.A trojan" ac=I fn="C:\Users\Administrator\Documents\samsung\Kies\Backup\GT-I9300\GT-I9300_\GT-I9300_20131124031754\Others\Download\Flugscheindetails.zip"
SECURITYCHECK:

Code:
Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
  Adobe Flash Player        11.8.800.168 Flash Player out of Date! 
 Adobe Reader XI 
 Mozilla Firefox (28.0)
 Google Chrome 33.0.1750.154 
 Google Chrome 34.0.1847.116 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
FRST


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by Administrator (administrator) on NB001 on 10-04-2014 21:59:49
Running from C:\Users\Administrator\Downloads
Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Lenovo) C:\Windows\system32\ibmpmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\system32\AEADISRV.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(TomTom) C:\Program Files\MyTomTom 3\MyTomTomSA.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [180224 2012-06-21] (Lenovo.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2342200 2012-07-05] (Synaptics Incorporated)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [365512 2012-06-28] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-21] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-04-08] ()
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [AutoStartNPSAgent] - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-03-22] (TomTom)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [MyTomTomSA.exe] - C:\Program Files\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKU\S-1-5-21-1518153914-1331252380-3142676199-500\...\Run: [Sony PC Companion] - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x321D48DB7D3CCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ie_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ie_sp_IS0
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_nt_IS0
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_sp_IS0
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p07_serp_ff_de_display?ie=UTF8&tagbase=bds-p07&tag=bds-p07-serp-de-ff-21&tbrId=v1_abb-channel-7_7d166af6715144058f905c7795ec972e_30_46_20131124_DE_ff_ab_IS0&query=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HQ-Video-Profession-1.3 - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\13c471d9-6cbb-4c08-9dd1-8dc16c66bb1f@cf5065af-ca24-464a-a637-af7582a82514.com [2014-03-29]
FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\donottrackplus@abine.com [2014-03-29]
FF Extension: BrowserAdditions - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\20maij8h.default\Extensions\toolbarbutton@browseradditions.com [2013-09-06]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: awesomehp
CHR DefaultSearchURL: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (McAfee Security Scan+) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-27]
CHR Extension: (Feven Pro 1.2) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcjbopemebdnolilndkpjfmhakccapkh [2014-03-04]
CHR Extension: (Google Wallet) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]

========================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files\Avira\AntiVir Desktop\avmailc7.exe [910416 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-21] (Avira Operations GmbH & Co. KG)
S2 HOSTS Anti-PUPs; C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-04-08] ()
S2 Irmon; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-16] (McAfee, Inc.)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S2 APNMCP; "C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-01-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-01-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [69240 2014-01-03] (Avira Operations GmbH & Co. KG)
R3 BTHprint; C:\Windows\System32\DRIVERS\bthprint.sys [50688 2009-07-14] (Microsoft Corporation)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-10-10] (Avira GmbH)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 pppop; system32\DRIVERS\pppop.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-10 21:54 - 2014-04-10 21:54 - 00987448 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-04-09 21:49 - 2014-04-09 21:49 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe
2014-04-09 21:01 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 21:01 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 21:01 - 2014-03-04 11:17 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 21:01 - 2014-02-04 04:07 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 21:01 - 2014-02-04 04:07 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 21:01 - 2014-02-04 04:07 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 21:01 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 21:01 - 2014-01-24 04:18 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-08 20:58 - 2014-04-08 20:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\calibre-cache
2014-04-08 20:56 - 2014-04-08 21:33 - 00000000 ____D () C:\Users\Administrator\Documents\Calibre-Bibliothek
2014-04-08 20:56 - 2014-04-08 21:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\calibre
2014-04-08 20:53 - 2014-04-08 20:53 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-04-08 20:53 - 2014-04-08 20:53 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-08 20:47 - 2014-04-08 20:50 - 54832128 _____ () C:\Users\Administrator\Downloads\calibre-1.31.0.msi
2014-04-08 13:36 - 2014-04-08 13:38 - 00001139 _____ () C:\Users\Administrator\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-04-08 13:36 - 2014-04-08 13:38 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-04-08 13:16 - 2014-04-10 21:59 - 00015755 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-04-08 12:54 - 2014-04-08 12:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 12:53 - 2014-04-08 12:53 - 01016261 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-04-08 12:31 - 2014-04-08 12:43 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:31 - 2014-04-08 12:31 - 01426178 _____ () C:\Users\Administrator\Downloads\adwcleaner.exe
2014-04-08 11:31 - 2014-04-10 09:53 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 11:31 - 2014-04-08 11:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 11:30 - 2014-04-08 11:31 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 11:30 - 2014-04-08 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 11:30 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-08 11:30 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-08 11:30 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-08 11:27 - 2014-04-08 11:28 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:25 - 2014-04-08 10:25 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-04-08 10:25 - 2014-04-08 10:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-08 10:23 - 2014-04-08 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-04-07 23:54 - 2014-04-08 13:12 - 00000000 ____D () C:\Users\Administrator\Desktop\Dokumente Trojaner
2014-04-07 23:33 - 2014-04-07 23:37 - 148281272 _____ () C:\Users\Administrator\Downloads\avira_antivirus_suite_de.exe
2014-04-07 22:24 - 2014-04-07 22:24 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-04-07 22:19 - 2014-04-10 21:59 - 00000000 ____D () C:\FRST
2014-04-07 22:17 - 2014-04-07 22:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-04-07 22:11 - 2014-04-07 22:11 - 00000260 _____ () C:\Users\Administrator\Downloads\defogger_enable.log
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe
2014-04-07 21:56 - 2014-04-07 21:56 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-04-07 11:42 - 2014-04-07 11:42 - 00000000 ____D () C:\ProgramData\Sony
2014-04-04 13:52 - 2014-04-04 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2014-04-04 13:51 - 2014-04-04 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2014-04-04 13:26 - 2014-04-07 10:31 - 00000000 ____D () C:\Program Files\Opera
2014-03-23 15:35 - 2014-03-01 06:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-23 15:35 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-23 15:35 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-23 15:35 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-23 15:35 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-23 15:35 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-23 15:35 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-23 15:35 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-23 15:35 - 2014-03-01 05:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-23 15:35 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-23 15:35 - 2014-03-01 05:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-23 15:35 - 2014-03-01 05:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-23 15:35 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-23 15:35 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-23 15:35 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-23 15:35 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-23 15:35 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-23 15:35 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-23 15:35 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-23 15:35 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-23 15:35 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-23 15:35 - 2014-01-28 04:07 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-23 15:34 - 2014-02-07 03:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-23 15:34 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-23 15:33 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

==================== One Month Modified Files and Folders =======

2014-04-10 22:00 - 2014-04-08 13:16 - 00015755 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-04-10 21:59 - 2014-04-07 22:19 - 00000000 ____D () C:\FRST
2014-04-10 21:54 - 2014-04-10 21:54 - 00987448 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-04-10 21:30 - 2012-09-24 22:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 21:16 - 2014-02-27 22:16 - 00001610 _____ () C:\Windows\Tasks\MediaPlayerEnhance-updater.job
2014-04-10 21:15 - 2014-02-27 22:15 - 00001584 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-updater.job
2014-04-10 21:15 - 2014-02-27 22:15 - 00001524 _____ () C:\Windows\Tasks\Feven Pro 1.2-updater.job
2014-04-10 21:15 - 2014-02-27 22:14 - 00001464 _____ () C:\Windows\Tasks\MediaPlayerEnhance-enabler.job
2014-04-10 21:15 - 2012-09-24 22:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 21:14 - 2014-02-27 22:13 - 00001566 _____ () C:\Windows\Tasks\MediaPlayerEnhance-codedownloader.job
2014-04-10 21:14 - 2014-02-27 22:10 - 00001438 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-enabler.job
2014-04-10 21:13 - 2014-02-27 22:08 - 00001378 _____ () C:\Windows\Tasks\Feven Pro 1.2-enabler.job
2014-04-10 21:12 - 2014-02-27 22:05 - 00002398 _____ () C:\Windows\Tasks\MediaPlayerEnhance-firefoxinstaller.job
2014-04-10 21:10 - 2014-02-27 22:05 - 00001540 _____ () C:\Windows\Tasks\HQ-Video-Profession-1.3-codedownloader.job
2014-04-10 21:08 - 2014-02-27 22:03 - 00001480 _____ () C:\Windows\Tasks\Feven Pro 1.2-codedownloader.job
2014-04-10 21:04 - 2014-02-27 22:03 - 00003124 _____ () C:\Windows\Tasks\MediaPlayerEnhance-chromeinstaller.job
2014-04-10 21:02 - 2014-02-27 22:01 - 00002284 _____ () C:\Windows\Tasks\Feven Pro 1.2-firefoxinstaller.job
2014-04-10 21:00 - 2014-02-27 22:00 - 00003104 _____ () C:\Windows\Tasks\Feven Pro 1.2-chromeinstaller.job
2014-04-10 20:30 - 2012-08-22 09:04 - 01465344 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 17:15 - 2012-09-24 22:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 09:53 - 2014-04-08 11:31 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 04:16 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:40 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 03:40 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 03:32 - 2012-09-21 12:05 - 00218764 _____ () C:\Windows\DPINST.LOG
2014-04-10 03:25 - 2012-09-23 21:43 - 00031194 _____ () C:\Windows\setupact.log
2014-04-10 03:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 03:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-04-10 03:07 - 2012-08-23 15:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 03:05 - 2013-08-16 07:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:02 - 2012-08-22 10:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 21:51 - 2010-11-20 23:01 - 01627884 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-09 21:49 - 2014-04-09 21:49 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe
2014-04-09 20:40 - 2012-09-24 22:06 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 21:33 - 2014-04-08 20:56 - 00000000 ____D () C:\Users\Administrator\Documents\Calibre-Bibliothek
2014-04-08 21:12 - 2014-04-08 20:56 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\calibre
2014-04-08 20:58 - 2014-04-08 20:58 - 00000000 ____D () C:\Users\Administrator\AppData\Local\calibre-cache
2014-04-08 20:53 - 2014-04-08 20:53 - 00000930 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2014-04-08 20:53 - 2014-04-08 20:53 - 00000000 ____D () C:\Program Files\Calibre2
2014-04-08 20:50 - 2014-04-08 20:47 - 54832128 _____ () C:\Users\Administrator\Downloads\calibre-1.31.0.msi
2014-04-08 18:47 - 2014-02-27 22:00 - 00000000 ____D () C:\Program Files\Feven Pro 1.2
2014-04-08 13:38 - 2014-04-08 13:36 - 00001139 _____ () C:\Users\Administrator\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-04-08 13:38 - 2014-04-08 13:36 - 00000000 ____D () C:\Program Files\Hosts_Anti_Adwares_PUPs
2014-04-08 13:12 - 2014-04-07 23:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Dokumente Trojaner
2014-04-08 12:54 - 2014-04-08 12:54 - 00000000 ____D () C:\Windows\ERUNT
2014-04-08 12:53 - 2014-04-08 12:53 - 01016261 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-04-08 12:43 - 2014-04-08 12:31 - 00000000 ____D () C:\AdwCleaner
2014-04-08 12:43 - 2013-09-17 14:54 - 00001037 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-08 12:43 - 2012-09-21 13:14 - 00001164 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-08 12:37 - 2012-09-23 21:55 - 00001007 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-08 12:31 - 2014-04-08 12:31 - 01426178 _____ () C:\Users\Administrator\Downloads\adwcleaner.exe
2014-04-08 12:18 - 2010-11-20 23:48 - 00379084 _____ () C:\Windows\PFRO.log
2014-04-08 11:31 - 2014-04-08 11:31 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-08 11:31 - 2014-04-08 11:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 11:30 - 2014-04-08 11:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-08 11:28 - 2014-04-08 11:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-08 10:25 - 2014-04-08 10:25 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-04-08 10:25 - 2014-04-08 10:25 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-08 10:23 - 2014-04-08 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-04-08 10:07 - 2012-09-23 21:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-08 00:04 - 2014-02-26 17:52 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-07 23:41 - 2013-10-27 14:15 - 00002012 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-04-07 23:37 - 2014-04-07 23:33 - 148281272 _____ () C:\Users\Administrator\Downloads\avira_antivirus_suite_de.exe
2014-04-07 22:24 - 2014-04-07 22:24 - 00380416 _____ () C:\Users\Administrator\Downloads\Gmer-19357.exe
2014-04-07 22:17 - 2014-04-07 22:17 - 01145856 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-04-07 22:11 - 2014-04-07 22:11 - 00000260 _____ () C:\Users\Administrator\Downloads\defogger_enable.log
2014-04-07 22:11 - 2012-09-21 13:13 - 00000000 ____D () C:\Users\Administrator
2014-04-07 22:10 - 2014-04-07 22:10 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger(1).exe
2014-04-07 21:56 - 2014-04-07 21:56 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-04-07 12:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-04-07 12:40 - 2012-09-24 22:21 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-07 12:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-04-07 12:09 - 2012-09-21 12:54 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-07 11:42 - 2014-04-07 11:42 - 00000000 ____D () C:\ProgramData\Sony
2014-04-07 11:37 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-04-07 11:35 - 2014-02-14 01:38 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-07 11:35 - 2013-11-25 00:37 - 00000000 ____D () C:\Program Files\Sony
2014-04-07 11:35 - 2012-11-20 18:41 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-04-07 11:35 - 2012-08-23 16:41 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-07 11:35 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\AppCompat
2014-04-07 11:29 - 2012-09-24 22:21 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-07 10:31 - 2014-04-04 13:26 - 00000000 ____D () C:\Program Files\Opera
2014-04-07 10:31 - 2011-04-12 03:39 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-04 15:07 - 2012-09-21 12:40 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-04 13:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\config\Journal
2014-04-04 13:52 - 2014-04-04 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Opera Software
2014-04-04 13:51 - 2014-04-04 13:51 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Opera Software
2014-04-03 09:51 - 2014-04-08 11:30 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-08 11:30 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-08 11:30 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2012-08-22 09:52 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 02:13 - 2014-04-09 21:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 21:01 - 17073152 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-26 04:37 - 2014-01-19 13:39 - 00001972 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-03-24 04:30 - 2009-07-14 06:33 - 00410064 _____ () C:\Windows\system32\FNTCACHE.DAT

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.228.dll


Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\BackupSetup.exe
C:\Users\Administrator\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
C:\Users\Administrator\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 11:33

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 13.04.2014 13:45
Flash updaten.


Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.



Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:55 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19