Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 und 8: Statt des Link Zieles kommt Werbung (Erneuern Sie Ihren ...) (https://www.trojaner-board.de/152460-windows-7-8-statt-link-zieles-kommt-werbung-erneuern-ihren.html)

Emmaline 13.04.2014 19:40
Windows 7 und 8: Statt des Link Zieles kommt Werbung (Erneuern Sie Ihren ...)
 
Hallo,

ich habe hier 2 PCs (Windows 7) und einen Laptop (8) mit dem gleichen Problem. Beim Öffnen von Links kommt Werbung/ Meldungen und nicht das gewünschte Ziel. Mal öffnet sich nur ein Fenster, mal ganz viele. Es sind ca. 6 verschiedene Meldungen die sich wiederholen:
- Windows PC Reparatur
- Bitte aktualisieren sie Java/ Mediaplay/ Videoplayer/ Firefox
- Ihr Windows hat einen Fehler

Avira hat 4 Wahrnungen gefunden und die in die Quarantäne gesteckt, aber das Problem war damit nicht behoben.

Hier die Avira Ergebnisse:
Leider bin ich zu blöd die exportierrten Ergebisse einzufügen und habe auch nirgendwo eine Hilfe dazu gefunden.

Hier die defogger_disable Ergebnisse:
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:40 on 13/04/2014 (Lorelay)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Hier die FRST Ergebnisse:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Lorelay (ATTENTION: The logged in user is not administrator) on Lorelay-PC on 13-04-2014 17:45:30
Running from C:\Users\Lorelay\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Lorelay\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Lorelay\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Iminent) C:\Program Files (x86)\Iminent\Iminent.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Lorelay\AppData\Local\Apps\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Lorelay\AppData\Local\Apps\Evernote\Evernote\EvernoteTray.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-10] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Iminent] - C:\Program Files (x86)\Iminent\Iminent.exe [1074376 2012-12-12] (Iminent)
HKLM-x32\...\Run: [IminentMessenger] - C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884936 2012-12-12] (Iminent)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Runonce: [VOPackage] - C:\Users\Lorelay\AppData\Roaming\VOPackage\VOPackage.exe /runonce [X]
HKU\S-1-5-21-3979088316-405595985-3978638949-1001\...\Run: [icq] - C:\Users\Lorelay\AppData\Roaming\ICQM\icq.exe [27453288 2013-03-07] (ICQ)
HKU\S-1-5-21-3979088316-405595985-3978638949-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3979088316-405595985-3978638949-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3979088316-405595985-3978638949-1001\...\MountPoints2: {47e8a16e-0ef0-11e2-bdbf-001e8c804aa9} - G:\pushinst.exe
HKU\S-1-5-21-3979088316-405595985-3978638949-1001\...\MountPoints2: {f474a15f-0edf-11e2-aa4b-806e6f6e6963} - J:\Start.exe
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lorelay\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Lorelay\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3979088316-405595985-3978638949-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.iminent.com/?appId=932475FC-7416-4A83-9341-C862AD5B7DA2
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDD14BC0505F1CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968&q={searchTerms}
SearchScopes: HKLM-x32 - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - DefaultScope {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL = hxxp://search.iminent.com/?appId=[AppInstanceUid]&ref=toolbox&q={searchTerms}
SearchScopes: HKCU - {FFEBBF0A-C22C-4172-89FF-45215A135AC8} URL = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
BHO: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho64.dll (Freeven)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: MediaPlayerplus - {11111111-1111-1111-1111-110511421146} - C:\Program Files (x86)\MediaPlayerplus\MediaPlayerplus-bho.dll (Freeven)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: FoxTab - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - C:\Users\Lorelay\AppData\LocalLow\FoxTab\IE\FoxTab.dll No File
BHO-x32: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\r7mxushs.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SearchEngineOrder.1: Search the web (Babylon)
FF SelectedSearchEngine: SearchTheWeb
FF Homepage: about:home
FF Keyword.URL: hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=d4a97d28-fddb-49b8-aef5-b9f6e29800ee&apn_ptnrs=%5EAGS&apn_sauid=723C7D07-093F-41FC-8299-10356595D3FA&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: MediaPlayerplus - C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\r7mxushs.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-11]
FF Extension: FoxTab - C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\r7mxushs.default\Extensions\addon@foxtab.com [2012-11-15]
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files (x86)\Iminent\webbooster@iminent.com
FF Extension: Iminent Minibar - C:\Program Files (x86)\Iminent\webbooster@iminent.com [2013-01-05]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\xpbaw7hi.default\extensions\quick_start@gmail.com
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1397243795&from=tugs&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EC62896828968

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor9.0; D:\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [688240 2014-03-31] (Cherished Technololgy LIMITED)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe [141824 2014-04-11] ()
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
R2 SProtection; C:\Program Files (x86)\Common Files\Umbrella\Umbrella.exe [2620016 2013-01-24] (Iminent)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [566272 2014-04-11] (Cherished Technololgy LIMITED)
R2 vosr; C:\Users\Lorelay\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-13 17:45 - 2014-04-13 17:45 - 00019866 _____ () C:\Users\Lorelay\Downloads\FRST.txt
2014-04-13 17:45 - 2014-04-13 17:45 - 00000000 ____D () C:\FRST
2014-04-13 17:44 - 2014-04-13 17:44 - 02157568 _____ (Farbar) C:\Users\Lorelay\Downloads\FRST64.exe
2014-04-13 17:40 - 2014-04-13 17:40 - 00000488 _____ () C:\Users\Lorelay\Downloads\defogger_disable.log
2014-04-13 17:37 - 2014-04-13 17:37 - 00050477 _____ () C:\Users\Lorelay\Downloads\Defogger.exe
2014-04-11 21:19 - 2014-04-11 21:24 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\ProgramData\WPM
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-11 21:18 - 2014-04-12 21:19 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-11 21:18 - 2014-04-11 21:39 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-11 21:17 - 2014-04-13 17:27 - 00001520 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-04-11 21:17 - 2014-04-13 17:27 - 00001442 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-04-11 21:17 - 2014-04-13 17:27 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-04-11 21:16 - 2014-04-13 17:27 - 00003138 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-04-11 21:16 - 2014-04-13 17:27 - 00002210 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-04-11 21:16 - 2014-04-11 21:18 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-11 21:16 - 2014-04-11 21:17 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-11 21:16 - 2014-04-11 21:16 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-04-11 21:15 - 2014-04-13 17:27 - 00000422 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-11 21:15 - 2014-04-13 17:27 - 00000412 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-11 21:15 - 2014-04-11 21:15 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-11 21:15 - 2014-04-11 21:15 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-11 21:11 - 2014-04-11 21:11 - 00634288 _____ () C:\Users\Lorelay\Downloads\Player_Setup.exe
2014-04-11 21:11 - 2014-04-11 21:11 - 00634288 _____ () C:\Users\Lorelay\Downloads\Player_Setup(1).exe
2014-04-10 20:30 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 20:30 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 20:30 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 20:30 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 20:30 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 20:30 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 20:30 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 20:30 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 20:30 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 20:30 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 20:30 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 20:30 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 20:30 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 20:30 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 20:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 20:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-06 11:34 - 2014-04-06 11:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 21:06 - 2014-03-20 21:06 - 00000000 ____D () C:\Users\Lorelay\Documents\Adobe
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\Samsung Link
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Upload
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-03-18 19:17 - 2014-03-18 19:18 - 00000000 ____D () C:\Program Files\Samsung
2014-03-18 18:59 - 2014-03-18 19:06 - 90675040 _____ (Copyright 2013 SAMSUNG) C:\Users\Lorelay\Downloads\SamsungLink_Installer64.exe
2014-03-18 17:44 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 17:44 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 17:44 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 17:43 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 17:43 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 17:43 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 17:43 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 17:43 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 17:43 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 17:43 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 17:43 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 17:43 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 17:43 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 17:43 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 17:43 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 17:43 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 17:43 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 17:43 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 17:43 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 17:43 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 17:43 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 17:43 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 17:43 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 17:43 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 17:43 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 17:43 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 17:43 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 17:43 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 17:43 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 17:43 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 17:43 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 17:43 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 17:43 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 17:43 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 17:43 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 17:43 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 17:43 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 17:43 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 17:43 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 17:43 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 17:43 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 17:43 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 17:43 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 17:43 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-13 17:45 - 2014-04-13 17:45 - 00019866 _____ () C:\Users\Lorelay\Downloads\FRST.txt
2014-04-13 17:45 - 2014-04-13 17:45 - 00000000 ____D () C:\FRST
2014-04-13 17:44 - 2014-04-13 17:44 - 02157568 _____ (Farbar) C:\Users\Lorelay\Downloads\FRST64.exe
2014-04-13 17:41 - 2012-11-15 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 17:40 - 2014-04-13 17:40 - 00000488 _____ () C:\Users\Lorelay\Downloads\defogger_disable.log
2014-04-13 17:40 - 2012-10-05 13:36 - 00000000 ____D () C:\Users\Lorelay2
2014-04-13 17:37 - 2014-04-13 17:37 - 00050477 _____ () C:\Users\Lorelay\Downloads\Defogger.exe
2014-04-13 17:37 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-13 17:37 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-13 17:33 - 2012-10-05 13:32 - 01845728 _____ () C:\Windows\WindowsUpdate.log
2014-04-13 17:29 - 2014-01-04 14:37 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Dropbox
2014-04-13 17:27 - 2014-04-11 21:17 - 00001520 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job
2014-04-13 17:27 - 2014-04-11 21:17 - 00001442 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job
2014-04-13 17:27 - 2014-04-11 21:17 - 00001430 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job
2014-04-13 17:27 - 2014-04-11 21:16 - 00003138 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job
2014-04-13 17:27 - 2014-04-11 21:16 - 00002210 _____ () C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job
2014-04-13 17:27 - 2014-04-11 21:15 - 00000422 _____ () C:\Windows\Tasks\Re-markit Update.job
2014-04-13 17:27 - 2014-04-11 21:15 - 00000412 _____ () C:\Windows\Tasks\Re-markit_wd.job
2014-04-13 17:23 - 2013-01-05 17:18 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-13 17:23 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-13 17:23 - 2009-07-14 06:51 - 00044308 _____ () C:\Windows\setupact.log
2014-04-12 21:19 - 2014-04-11 21:18 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-11 23:54 - 2012-10-13 16:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 23:54 - 2012-10-13 16:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 21:39 - 2014-04-11 21:18 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-11 21:24 - 2014-04-11 21:19 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-11 21:23 - 2012-10-08 17:18 - 00171972 _____ () C:\Windows\PFRO.log
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\ProgramData\WPM
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-04-11 21:18 - 2014-04-11 21:16 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-11 21:17 - 2014-04-11 21:16 - 00000000 ____D () C:\Program Files (x86)\MediaPlayerplus
2014-04-11 21:16 - 2014-04-11 21:16 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-04-11 21:15 - 2014-04-11 21:15 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-11 21:15 - 2014-04-11 21:15 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-11 21:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-11 21:11 - 2014-04-11 21:11 - 00634288 _____ () C:\Users\Lorelay\Downloads\Player_Setup.exe
2014-04-11 21:11 - 2014-04-11 21:11 - 00634288 _____ () C:\Users\Lorelay\Downloads\Player_Setup(1).exe
2014-04-10 23:33 - 2013-01-05 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 23:32 - 2013-07-24 22:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 23:30 - 2013-01-27 19:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:47 - 2012-10-13 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-08 21:58 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 21:58 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 21:58 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-06 11:34 - 2014-04-06 11:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-31 03:16 - 2014-04-10 20:30 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 20:30 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-20 21:07 - 2012-10-05 15:27 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Adobe
2014-03-20 21:06 - 2014-03-20 21:06 - 00000000 ____D () C:\Users\Lorelay\Documents\Adobe
2014-03-20 16:14 - 2009-07-14 06:45 - 00442712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\Samsung Link
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Upload
2014-03-18 19:19 - 2012-10-05 14:59 - 00000000 ____D () C:\Users\Lorelay
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:17 - 00000000 ____D () C:\Program Files\Samsung
2014-03-18 19:06 - 2014-03-18 18:59 - 90675040 _____ (Copyright 2013 SAMSUNG) C:\Users\Lorelay\Downloads\SamsungLink_Installer64.exe
2014-03-18 18:47 - 2013-03-12 13:54 - 00002669 _____ () C:\Users\Public\Desktop\TAXMAN 2013 spezial.lnk

Some content of TEMP:
====================
C:\Users\Lorelay\AppData\Local\Temp\avgnt.exe
C:\Users\Lorelay\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
--- --- ---

--- --- ---


Hier die Addition Ergebnisse:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-04-2014 01
Ran by Lorelay at 2014-04-13 17:46:24
Running from C:\Users\Lorelay\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.6.0.5970 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 9 (HKLM-x32\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AllShare Framework DMS (HKLM\...\{83232C27-8C3F-44A5-9EB2-BB7161228ADD}) (Version: 1.3.23 - Samsung)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.5.0 - Ask.com) <==== ATTENTION
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.3.28481 - Ask.com) <==== ATTENTION
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin)
Babylon Chrome Toolbar (HKLM-x32\...\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}) (Version: 2.0.0.4 - Babylon Ltd) <==== ATTENTION
Babylon toolbar (HKLM-x32\...\BabylonToolbar) (Version: - BabylonToolbar) <==== ATTENTION
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.55.4 - Electronic Arts)
DMUninstaller (HKLM-x32\...\DMUninstaller) (Version: - ) <==== ATTENTION
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Evernote v. 5.1.2 (HKLM-x32\...\{12FB6296-8840-11E3-86D7-00163E98E7D0}) (Version: 5.1.2.2387 - Evernote Corp.)
HP Deskjet 3520 series - Grundlegende Software für das Gerät (HKLM\...\{15B2F0E3-3FAC-4495-B0FD-398EECFA4100}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Hilfe (HKLM-x32\...\{6B953497-169C-4929-9AA9-A9F510347468}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
ICQ 8.0 (build 6007, für aktuellen Benutzer) (HKCU\...\ICQ) (Version: 8.0.6007.0 - Mail.Ru)
Iminent (HKLM-x32\...\IMBoosterARP) (Version: 5.51.31.0 - Iminent) <==== ATTENTION
Iminent (x32 Version: 5.51.31.0 - Iminent) Hidden <==== ATTENTION
Iminent Toolbar For Internet Explorer (HKLM-x32\...\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}) (Version: 3.26.0 - Iminent) <==== ATTENTION
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
MediaPlayerplus (HKLM-x32\...\MediaPlayerplus) (Version: 1.34.4.10 - Freeven)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.4.1.210 - Electronic Arts, Inc.)
PhotoDose 4.5 (HKLM-x32\...\Photo Dose_is1) (Version: - )
Re-markit (HKLM-x32\...\C41FBC48-71F7-7251-7D3C-727F8A92664B) (Version: - Re-markit-software) <==== ATTENTION
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Samsung Link 1.8.0.1403131552 (HKLM\...\8474-7877-9059-0204) (Version: 1.8.0.1403131552 - Copyright 2013 SAMSUNG)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM-x32\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (x32 Version: 3.12.3090 - SmartSound Software Inc) Hidden
Studie zur Verbesserung von HP Deskjet 3520 series Produkten (HKLM\...\{A5BB6A58-BC1A-48A7-BB19-1768A80CF9C9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
TAXMAN 2013 spezial (HKLM-x32\...\{A9871B29-D96B-4AEB-BB32-3392C0160FF5}) (Version: 19.07.00.0004 - Haufe-Lexware GmbH & Co.KG)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - )
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches)
WinRAR 4.20 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WPM18.8.0.212 (HKLM-x32\...\WPM) (Version: 18.8.0.212 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-1.job => ?
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-2.job => ?
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-3.job => ?
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-4.job => ?
Task: C:\Windows\Tasks\0b09b8b1-b267-4ac3-a1e3-c3f904efd354-5.job => ?
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\APSnotifierPP1.job => ?
Task: C:\Windows\Tasks\APSnotifierPP2.job => ?
Task: C:\Windows\Tasks\APSnotifierPP3.job => ?
Task: C:\Windows\Tasks\AutoKMS.job => ?
Task: C:\Windows\Tasks\Re-markit Update.job => ?
Task: C:\Windows\Tasks\Re-markit_wd.job => ?

==================== Loaded Modules (whitelisted) =============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-03-18 19:17 - 2014-03-13 16:52 - 00013824 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2014-03-18 19:17 - 2014-03-13 16:52 - 00048640 _____ () C:\Program Files\Samsung\Samsung Link\JniIO.dll
2013-12-21 12:25 - 2013-12-21 12:25 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\JNIInterface.dll
2013-12-21 12:26 - 2013-12-21 12:26 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\ASFAPI.dll
2013-12-21 12:27 - 2013-12-21 12:27 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\MediaDB_Manager.dll
2013-10-22 10:52 - 2013-10-22 10:52 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll
2013-10-22 10:52 - 2013-10-22 10:52 - 00908800 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll
2013-12-21 12:27 - 2013-12-21 12:27 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\64bit\DMS_Manager.dll
2013-07-23 20:19 - 2013-07-23 20:19 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 20:19 - 2013-07-23 20:19 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll
2013-07-23 20:19 - 2013-07-23 20:19 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll
2013-07-23 20:19 - 2013-07-23 20:19 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2014 00:25:59 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: Re-markitfQL158.exe, Version: 1.158.0.0, Zeitstempel: 0x53469750
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x6dc
Startzeit der fehlerhaften Anwendung: 0xRe-markitfQL158.exe0
Pfad der fehlerhaften Anwendung: Re-markitfQL158.exe1
Pfad des fehlerhaften Moduls: Re-markitfQL158.exe2
Berichtskennung: Re-markitfQL158.exe3

Error: (04/11/2014 09:19:22 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 28.0.0.5186 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15ec

Startzeit: 01cf55badf5c3050

Endzeit: 333

Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID: 2879bb98-c1ae-11e3-81db-001c4af5625a

Error: (03/24/2014 09:14:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AllShareFrameworkDMS.exe, Version: 1.3.0.23, Zeitstempel: 0x52b52bb2
Name des fehlerhaften Moduls: DMSManager.dll, Version: 0.0.0.0, Zeitstempel: 0x52a81842
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0004f2eb
ID des fehlerhaften Prozesses: 0x6d8
Startzeit der fehlerhaften Anwendung: 0xAllShareFrameworkDMS.exe0
Pfad der fehlerhaften Anwendung: AllShareFrameworkDMS.exe1
Pfad des fehlerhaften Moduls: AllShareFrameworkDMS.exe2
Berichtskennung: AllShareFrameworkDMS.exe3

Error: (03/18/2014 05:31:35 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (01/31/2014 10:10:38 PM) (Source: MsiInstaller) (User: Lorelay-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (12/08/2013 11:51:00 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (12/05/2013 09:57:52 PM) (Source: Application Hang) (User: )
Description: Programm Rossmann Fotowelt Software.exe, Version 4.13.0.7 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: dc8

Startzeit: 01cef1f20860ee9c

Endzeit: 15

Anwendungspfad: D:\Rossmann Fotowelt Software\Rossmann Fotowelt Software.exe

Berichts-ID: 75e42b0d-5de7-11e3-8e49-001e8c804aa9

Error: (12/05/2013 09:41:38 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (12/03/2013 11:21:12 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (12/03/2013 03:24:17 PM) (Source: Iminent) (User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)


System errors:
=============
Error: (04/13/2014 05:29:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde nicht richtig gestartet.

Error: (04/13/2014 05:24:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/13/2014 05:24:30 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (04/13/2014 05:23:52 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/13/2014 05:23:52 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/13/2014 00:37:26 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (04/13/2014 00:37:26 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (04/13/2014 00:36:48 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/13/2014 00:36:48 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/13/2014 00:26:02 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Re-markit" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (04/13/2014 00:25:59 AM) (Source: Application Error)(User: )
Description: Re-markitfQL158.exe1.158.0.053469750KERNELBASE.dll6.1.7601.1822951fb1116e06d73630000c41f6dc01cf567b847029b9C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exeC:\Windows\syswow64\KERNELBASE.dll6bb1034b-c291-11e3-b5ee-001c4af5625a

Error: (04/11/2014 09:19:22 PM) (Source: Application Hang)(User: )
Description: firefox.exe28.0.0.518615ec01cf55badf5c3050333C:\Program Files (x86)\Mozilla Firefox\firefox.exe2879bb98-c1ae-11e3-81db-001c4af5625a

Error: (03/24/2014 09:14:17 PM) (Source: Application Error)(User: )
Description: AllShareFrameworkDMS.exe1.3.0.2352b52bb2DMSManager.dll0.0.0.052a81842c00000050004f2eb6d801cf445b4dad96fdC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exeC:\Program Files\Samsung\AllShare Framework DMS\1.3.23\DMSManager.dll7e9c14fc-b388-11e3-af4d-001c4af5625a

Error: (03/18/2014 05:31:35 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
bei System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (01/31/2014 10:10:38 PM) (Source: MsiInstaller)(User: Lorelay-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)

Error: (12/08/2013 11:51:00 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (12/05/2013 09:57:52 PM) (Source: Application Hang)(User: )
Description: Rossmann Fotowelt Software.exe4.13.0.7dc801cef1f20860ee9c15D:\Rossmann Fotowelt Software\Rossmann Fotowelt Software.exe75e42b0d-5de7-11e3-8e49-001e8c804aa9

Error: (12/05/2013 09:41:38 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (12/03/2013 11:21:12 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)

Error: (12/03/2013 03:24:17 PM) (Source: Iminent)(User: )
Description: Unexpected exception.

System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.NullReferenceException: Der Objektverweis wurde nicht auf eine Objektinstanz festgelegt.
bei Iminent.Mediator.Server.ApplicationService.<>c__DisplayClassa.<WarmUp>b__9(Composite composite)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
bei System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
bei System.Delegate.DynamicInvokeImpl(Object[] args)
bei System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
bei MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(Object source, Delegate method, Object args, Int32 numArgs, Delegate catchHandler)


==================== Memory info ===========================

Percentage of memory in use: 83%
Total physical RAM: 2046.49 MB
Available physical RAM: 346.71 MB
Total Pagefile: 4092.98 MB
Available Pagefile: 1926.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:97.66 GB) (Free:35.08 GB) NTFS
Drive d: (Programme) (Fixed) (Total:97.56 GB) (Free:92.96 GB) NTFS
Drive e: (Daten) (Fixed) (Total:270.45 GB) (Free:213.6 GB) NTFS
Drive h: (KUH) (Removable) (Total:3.73 GB) (Free:1.36 GB) FAT32
Drive j: (Speedport W 700V) (CDROM) (Total:0.08 GB) (Free:0 GB) CDFS
Drive k: () (Removable) (Total:29.71 GB) (Free:3.3 GB) FAT32

==================== MBR & Partition Table ==================

==================== End Of Log ============================
Gmer.txt habe ich nicht, da das Programm nicht laufen wollte. Ich habe es runter geladen und dann den PC vom Internet getrennt. Nach dem Start des Programmes öffnete es sich und dann kam die Meldung "Programm kann nicht ausgeführt werden. Es kommt eine Meldung wenn es wieder geht" (oder so ähnlich)

Ich habe die Log-Files jetzt erstmal nur an einem PC gemacht, bei bedarf kann ich das auch bei den anderene machen.

Vielen dank im Vorraus

Emmaline

PS. Es ist etwas blöd, das man manche Worte nicht im Titel verweden kann, weil so kann man das Problem nicht genau darstellen. Die Meldung heißt meist "Bitte aktualisieren sie ihr Programm". da das Wort "Bitte" im Titel nicht benutzbar ist, konnte ich das nicht so schreiben.

schrauber 13.04.2014 20:55
hi,

unsere Tools brauchen immer Adminrechte.


Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Emmaline 13.04.2014 23:39
Also,

ich habe mit "Revo Uninstaller" alles deinstalliert was zu finden war. Ein Programm hat er allerdings nicht angezeigt, aber jetzt nach allen Anwendungen ist es verschwunden (MyPC Backup). Ich habe noch ein weiteres Program gelöscht (Bing Bar).
Beim löschen über "Revo Uninstaller" meldeten sich immeer wieder die "Uninstall" Programme der Programme selbst. Die habe ich einfach übergangen. War das in Ordnung so?

Malwarebytes Anti-Malware hat sehr viele Funde gehabt. Die Maske des "Suchlauf Protokoll" bleibt nach einem Klick auf Ansicht allerdings leer und wenn man es speichern will kommt eine Fehlermeldung. Kannd aas an der Größe liegen?

AdwCleaner Logfile:
Code:
# AdwCleaner v3.023 - Bericht erstellt am 14/04/2014 um 00:04:01
# Aktualisiert 01/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Lorelay - Lorelay PC
# Gestartet von : C:\Users\Lorelay\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BackupStack

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\BabylonToolbar
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\uniblue
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Users\\Lorelay~1\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\\Lorelay\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Lorelay\AppData\LocalLow\FoxTab
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\BabylonToolbar
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Lorelay\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Lorelay\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Lorelay\AppData\LocalLow\Toolbar4
Ordner Gelöscht : C:\Users\Lorelay\AppData\Roaming\Iminent
Datei Gelöscht : C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Lorelay\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Lorelay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Lorelay\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [webbooster@iminent.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKCU\Software\f6db8ae269eb43
Schlüssel Gelöscht : HKLM\SOFTWARE\f6db8ae269eb43
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\Umbrella
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\482AA67AD25E6E74E9F48BD5FBE8533C
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\482AA67AD25E6E74E9F48BD5FBE8533C

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\xpbaw7hi.default\prefs.js ]

Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=109958&tt=4612_5&babsrc=HP_ss&mntrId=d05cfe72000000000000001c4af5625a");
Zeile gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "SearchTheWeb");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=932475FC-7416-4A83-9341-C862AD5B7DA2");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1455cc604f931a1f054fabb0c87cf0d6");

[ Datei : C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\r7mxushs.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "SearchTheWeb");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-4&o=APN10261&locale=de_DE&apn_uid=d4a97d28-fddb-49b8-aef5-b9f6e29800ee&apn_ptnrs=%5EAGS&apn_sauid=723C7D07-093F-41FC[...]

-\\ Google Chrome v

[ Datei : C:\Users\Lorelay\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [19470 octets] - [14/04/2014 00:03:09]
AdwCleaner[S0].txt - [17844 octets] - [14/04/2014 00:04:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17905 octets] ##########
--- --- ---



JRT:
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Lorelay on 14.04.2014 at 0:11:40,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3979088316-405595985-3978638949-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Lorelay\AppData\Roaming\mozilla\firefox\profiles\xpbaw7hi.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.04.2014 at 0:18:49,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST2:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-04-2014 01
Ran by Lorelay (administrator) on Lorelay-PC on 14-04-2014 00:23:20
Running from C:\Users\Lorelay\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) D:\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-3979088316-405595985-3978638949-1000\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3979088316-405595985-3978638949-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3979088316-405595985-3978638949-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lorelay\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Lorelay\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (No File)
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3979088316-405595985-3978638949-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: FoxTab - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - C:\Users\Lorelay\AppData\LocalLow\FoxTab\IE\FoxTab.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\xpbaw7hi.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\xpbaw7hi.default\Extensions\toolbar@gmx.net.xpi [2014-04-13]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Lorelay\AppData\Local\Google\Chrome\User Data\Default\Extensions\2.0.0.0_0 [2013-01-05]
CHR Extension: (Re-markit) - C:\Users\Lorelay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pailhpppfllmijejfccffanaigjphjnb] - C:\Users\Lorelay\AppData\LocalLow\FoxTab\CHROME\FoxTab.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor9.0; D:\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
S2 vosr; C:\Users\Lorelay\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
R3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-14 00:18 - 2014-04-14 00:18 - 00000957 _____ () C:\Users\Lorelay\Desktop\JRT.txt
2014-04-14 00:11 - 2014-04-14 00:11 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 00:10 - 2014-04-14 00:10 - 01016261 _____ (Thisisu) C:\Users\Lorelay\Downloads\JRT.exe
2014-04-14 00:06 - 2014-04-14 00:08 - 00018126 _____ () C:\Users\Lorelay\Desktop\AdwCleaner[S0].txt
2014-04-14 00:02 - 2014-04-14 00:04 - 00000000 ____D () C:\AdwCleaner
2014-04-14 00:00 - 2014-04-14 00:01 - 01426178 _____ () C:\Users\Lorelay\Downloads\adwcleaner.exe
2014-04-13 23:54 - 2014-04-13 23:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-13 23:28 - 2014-04-13 23:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 23:28 - 2014-04-13 23:28 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 23:28 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-13 23:28 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-13 23:28 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-13 23:27 - 2014-04-13 23:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lorelay\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-13 22:38 - 2014-04-13 22:38 - 00001271 _____ () C:\Users\Lorelay\Desktop\Revo Uninstaller.lnk
2014-04-13 22:38 - 2014-04-13 22:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-13 22:36 - 2014-04-13 22:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lorelay\Downloads\revosetup95.exe
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-04-13 18:05 - 2014-04-13 18:05 - 00000490 _____ () C:\Users\Lorelay\Desktop\defogger_disable.log
2014-04-13 17:50 - 2014-04-13 17:50 - 00380416 _____ () C:\Users\Lorelay\Downloads\Gmer-19357.exe
2014-04-13 17:49 - 2014-04-13 20:32 - 00039065 _____ () C:\Users\Lorelay\Desktop\Addition.txt
2014-04-13 17:49 - 2014-04-13 20:29 - 00037713 _____ () C:\Users\Lorelay\Desktop\FRST.txt
2014-04-13 17:46 - 2014-04-13 17:46 - 00039075 _____ () C:\Users\Lorelay\Downloads\Addition.txt
2014-04-13 17:45 - 2014-04-14 00:23 - 00012184 _____ () C:\Users\Lorelay\Downloads\FRST.txt
2014-04-13 17:45 - 2014-04-14 00:23 - 00000000 ____D () C:\FRST
2014-04-13 17:44 - 2014-04-13 17:44 - 02157568 _____ (Farbar) C:\Users\Lorelay\Downloads\FRST64.exe
2014-04-13 17:40 - 2014-04-13 17:40 - 00000488 _____ () C:\Users\Lorelay\Downloads\defogger_disable.log
2014-04-13 17:40 - 2014-04-13 17:40 - 00000000 _____ () C:\Users\Lorelay\defogger_reenable
2014-04-13 17:37 - 2014-04-13 17:37 - 00050477 _____ () C:\Users\Lorelay\Downloads\Defogger.exe
2014-04-11 21:19 - 2014-04-11 21:24 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-11 21:19 - 2014-04-11 21:19 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\com
2014-04-11 21:18 - 2014-04-12 21:19 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-11 21:18 - 2014-04-11 21:39 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-11 21:18 - 2014-04-11 21:19 - 00002846 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-11 21:18 - 2014-04-11 21:19 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-11 21:18 - 2014-04-11 21:18 - 00001976 _____ () C:\Users\Lorelay\Desktop\Sync Folder.lnk
2014-04-11 21:17 - 2014-04-11 21:19 - 00000322 _____ () C:\Users\Lorelay\AppData\Roaming\aps.uninstall.scan.results
2014-04-11 21:16 - 2014-04-11 21:16 - 01100856 _____ (AnyProtect.com) C:\Users\Lorelay\AppData\Local\nsz6B72.tmp
2014-04-11 21:15 - 2014-04-11 21:15 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 20:30 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 20:30 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 20:30 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 20:30 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 20:30 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 20:30 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 20:30 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 20:30 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 20:30 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 20:30 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 20:30 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 20:30 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 20:30 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 20:30 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 20:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 20:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-06 11:34 - 2014-04-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 21:06 - 2014-03-20 21:06 - 00000000 ____D () C:\Users\Lorelay\Documents\Adobe
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\Samsung Link
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Upload
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-03-18 19:17 - 2014-03-18 19:18 - 00000000 ____D () C:\Program Files\Samsung
2014-03-18 18:59 - 2014-03-18 19:06 - 90675040 _____ (Copyright 2013 SAMSUNG) C:\Users\Lorelay\Downloads\SamsungLink_Installer64.exe
2014-03-18 17:44 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 17:44 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 17:44 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 17:43 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 17:43 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 17:43 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 17:43 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 17:43 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 17:43 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 17:43 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 17:43 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 17:43 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 17:43 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 17:43 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 17:43 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 17:43 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 17:43 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 17:43 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 17:43 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 17:43 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 17:43 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 17:43 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 17:43 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 17:43 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 17:43 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 17:43 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 17:43 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 17:43 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 17:43 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 17:43 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 17:43 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 17:43 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 17:43 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 17:43 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 17:43 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 17:43 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 17:43 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 17:43 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 17:43 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 17:43 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 17:43 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 17:43 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 17:43 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 17:43 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-14 00:24 - 2014-04-13 17:45 - 00012184 _____ () C:\Users\Lorelay\Downloads\FRST.txt
2014-04-14 00:23 - 2014-04-13 17:45 - 00000000 ____D () C:\FRST
2014-04-14 00:18 - 2014-04-14 00:18 - 00000957 _____ () C:\Users\Lorelay\Desktop\JRT.txt
2014-04-14 00:15 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 00:15 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 00:11 - 2014-04-14 00:11 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 00:10 - 2014-04-14 00:10 - 01016261 _____ (Thisisu) C:\Users\Lorelay\Downloads\JRT.exe
2014-04-14 00:08 - 2014-04-14 00:06 - 00018126 _____ () C:\Users\Lorelay\Desktop\AdwCleaner[S0].txt
2014-04-14 00:05 - 2013-01-05 17:18 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-14 00:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 00:05 - 2009-07-14 06:51 - 00044588 _____ () C:\Windows\setupact.log
2014-04-14 00:04 - 2014-04-14 00:02 - 00000000 ____D () C:\AdwCleaner
2014-04-14 00:04 - 2014-04-06 11:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-14 00:04 - 2012-10-05 13:37 - 00001018 _____ () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-14 00:04 - 2012-10-05 13:36 - 00000000 ___RD () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 00:04 - 2012-10-05 13:32 - 01908279 _____ () C:\Windows\WindowsUpdate.log
2014-04-14 00:01 - 2014-04-14 00:00 - 01426178 _____ () C:\Users\Lorelay\Downloads\adwcleaner.exe
2014-04-13 23:59 - 2014-04-13 23:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 23:54 - 2014-04-13 23:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-13 23:51 - 2012-10-08 17:18 - 00316094 _____ () C:\Windows\PFRO.log
2014-04-13 23:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-04-13 23:50 - 2014-01-04 14:37 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Dropbox
2014-04-13 23:41 - 2012-11-15 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-13 23:28 - 2014-04-13 23:28 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 23:27 - 2014-04-13 23:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lorelay\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-13 22:38 - 2014-04-13 22:38 - 00001271 _____ () C:\Users\Lorelay\Desktop\Revo Uninstaller.lnk
2014-04-13 22:38 - 2014-04-13 22:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-13 22:36 - 2014-04-13 22:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lorelay\Downloads\revosetup95.exe
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-04-13 22:25 - 2012-10-05 13:36 - 00000000 ____D () C:\Users\Lorelay
2014-04-13 20:32 - 2014-04-13 17:49 - 00039065 _____ () C:\Users\Lorelay\Desktop\Addition.txt
2014-04-13 20:29 - 2014-04-13 17:49 - 00037713 _____ () C:\Users\Lorelay\Desktop\FRST.txt
2014-04-13 18:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 18:05 - 2014-04-13 18:05 - 00000490 _____ () C:\Users\Lorelay\Desktop\defogger_disable.log
2014-04-13 17:50 - 2014-04-13 17:50 - 00380416 _____ () C:\Users\Lorelay\Downloads\Gmer-19357.exe
2014-04-13 17:46 - 2014-04-13 17:46 - 00039075 _____ () C:\Users\Lorelay\Downloads\Addition.txt
2014-04-13 17:44 - 2014-04-13 17:44 - 02157568 _____ (Farbar) C:\Users\Lorelay\Downloads\FRST64.exe
2014-04-13 17:40 - 2014-04-13 17:40 - 00000488 _____ () C:\Users\Lorelay\Downloads\defogger_disable.log
2014-04-13 17:40 - 2014-04-13 17:40 - 00000000 _____ () C:\Users\Lorelay\defogger_reenable
2014-04-13 17:37 - 2014-04-13 17:37 - 00050477 _____ () C:\Users\Lorelay\Downloads\Defogger.exe
2014-04-12 21:19 - 2014-04-11 21:18 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-11 23:54 - 2013-01-05 13:21 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\Adobe
2014-04-11 23:54 - 2012-11-15 18:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 23:54 - 2012-10-13 16:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 23:54 - 2012-10-13 16:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 21:39 - 2014-04-11 21:18 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-11 21:24 - 2014-04-11 21:19 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-11 21:19 - 2014-04-11 21:19 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\com
2014-04-11 21:19 - 2014-04-11 21:18 - 00002846 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-11 21:19 - 2014-04-11 21:18 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-11 21:19 - 2014-04-11 21:17 - 00000322 _____ () C:\Users\Lorelay\AppData\Roaming\aps.uninstall.scan.results
2014-04-11 21:18 - 2014-04-11 21:18 - 00001976 _____ () C:\Users\Lorelay\Desktop\Sync Folder.lnk
2014-04-11 21:16 - 2014-04-11 21:16 - 01100856 _____ (AnyProtect.com) C:\Users\Lorelay\AppData\Local\nsz6B72.tmp
2014-04-11 21:15 - 2014-04-11 21:15 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-11 21:15 - 2013-01-05 13:24 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\Mozilla
2014-04-11 21:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-10 23:33 - 2013-01-05 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 23:32 - 2013-07-24 22:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 23:30 - 2013-01-27 19:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:47 - 2012-10-13 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-08 21:58 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 21:58 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 21:58 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-13 23:28 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-13 23:28 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-13 23:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 03:16 - 2014-04-10 20:30 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 20:30 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-20 21:07 - 2012-10-05 15:27 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Adobe
2014-03-20 21:06 - 2014-03-20 21:06 - 00000000 ____D () C:\Users\Lorelay\Documents\Adobe
2014-03-20 16:14 - 2009-07-14 06:45 - 00442712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\Samsung Link
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Upload
2014-03-18 19:19 - 2012-10-05 14:59 - 00000000 ____D () C:\Users\Lorelay
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:17 - 00000000 ____D () C:\Program Files\Samsung
2014-03-18 19:06 - 2014-03-18 18:59 - 90675040 _____ (Copyright 2013 SAMSUNG) C:\Users\Lorelay\Downloads\SamsungLink_Installer64.exe
2014-03-18 18:47 - 2013-03-12 13:54 - 00002669 _____ () C:\Users\Public\Desktop\TAXMAN 2013 spezial.lnk

Some content of TEMP:
====================
C:\Users\Lorelay\AppData\Local\Temp\avgnt.exe
C:\Users\Lorelay\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lorelay\AppData\Local\Temp\EAD20D8.exe
C:\Users\Lorelay\AppData\Local\Temp\EAD3C25.exe
C:\Users\Lorelay\AppData\Local\Temp\EAD4A77.exe
C:\Users\Lorelay\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Lorelay\AppData\Local\Temp\Quarantine.exe
C:\Users\Lorelay\AppData\Local\Temp\sqlite3.exe
C:\Users\Lorelay\AppData\Local\Temp\uninst1.exe
C:\Users\Lorelay\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Lorelay\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Lorelay\AppData\Local\Temp\avgnt.exe
C:\Users\Lorelay\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 19:17

==================== End Of Log ============================
--- --- ---
--- --- ---[/CODE]

Was mache ich mit den installierten Programmen? Und den anderen PCs?

Noch mal Vielen Dank
Emmaline

schrauber 15.04.2014 10:22
Revo startet immer den programmeigenen Uninstaller, nachdem der durch ist wird nach Resten gesucht.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Emmaline 16.04.2014 21:49
Sooo,

hier die ganzen Ergebnisse:
Eset:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ec8208a56c5ff6458af4f5194cc4cb4b
# engine=17916
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-16 07:56:03
# local_time=2014-04-16 09:56:03 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 5935 263101453 0 0
# compatibility_mode=5893 16776574 100 94 23845195 149308013 0 0
# scanned=259350
# found=3
# cleaned=0
# scan_time=5044
sh=95F16225F5701E3807D773C3CDC198AE0551630C ft=1 fh=c387e1ea6439112d vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-3979088316-405595985-3978638949-1000\$RR9JHI9.exe"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=7088C77393CC07A87589234E7D2620CBFEF905E9 ft=1 fh=4c2caff6a9ce4872 vn="probably a variant of Win32/AdWare.AddLyrics.AJ application" ac=I fn="C:\Users\Lorelay\AppData\Local\Temp\2bab4a4c-ec1f-465f-a9c9-32e328003cc7\software\Re-markit_2040-2082.exe"
Checkup:
Zitat:
Results of screen317's Security Check version 0.99.81
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

FRST3:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by Lorelay (administrator) on Lorelay-PC on 16-04-2014 22:29:10
Running from C:\Users\Lorelay\Desktop\Säuberungsprogramme
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) D:\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [600928 2014-03-13] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-24] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKU\S-1-5-21-3979088316-405595985-3978638949-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3979088316-405595985-3978638949-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3979088316-405595985-3978638949-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Lorelay\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Users\Lorelay\AppData\Local\Apps\Evernote\Evernote\EvernoteClipper.exe (No File)
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3520 series.lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-3979088316-405595985-3978638949-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: FoxTab - {4DF4AC8C-FFA8-40FF-91F0-EB8389314B78} - C:\Users\Lorelay\AppData\LocalLow\FoxTab\IE\FoxTab.dll No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\xpbaw7hi.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Google
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.17.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GMX MailCheck - C:\Users\Lorelay\AppData\Roaming\Mozilla\Firefox\Profiles\xpbaw7hi.default\Extensions\toolbar@gmx.net.xpi [2014-04-13]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (No Name) - C:\Users\Lorelay\AppData\Local\Google\Chrome\User Data\Default\Extensions\2.0.0.0_0 [2013-01-05]
CHR Extension: (Re-markit) - C:\Users\Lorelay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pailhpppfllmijejfccffanaigjphjnb] - C:\Users\Lorelay\AppData\LocalLow\FoxTab\CHROME\FoxTab.crx [2014-04-11]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor9.0; D:\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-24] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [609632 2014-03-13] (Copyright 2013 SAMSUNG)
S2 vosr; C:\Users\Lorelay\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-01-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-01-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-14] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
R3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-16 22:17 - 2014-04-16 22:17 - 00000813 _____ () C:\Users\Lorelay\Desktop\checkup.txt
2014-04-16 20:30 - 2014-04-16 20:30 - 02347384 _____ (ESET) C:\Users\Lorelay\Downloads\esetsmartinstaller_enu.exe
2014-04-14 00:40 - 2014-04-16 22:29 - 00000000 ____D () C:\Users\Lorelay\Desktop\Säuberungsprogramme
2014-04-14 00:25 - 2014-04-14 00:25 - 00000932 _____ () C:\Users\Lorelay\Desktop\Evernote.lnk
2014-04-14 00:25 - 2014-04-14 00:25 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\Evernote
2014-04-14 00:25 - 2014-04-14 00:25 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-04-14 00:11 - 2014-04-14 00:11 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 00:10 - 2014-04-14 00:10 - 01016261 _____ (Thisisu) C:\Users\Lorelay\Downloads\JRT.exe
2014-04-14 00:02 - 2014-04-14 00:04 - 00000000 ____D () C:\AdwCleaner
2014-04-14 00:00 - 2014-04-14 00:01 - 01426178 _____ () C:\Users\Lorelay\Downloads\adwcleaner.exe
2014-04-13 23:54 - 2014-04-13 23:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-13 23:28 - 2014-04-14 00:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 23:28 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-13 23:28 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-13 23:28 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-13 23:27 - 2014-04-13 23:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lorelay\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-13 22:38 - 2014-04-13 22:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-13 22:36 - 2014-04-13 22:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lorelay\Downloads\revosetup95.exe
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-04-13 18:05 - 2014-04-13 18:05 - 00000490 _____ () C:\Users\Lorelay\Desktop\defogger_disable.log
2014-04-13 17:50 - 2014-04-13 17:50 - 00380416 _____ () C:\Users\Lorelay\Downloads\Gmer-19357.exe
2014-04-13 17:49 - 2014-04-13 20:32 - 00039065 _____ () C:\Users\Lorelay\Desktop\Addition.txt
2014-04-13 17:49 - 2014-04-13 20:29 - 00037713 _____ () C:\Users\Lorelay\Desktop\FRST.txt
2014-04-13 17:46 - 2014-04-13 17:46 - 00039075 _____ () C:\Users\Lorelay\Downloads\Addition.txt
2014-04-13 17:45 - 2014-04-16 22:29 - 00000000 ____D () C:\FRST
2014-04-13 17:45 - 2014-04-14 00:25 - 00035216 _____ () C:\Users\Lorelay\Downloads\FRST.txt
2014-04-13 17:44 - 2014-04-13 17:44 - 02157568 _____ (Farbar) C:\Users\Lorelay\Downloads\FRST64.exe
2014-04-13 17:40 - 2014-04-13 17:40 - 00000488 _____ () C:\Users\Lorelay\Downloads\defogger_disable.log
2014-04-13 17:40 - 2014-04-13 17:40 - 00000000 _____ () C:\Users\Lorelay\defogger_reenable
2014-04-13 17:37 - 2014-04-13 17:37 - 00050477 _____ () C:\Users\Lorelay\Downloads\Defogger.exe
2014-04-11 21:19 - 2014-04-11 21:24 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-11 21:19 - 2014-04-11 21:19 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\com
2014-04-11 21:18 - 2014-04-12 21:19 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-11 21:18 - 2014-04-11 21:39 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-11 21:18 - 2014-04-11 21:19 - 00002846 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-11 21:18 - 2014-04-11 21:19 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-11 21:18 - 2014-04-11 21:18 - 00001976 _____ () C:\Users\Lorelay\Desktop\Sync Folder.lnk
2014-04-11 21:17 - 2014-04-11 21:19 - 00000322 _____ () C:\Users\Lorelay\AppData\Roaming\aps.uninstall.scan.results
2014-04-11 21:16 - 2014-04-11 21:16 - 01100856 _____ (AnyProtect.com) C:\Users\Lorelay\AppData\Local\nsz6B72.tmp
2014-04-11 21:15 - 2014-04-11 21:15 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-10 20:30 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-10 20:30 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-10 20:30 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-10 20:30 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 20:30 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 20:30 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 20:30 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 20:30 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 20:30 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 20:30 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 20:30 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 20:30 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 20:30 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 20:30 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 20:30 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 20:29 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 20:29 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-06 11:34 - 2014-04-14 00:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-20 21:06 - 2014-03-20 21:06 - 00000000 ____D () C:\Users\Lorelay\Documents\Adobe
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\Samsung Link
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Upload
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-03-18 19:17 - 2014-03-18 19:18 - 00000000 ____D () C:\Program Files\Samsung
2014-03-18 18:59 - 2014-03-18 19:06 - 90675040 _____ (Copyright 2013 SAMSUNG) C:\Users\Lorelay\Downloads\SamsungLink_Installer64.exe
2014-03-18 17:44 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 17:44 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 17:44 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 17:43 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-18 17:43 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 17:43 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 17:43 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-18 17:43 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 17:43 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 17:43 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 17:43 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 17:43 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-18 17:43 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-18 17:43 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-18 17:43 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 17:43 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 17:43 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 17:43 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 17:43 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-18 17:43 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 17:43 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 17:43 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 17:43 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 17:43 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 17:43 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 17:43 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-18 17:43 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 17:43 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 17:43 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 17:43 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 17:43 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 17:43 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 17:43 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 17:43 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 17:43 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 17:43 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 17:43 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 17:43 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 17:43 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 17:43 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 17:43 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-18 17:43 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 17:43 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-18 17:43 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll

==================== One Month Modified Files and Folders =======

2014-04-16 22:29 - 2014-04-14 00:40 - 00000000 ____D () C:\Users\Lorelay\Desktop\Säuberungsprogramme
2014-04-16 22:29 - 2014-04-13 17:45 - 00000000 ____D () C:\FRST
2014-04-16 22:26 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-16 22:26 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-16 22:17 - 2014-04-16 22:17 - 00000813 _____ () C:\Users\Lorelay\Desktop\checkup.txt
2014-04-16 21:41 - 2012-11-15 18:42 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 20:30 - 2014-04-16 20:30 - 02347384 _____ (ESET) C:\Users\Lorelay\Downloads\esetsmartinstaller_enu.exe
2014-04-16 20:18 - 2012-10-05 13:32 - 01931852 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 20:13 - 2013-01-05 17:18 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-04-16 20:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-16 20:13 - 2009-07-14 06:51 - 00044644 _____ () C:\Windows\setupact.log
2014-04-14 00:30 - 2014-04-13 23:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-14 00:25 - 2014-04-14 00:25 - 00000932 _____ () C:\Users\Lorelay\Desktop\Evernote.lnk
2014-04-14 00:25 - 2014-04-14 00:25 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\Evernote
2014-04-14 00:25 - 2014-04-14 00:25 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-04-14 00:25 - 2014-04-13 17:45 - 00035216 _____ () C:\Users\Lorelay\Downloads\FRST.txt
2014-04-14 00:11 - 2014-04-14 00:11 - 00000000 ____D () C:\Windows\ERUNT
2014-04-14 00:10 - 2014-04-14 00:10 - 01016261 _____ (Thisisu) C:\Users\Lorelay\Downloads\JRT.exe
2014-04-14 00:04 - 2014-04-14 00:02 - 00000000 ____D () C:\AdwCleaner
2014-04-14 00:04 - 2014-04-06 11:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-14 00:04 - 2012-10-05 13:37 - 00001018 _____ () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-14 00:04 - 2012-10-05 13:36 - 00000000 ___RD () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-14 00:01 - 2014-04-14 00:00 - 01426178 _____ () C:\Users\Lorelay\Downloads\adwcleaner.exe
2014-04-13 23:54 - 2014-04-13 23:54 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\48230029.sys
2014-04-13 23:51 - 2012-10-08 17:18 - 00316094 _____ () C:\Windows\PFRO.log
2014-04-13 23:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2014-04-13 23:50 - 2014-01-04 14:37 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Dropbox
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-13 23:28 - 2014-04-13 23:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-13 23:27 - 2014-04-13 23:27 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Lorelay\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-13 22:38 - 2014-04-13 22:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-13 22:36 - 2014-04-13 22:36 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Lorelay\Downloads\revosetup95.exe
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-04-13 22:25 - 2014-04-13 22:25 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-04-13 22:25 - 2012-10-05 13:36 - 00000000 ____D () C:\Users\Lorelay
2014-04-13 20:32 - 2014-04-13 17:49 - 00039065 _____ () C:\Users\Lorelay\Desktop\Addition.txt
2014-04-13 20:29 - 2014-04-13 17:49 - 00037713 _____ () C:\Users\Lorelay\Desktop\FRST.txt
2014-04-13 18:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 18:05 - 2014-04-13 18:05 - 00000490 _____ () C:\Users\Lorelay\Desktop\defogger_disable.log
2014-04-13 17:50 - 2014-04-13 17:50 - 00380416 _____ () C:\Users\Lorelay\Downloads\Gmer-19357.exe
2014-04-13 17:46 - 2014-04-13 17:46 - 00039075 _____ () C:\Users\Lorelay\Downloads\Addition.txt
2014-04-13 17:44 - 2014-04-13 17:44 - 02157568 _____ (Farbar) C:\Users\Lorelay\Downloads\FRST64.exe
2014-04-13 17:40 - 2014-04-13 17:40 - 00000488 _____ () C:\Users\Lorelay\Downloads\defogger_disable.log
2014-04-13 17:40 - 2014-04-13 17:40 - 00000000 _____ () C:\Users\Lorelay\defogger_reenable
2014-04-13 17:37 - 2014-04-13 17:37 - 00050477 _____ () C:\Users\Lorelay\Downloads\Defogger.exe
2014-04-12 21:19 - 2014-04-11 21:18 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-04-11 23:54 - 2013-01-05 13:21 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\Adobe
2014-04-11 23:54 - 2012-11-15 18:42 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-11 23:54 - 2012-10-13 16:59 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-11 23:54 - 2012-10-13 16:59 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-11 21:39 - 2014-04-11 21:18 - 00000380 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-04-11 21:24 - 2014-04-11 21:19 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-04-11 21:19 - 2014-04-11 21:19 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-04-11 21:19 - 2014-04-11 21:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\com
2014-04-11 21:19 - 2014-04-11 21:18 - 00002846 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-04-11 21:19 - 2014-04-11 21:18 - 00002844 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-04-11 21:19 - 2014-04-11 21:17 - 00000322 _____ () C:\Users\Lorelay\AppData\Roaming\aps.uninstall.scan.results
2014-04-11 21:18 - 2014-04-11 21:18 - 00001976 _____ () C:\Users\Lorelay\Desktop\Sync Folder.lnk
2014-04-11 21:16 - 2014-04-11 21:16 - 01100856 _____ (AnyProtect.com) C:\Users\Lorelay\AppData\Local\nsz6B72.tmp
2014-04-11 21:15 - 2014-04-11 21:15 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-11 21:15 - 2013-01-05 13:24 - 00000000 ____D () C:\Users\Lorelay\AppData\Local\Mozilla
2014-04-11 21:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-10 23:33 - 2013-01-05 16:56 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 23:32 - 2013-07-24 22:51 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 23:30 - 2013-01-27 19:31 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 18:47 - 2012-10-13 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-08 21:58 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-08 21:58 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-08 21:58 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-13 23:28 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-13 23:28 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-13 23:28 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 03:16 - 2014-04-10 20:30 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-10 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-10 20:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-10 20:30 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-20 21:07 - 2012-10-05 15:27 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Adobe
2014-03-20 21:06 - 2014-03-20 21:06 - 00000000 ____D () C:\Users\Lorelay\Documents\Adobe
2014-03-20 16:14 - 2009-07-14 06:45 - 00442712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\Samsung Link
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-03-18 19:19 - 2014-03-18 19:19 - 00000000 ____D () C:\Upload
2014-03-18 19:19 - 2012-10-05 14:59 - 00000000 ____D () C:\Users\Lorelay
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\AppData\Roaming\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\Users\Lorelay\.swt
2014-03-18 19:18 - 2014-03-18 19:18 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-03-18 19:18 - 2014-03-18 19:17 - 00000000 ____D () C:\Program Files\Samsung
2014-03-18 19:06 - 2014-03-18 18:59 - 90675040 _____ (Copyright 2013 SAMSUNG) C:\Users\Lorelay\Downloads\SamsungLink_Installer64.exe
2014-03-18 18:47 - 2013-03-12 13:54 - 00002669 _____ () C:\Users\Public\Desktop\TAXMAN 2013 spezial.lnk

Some content of TEMP:
====================
C:\Users\Lorelay\AppData\Local\Temp\avgnt.exe
C:\Users\Lorelay\AppData\Local\Temp\BackupSetup.exe
C:\Users\Lorelay\AppData\Local\Temp\EAD20D8.exe
C:\Users\Lorelay\AppData\Local\Temp\EAD3C25.exe
C:\Users\Lorelay\AppData\Local\Temp\EAD4A77.exe
C:\Users\Lorelay\AppData\Local\Temp\install_flashplayer11x32_mssd_aih.exe
C:\Users\Lorelay\AppData\Local\Temp\Quarantine.exe
C:\Users\Lorelay\AppData\Local\Temp\sqlite3.exe
C:\Users\Lorelay\AppData\Local\Temp\uninst1.exe
C:\Users\Lorelay\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Lorelay\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Lorelay\AppData\Local\Temp\avgnt.exe
C:\Users\Lorelay\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 19:17

==================== End Of Log ============================
--- --- ---


Kann ich irgendwo finden nach was die einzelen Scanner eigentlich suchen und was die einzelnen Programme eigentlich machen?

Und mach ich das alles jetzt auch mit meinen anderen befallenen PCs?

Mein Werbungsproblem ist übriges nicht mehr aufgetaucht. Eine Idee wie ich verhindern kann das es wieder passiert?

Übringens, schöne Feierrtage :)
Emmaline

schrauber 17.04.2014 13:58
Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\$Recycle.Bin
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Von den anderen Rechnern bitte FRST Logs, nix auf eigene Faust machen.
Zitat:
Kann ich irgendwo finden nach was die einzelen Scanner eigentlich suchen und was die einzelnen Programme eigentlich machen?
Dann müsstest Du schon ne Ausbildung zum Malware Removal Expert machen ;)


Für hier:

Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Emmaline 18.04.2014 09:28
Guten Morgen und einen schönen Feiertag

Die Fixlog.txt vom Rechner Lorelay ist beim kopieren gelöscht worden (kann sie auf jeden Fall nicht finden). Macht es Sinn sie nochmal zu machen?


Und hier wäre die FRST vom zweiten Rechner:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by Acidfree (administrator) on ACIDFREE-PC on 18-04-2014 10:06:38
Running from C:\Users\Acidfree\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Adobe Systems Incorporated) E:\Photoshop\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
() C:\Windows\system32\dmwu.exe
() C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
( ) C:\Windows\system32\lxczcoms.exe
() C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfYnIw.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ICQ, LLC.) D:\ICQ7.5\ICQ.exe
(Spotify Ltd) C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Acidfree\AppData\Roaming\Spotify\spotify.exe
() C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Nullsoft, Inc.) D:\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Windows\SysWOW64\jmdp\stij.exe
() C:\Windows\System32\ljkb\stij.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfY158.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\WIF0E7~1\Datamngr\DATAMN~1.EXE
HKLM-x32\...\Run: [WinampAgent] => D:\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-26] (APN)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-15] (SUPERAntiSpyware)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [ICQ] => D:\ICQ7.5\ICQ.exe [124480 2011-08-01] (ICQ, LLC.)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [RegistryBooster] => "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Hoolapp Android] => /Minimized
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Spotify Web Helper] => C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Spotify] => C:\Users\Acidfree\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Acidfree\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {237ce8bd-cee5-11e0-b0cf-00242178af47} - J:\Startme.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {2518b13b-372c-11e2-87e8-00242178af47} - G:\pushinst.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {5738becf-f4ff-11e1-8895-806e6f6e6963} - explorer index_GB.html
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {afbc22a3-b183-11e1-b4a9-00242178af47} - G:\Setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll File Not Found
AppInit_DLLs:  C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll => C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll => "C:\PROGRA~2\WIF0E7~1\Datamngr\datamngr.dll" File Not Found
AppInit_DLLs-x32:  C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll => "C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll" File Not Found
Startup: C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?ctid=CT3321902&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP34726308-2245-48C4-BB2E-DE4CA8A513E2&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x449DEC206E54CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
URLSearchHook: HKCU - ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10025&barid={693EDBF0-504A-11E2-98FC-00242178AF47}
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2102} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKCU - {A4A37A65-E638-486B-831A-5511E241A09C} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=e25bf9d6-fd67-46ac-bdc0-90268edc5315&apn_sauid=8373C6D9-B47B-4A5A-890A-29C5D75D99F7
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
BHO: UrlHelper Class - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll No File
BHO-x32: UrlHelper Class - {41C4AA37-1DDD-4345-B8DC-734E4B38414D} - C:\PROGRA~2\WIF0E7~1\Datamngr\IEBHO.dll No File
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
BHO-x32: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
Toolbar: HKLM-x32 - jZip Toolbar - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - C:\PROGRA~2\WIF0E7~1\Datamngr\ToolBar\jzipdtx.dll No File
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default
FF user.js: detected! => C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\user.js
FF NewTab: hxxp://www.sweetpacks-search.com/?barid=&src=97&&st=23
FF DefaultSearchEngine: ICQ Search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://www.sweetpacks-search.com/?barid=&src=10&&st=23
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN95533741736100730&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-25.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-29.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-30.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\SearchResults.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\Sweetpacks Search.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoftTB  - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-11-20]
FF Extension: Evernote Web Clipper - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
FF Extension: DivX Web Player - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-03-01]
FF Extension: GMX MailCheck - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\toolbar@gmx.net.xpi [2012-05-04]
FF Extension: Ask Toolbar - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-02-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
FF HKCU\...\Firefox\Extensions: [{9A963233-37BD-837B-48FF-3AD40489A05D}] - C:\Program Files (x86)\Re-Markable-soft\158.xpi
FF Extension: Re-Markable - C:\Program Files (x86)\Re-Markable-soft\158.xpi [2014-04-13]

Chrome:
=======
CHR HomePage: hxxp://search.jzip.com/
CHR RestoreOnStartup: "hxxp://search.jzip.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (registryAccess) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.1.0_0\background/registryAccess.dll (APN)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Users\Acidfree\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Extension: (Avira Toolbar) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-09-02]
CHR Extension: (Re-Markable) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-13]
CHR Extension: (Skype Click to Call) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-11]
CHR HKCU\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-10-21]
CHR HKLM-x32\...\Chrome\Extension: [gaiilaahiahdejapggenmdmafpmbipje] - C:\Program Files (x86)\DealPly\DealPly.crx [2012-10-21]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-12] (SUPERAntiSpyware.com)
R2 AdobeActiveFileMonitor7.0; E:\Photoshop\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1859376 2014-02-04] ()
R2 ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [247608 2010-11-21] ()
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 Re-Markable; C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfY158.exe [143360 2014-04-13] ()
S2 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-18 10:02 - 2014-04-18 10:02 - 00027723 _____ () C:\Users\Acidfree\Desktop\Addition.txt
2014-04-18 10:00 - 2014-04-18 10:07 - 00029185 _____ () C:\Users\Acidfree\Desktop\FRST.txt
2014-04-18 10:00 - 2014-04-18 10:06 - 00000000 ____D () C:\FRST
2014-04-18 10:00 - 2014-04-18 09:59 - 02158592 _____ (Farbar) C:\Users\Acidfree\Desktop\FRST64.exe
2014-04-15 05:13 - 2014-04-18 07:12 - 00003388 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-13 17:56 - 2012-11-04 14:42 - 00001866 _____ () C:\Users\Acidfree\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-04-13 16:52 - 2014-04-18 07:15 - 00000424 _____ () C:\Windows\Tasks\Re-Markable Update.job
2014-04-13 16:52 - 2014-04-13 16:52 - 00003078 _____ () C:\Windows\System32\Tasks\Re-Markable Update
2014-04-13 16:51 - 2014-04-18 09:59 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-04-13 16:51 - 2014-04-18 07:12 - 00000414 _____ () C:\Windows\Tasks\Re-Markable_wd.job
2014-04-13 16:51 - 2014-04-13 16:52 - 00000000 ____D () C:\Program Files (x86)\Re-Markable-soft
2014-04-13 16:51 - 2014-04-13 16:51 - 00003008 _____ () C:\Windows\System32\Tasks\Re-Markable_wd
2014-04-13 16:51 - 2014-04-13 16:51 - 00001146 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-04-13 16:51 - 2014-04-13 16:51 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 16:51 - 2014-04-13 16:51 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\FastMediaConverter
2014-04-09 07:24 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 07:24 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 07:24 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 07:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\APN
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-06 17:18 - 2014-04-06 17:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 17:17 - 2014-04-06 17:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-19 14:03 - 2014-03-19 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-18 10:07 - 2014-04-18 10:00 - 00029185 _____ () C:\Users\Acidfree\Desktop\FRST.txt
2014-04-18 10:06 - 2014-04-18 10:00 - 00000000 ____D () C:\FRST
2014-04-18 10:06 - 2012-11-02 09:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-18 10:04 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 10:04 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 10:02 - 2014-04-18 10:02 - 00027723 _____ () C:\Users\Acidfree\Desktop\Addition.txt
2014-04-18 09:59 - 2014-04-18 10:00 - 02158592 _____ (Farbar) C:\Users\Acidfree\Desktop\FRST64.exe
2014-04-18 09:59 - 2014-04-13 16:51 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-04-18 09:27 - 2011-08-19 21:27 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 09:26 - 2014-02-15 19:26 - 00000304 _____ () C:\Windows\Tasks\Hoolapp For Android.job
2014-04-18 08:57 - 2011-08-06 20:48 - 01158927 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 07:42 - 2013-02-01 22:32 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\Spotify
2014-04-18 07:15 - 2014-04-13 16:52 - 00000424 _____ () C:\Windows\Tasks\Re-Markable Update.job
2014-04-18 07:12 - 2014-04-15 05:13 - 00003388 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-04-18 07:12 - 2014-04-13 16:51 - 00000414 _____ () C:\Windows\Tasks\Re-Markable_wd.job
2014-04-18 07:12 - 2014-02-15 19:26 - 00000292 _____ () C:\Windows\Tasks\Hoolapp Init.job
2014-04-18 07:12 - 2011-09-16 05:04 - 00135339 _____ () C:\Windows\setupact.log
2014-04-18 07:12 - 2011-08-19 21:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 07:12 - 2011-08-07 10:03 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\ICQ
2014-04-18 07:12 - 2011-08-06 21:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 07:12 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 18:25 - 2012-12-27 19:25 - 00000000 ____D () C:\Program Files (x86)\DealPly
2014-04-14 17:29 - 2013-02-01 22:33 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Spotify
2014-04-14 04:21 - 2012-11-02 09:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-14 04:21 - 2012-10-03 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-14 04:21 - 2011-08-22 10:13 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Adobe
2014-04-14 04:21 - 2011-08-07 08:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-13 16:52 - 2014-04-13 16:52 - 00003078 _____ () C:\Windows\System32\Tasks\Re-Markable Update
2014-04-13 16:52 - 2014-04-13 16:51 - 00000000 ____D () C:\Program Files (x86)\Re-Markable-soft
2014-04-13 16:51 - 2014-04-13 16:51 - 00003008 _____ () C:\Windows\System32\Tasks\Re-Markable_wd
2014-04-13 16:51 - 2014-04-13 16:51 - 00001146 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-04-13 16:51 - 2014-04-13 16:51 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 16:51 - 2014-04-13 16:51 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\FastMediaConverter
2014-04-13 16:51 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-13 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-10 03:57 - 2013-05-23 19:02 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:02 - 2013-07-24 21:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:01 - 2011-12-12 08:37 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\APN
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-06 17:18 - 2014-04-06 17:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 17:17 - 2014-04-06 17:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-06 17:17 - 2012-09-13 16:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-06 17:17 - 2011-12-01 08:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-06 17:17 - 2011-12-01 08:43 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-06 17:17 - 2011-08-17 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 16:00 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 16:00 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 16:00 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-31 18:50 - 2013-12-18 19:25 - 00000202 _____ () C:\Users\Acidfree\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-09 07:24 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 07:24 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-22 09:48 - 2011-10-20 17:38 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\Winamp
2014-03-20 17:09 - 2012-05-03 20:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 14:03 - 2014-03-19 14:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Files to move or delete:
====================
C:\ProgramData\nud0repor.pad


Some content of TEMP:
====================
C:\Users\Acidfree\AppData\Local\Temp\APNSetup.exe
C:\Users\Acidfree\AppData\Local\Temp\avgnt.exe
C:\Users\Acidfree\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Acidfree\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Acidfree\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Acidfree\AppData\Local\Temp\nsd5F7B.exe
C:\Users\Acidfree\AppData\Local\Temp\nsd623A.exe
C:\Users\Acidfree\AppData\Local\Temp\nsn9DE5.exe
C:\Users\Acidfree\AppData\Local\Temp\nsnA056.exe
C:\Users\Acidfree\AppData\Local\Temp\setup.exe
C:\Users\Acidfree\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 06:09

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---


Und die Addition:
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01
Ran by Acidfree at 2014-04-18 10:07:37
Running from C:\Users\Acidfree\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AntiVir Desktop (Enabled - Up to date) {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AntiVir Desktop (Enabled - Up to date) {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Ask Toolbar (HKLM-x32\...\{4F524A2D-5637-4300-76A7-A758B70C0A06}) (Version: 12.10.6.48 - APN, LLC) <==== ATTENTION
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION
DealPly (HKLM-x32\...\DealPly) (Version: - DealPly Technologies Ltd) <==== ATTENTION
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.15.0.27 - DVDVideoSoftTB)
FastMediaConverter (HKLM-x32\...\FastMediaConverter) (Version: 1.0.30.0 - Applon)
Free YouTube Download version 3.1.25.423 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.25.423 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.21.123 - Google Inc.) Hidden
Hoolapp for Android (HKCU\...\Hoolapp for Android) (Version: - ) <==== ATTENTION
IB Updater Service (HKLM-x32\...\WNLT) (Version: 5.0.3.5 - ) <==== ATTENTION
ICQ Sparberater (HKLM-x32\...\{5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24}) (Version: 1.0.601 - solute gmbh)
ICQ Toolbar (HKLM-x32\...\ICQToolbar) (Version: 3.0.0 - ICQ)
ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216026FF}) (Version: 6.0.290 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Mein CEWE FOTOBUCH (HKLM-x32\...\Mein CEWE FOTOBUCH) (Version: - )
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MiniTool Partition Wizard Home Edition 7.8 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird (7.0.1) (HKLM-x32\...\Mozilla Thunderbird (7.0.1)) (Version: 7.0.1 (de) - Mozilla)
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Re-Markable (HKLM-x32\...\9C776F3F-E8C3-86E3-3813-3F998B4B0AB9) (Version: - Re-Markable-software) <==== ATTENTION
Rossmann Fotowelt Software 4.13 (HKLM-x32\...\Rossmann Fotowelt Software) (Version: 4.13 - ORWO Net)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.11.11.7 - Conduit) <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.)
Skype™ 5.5 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.12.13.28 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.181 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.181 - Sony)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1108 - SUPERAntiSpyware.com)
Uniblue RegistryBooster (HKLM-x32\...\Uniblue RegistryBooster) (Version: 6.0.7.2 - Uniblue Systems Ltd)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points =========================

19-03-2014 02:00:26 Windows Update
29-03-2014 06:31:22 Geplanter Prüfpunkt
06-04-2014 15:16:18 Installed Java 7 Update 51
10-04-2014 01:00:30 Windows Update
17-04-2014 08:57:52 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C66CB88-5EA0-402F-B350-30B8429988FF} - System32\Tasks\DealPly => C:\Users\Acidfree\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-03-10] () <==== ATTENTION
Task: {35483F9A-B890-4D7F-AA7B-0AD954DF084C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {59E218D9-4817-40B2-B7A3-30C47F449C1B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated)
Task: {60DE7900-37DE-4C76-9300-74BB96ACB5AF} - System32\Tasks\Re-Markable Update => C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfY.exe [2014-04-13] ()
Task: {61AA7BB5-9AAE-4077-AF3D-E069A5BF7BA4} - System32\Tasks\Software Updater Ui => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Ui.exe
Task: {6489B5BA-297E-4D71-9F2A-D0412F9C8F9F} - System32\Tasks\Hoolapp for Android => C:\Users\Acidfree\AppData\Roaming\HoolappforAndroid\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {771E12AD-353D-4A95-95C0-D20E8E86DED4} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Acidfree\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {89DA27C4-8163-4746-B013-DA32B7B7E182} - System32\Tasks\Hoolapp Init => C:\Users\Acidfree\AppData\Roaming\HOOLAP~1\Hoolapp.exe <==== ATTENTION
Task: {913A7F62-EF15-4AC0-ABD0-DDDEA824F0F9} - System32\Tasks\Software Updater => C:\Program Files (x86)\SelfUpdater\SoftwareUpdater.Bootstrapper.exe
Task: {AC943F72-7EEA-408D-8A0D-56BE277BC9BD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B4829C9B-AD2A-41CB-803E-DB279E5CC739} - System32\Tasks\DealPlyUpdate => C:\Program Files (x86)\DealPly\DealPlyUpdate.exe [2012-10-21] (DealPly) <==== ATTENTION
Task: {EF2F73F4-0AB2-4F98-A296-B71F57D4B286} - System32\Tasks\Re-Markable_wd => C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfYnIw.exe [2014-04-13] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Hoolapp For Android.job => C:\Users\Acidfree\AppData\Roaming\HOOLAP~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\Hoolapp Init.job => C:\Users\Acidfree\AppData\Roaming\HOOLAP~1\Hoolapp.exe
Task: C:\Windows\Tasks\Re-Markable Update.job => C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfY.exe
Task: C:\Windows\Tasks\Re-Markable_wd.job => C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfYnIw.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 18:12 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-02 13:50 - 2014-02-04 18:35 - 01859376 _____ () C:\Windows\system32\dmwu.exe
2011-08-07 10:03 - 2010-11-21 11:49 - 00247608 _____ () C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
2011-08-25 10:17 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2014-04-13 16:51 - 2014-04-13 16:51 - 00077312 _____ () C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfYnIw.exe
2014-02-27 19:31 - 2014-02-27 19:31 - 00443384 _____ () C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-04 18:35 - 2014-02-04 18:35 - 01019184 _____ () C:\Windows\SysWOW64\jmdp\stij.exe
2014-02-04 18:35 - 2014-02-04 18:35 - 01217328 _____ () C:\Windows\System32\ljkb\stij.exe
2014-02-04 18:35 - 2014-02-04 18:35 - 01518384 _____ () C:\Windows\System32\ljkb\lmrn.dll
2014-04-13 16:51 - 2014-04-13 16:51 - 00143360 _____ () C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfY158.exe
2013-09-25 17:43 - 2014-04-11 06:56 - 00602680 _____ () C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2013-01-09 11:55 - 2012-09-19 19:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-02-01 22:33 - 2014-04-11 06:56 - 36966968 _____ () C:\Users\Acidfree\AppData\Roaming\Spotify\Data\libcef.dll
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-02-04 18:35 - 2014-02-04 18:35 - 01225520 _____ () C:\Windows\SysWOW64\jmdp\lmrn.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2014-04-13 16:51 - 2014-04-13 16:51 - 00133120 _____ () C:\Program Files (x86)\Re-Markable-soft\Re-MarkableyfY158.dll
2013-09-25 17:43 - 2014-04-11 06:56 - 00886840 _____ () C:\Users\Acidfree\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-25 17:43 - 2014-04-11 06:56 - 00108600 _____ () C:\Users\Acidfree\AppData\Roaming\Spotify\Data\libegl.dll
2014-04-14 04:21 - 2014-04-14 04:21 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
2014-03-19 14:03 - 2014-03-19 14:03 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/18/2014 09:59:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/18/2014 09:59:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/17/2014 10:50:55 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/15/2014 05:57:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/14/2014 06:30:28 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/11/2014 08:42:22 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/10/2014 03:03:29 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/07/2014 00:43:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/06/2014 06:41:18 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error: (04/05/2014 09:43:50 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7601.17514, Zeitstempel: 0x4ce7ae7f
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1677
Ausnahmecode: 0x0000046b
Fehleroffset: 0x000000000000940d
ID des fehlerhaften Prozesses: 0xb58
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3


System errors:
=============
Error: (04/18/2014 07:15:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (04/18/2014 07:15:19 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/18/2014 07:15:17 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/18/2014 07:13:49 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)

Error: (04/18/2014 07:13:32 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (04/18/2014 07:12:42 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error: (04/17/2014 04:27:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (04/17/2014 10:23:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069

Error: (04/17/2014 10:23:50 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (04/17/2014 10:23:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Google Update Service (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2


Microsoft Office Sessions:
=========================
Error: (04/18/2014 09:59:55 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Downloads\SoftonicDownloader_fuer_sf-dienstplan.exe

Error: (04/18/2014 09:59:55 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\Downloads\SoftonicDownloader_fuer_dutyplan.exe

Error: (04/17/2014 10:50:55 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/15/2014 05:57:17 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/14/2014 06:30:28 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/11/2014 08:42:22 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/10/2014 03:03:29 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/07/2014 00:43:06 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/06/2014 06:41:18 PM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exeC:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe2

Error: (04/05/2014 09:43:50 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7601.175144ce7ae7fKERNELBASE.dll6.1.7601.1822951fb16770000046b000000000000940db5801cf510533cd1f00C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll9bda1ed2-bcfa-11e3-8934-00242178af47


CodeIntegrity Errors:
===================================
Date: 2014-03-06 20:00:59.384
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\ljkb\lmrn.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-06 20:00:44.612
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\ljkb\lmrn.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-05 20:40:02.712
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\ljkb\lmrn.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-05 20:39:14.097
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\ljkb\lmrn.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-01 16:41:58.000
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-01 16:41:57.766
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-01 16:41:57.548
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7601.17514_none_36e20fd4506111dd\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-01 16:41:57.298
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-01 16:41:57.064
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2013-01-01 16:41:56.830
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows.old\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 4094.18 MB
Available physical RAM: 1844.72 MB
Total Pagefile: 8186.53 MB
Available Pagefile: 5191.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Betriebssystem) (Fixed) (Total:143.59 GB) (Free:71.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten René) (Fixed) (Total:387.97 GB) (Free:275.51 GB) NTFS
Drive e: (Rest) (Fixed) (Total:399.95 GB) (Free:241.74 GB) NTFS
Drive g: (INTENSO) (Removable) (Total:3.75 GB) (Free:3.02 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=144 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=388 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Danke für die Hilfe, gibt ja leider keine Ostereier als Smilies :-)

Liebe Grüße
Emmaline

Zitat:
Zitat von schrauber (Beitrag 1286319)

Dann müsstest Du schon ne Ausbildung zum Malware Removal Expert machen ;)
Schreib ich auf die Liste der Dinge die ich machen will, wenn meine Kinder größer sind. So uninteressant finde ich das gar nicht :-)

schrauber 18.04.2014 17:07
Gerne, ich bin dann warscheinlich immer noch hier :)


Revo Uninstaller - Download - Filepony
Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION

Mit Revo auch Moderat die Reste entfernen lassen.




Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Emmaline 19.04.2014 22:29
Hallo,

ich hab da leider ein Problem. Ich konnte nur die "Installed Progamms" mit "ATTENTION"-Vermerk löschen. Es gibt aber noch einige "Tasks" mit dem Vermerk und die konnte ich nicht löschen.

Das andere Problem ist, dass die Malware immer an der gleichen Stelle hängen bleibt und daraufhin der PC abstürzt. Das ist jetzt 3x passiert. Die 2x, die ich den Vorgang beobachtet habe, blieb das Programm an der gleichen Stelle hängen. Eine Audiodatei auf dem Desktop.

Was soll ich jetzt machen.

Frohe Ostern
Emmaline

schrauber 20.04.2014 18:10
Tasks und MBAM weglassen :)

Emmaline 21.04.2014 10:24
Sooo, hab die Audiodatei gelöscht und dann ging alles.

Hier die ganzen Files

Zitat:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 20.04.2014 07:18:43, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, Starting,
Protection, 20.04.2014 07:18:43, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, Started,
Protection, 20.04.2014 07:18:43, SYSTEM, ACIDFREE-PC, Protection, Malicious Website Protection, Starting,
Protection, 20.04.2014 07:19:17, SYSTEM, ACIDFREE-PC, Protection, Malicious Website Protection, Failed,
Error, 20.04.2014 07:19:17, SYSTEM, ACIDFREE-PC, Protection, MWAC::CreateList - Block List, 3221225473,
Detection, 20.04.2014 07:29:31, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [7eb7d3596f0c75c1c3e7283337ca2cd4]
Protection, 20.04.2014 07:29:31, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 20.04.2014 07:29:31, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Update, 20.04.2014 07:46:06, SYSTEM, ACIDFREE-PC, Scheduler, Malware Database, 2014.4.19.9, 2014.4.20.2,
Protection, 20.04.2014 07:46:08, SYSTEM, ACIDFREE-PC, Protection, Refresh, Starting,
Protection, 20.04.2014 07:46:21, SYSTEM, ACIDFREE-PC, Protection, Refresh, Success,
Detection, 20.04.2014 07:49:00, Acidfree, ACIDFREE-PC, Protection, Malware Protection, File, PUP.Optional.InstallCore.A, C:\Users\Acidfree\AppData\Local\Temp\nsg2A15.tmp, Quarantine, [7d15012b67147db981ba234960a13bc5]
Detection, 20.04.2014 08:07:56, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [bdd52903ee8d84b2b6f52e2d6d943ac6]
Protection, 20.04.2014 08:07:56, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 20.04.2014 08:07:56, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 20.04.2014 08:08:02, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [bdd52903ee8d84b2b6f52e2d6d943ac6]
Protection, 20.04.2014 08:08:02, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 20.04.2014 08:08:02, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 20.04.2014 08:09:35, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [bdd52903ee8d84b2b6f52e2d6d943ac6]
Protection, 20.04.2014 08:09:35, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 20.04.2014 08:09:35, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Detection, 20.04.2014 08:19:29, SYSTEM, ACIDFREE-PC, Protection, Malware Protection, File, PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantine, [bdd52903ee8d84b2b6f52e2d6d943ac6]
Protection, 20.04.2014 08:19:29, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Error, 20.04.2014 08:19:29, SYSTEM, ACIDFREE-PC, Protection, DeleteFile, 5, Failed, C:\ProgramData\WPM\wprotectmanager.exe,
Update, 20.04.2014 12:21:36, SYSTEM, ACIDFREE-PC, Scheduler, Malware Database, 2014.4.20.2, 2014.4.20.3,
Protection, 20.04.2014 12:21:37, SYSTEM, ACIDFREE-PC, Protection, Refresh, Starting,
Protection, 20.04.2014 12:21:49, SYSTEM, ACIDFREE-PC, Protection, Refresh, Success,

(end)
Adw Cleaner hab ich ist aber zu groß. Liefere ich bei Bedarf.

Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Acidfree on 20.04.2014 at 13:49:51,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4292617380-400896395-2015133285-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A4A37A65-E638-486B-831A-5511E241A09C}



~~~ Files

Successfully deleted: [File] "C:\Users\Acidfree\appdata\locallow\SkwConfig.bin"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"



~~~ FireFox

Successfully deleted the following from C:\Users\Acidfree\AppData\Roaming\mozilla\firefox\profiles\bag98wu8.default\prefs.js

user_pref("CT2269050./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXl
user_pref("CT2269050./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3l
Emptied folder: C:\Users\Acidfree\AppData\Roaming\mozilla\firefox\profiles\bag98wu8.default\minidumps [457 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.04.2014 at 13:57:06,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014
Ran by Acidfree (administrator) on ACIDFREE-PC on 20-04-2014 14:07:43
Running from C:\Users\Acidfree\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) E:\Photoshop\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
( ) C:\Windows\system32\lxczcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Spotify Ltd) C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Nullsoft, Inc.) D:\Winamp\winampa.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [WinampAgent] => D:\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [ICQ] => D:\ICQ7.5\ICQ.exe [124480 2011-08-01] (ICQ, LLC.)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Hoolapp Android] => /Minimized
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Spotify Web Helper] => C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Spotify] => C:\Users\Acidfree\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [PrivacyDr] => C:\Program Files (x86)\Privacy Dr\PrivacyDr.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {237ce8bd-cee5-11e0-b0cf-00242178af47} - J:\Startme.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {2518b13b-372c-11e2-87e8-00242178af47} - G:\pushinst.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {5738becf-f4ff-11e1-8895-806e6f6e6963} - explorer index_GB.html
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {afbc22a3-b183-11e1-b4a9-00242178af47} - G:\Setup.exe
Startup: C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x449DEC206E54CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-29.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-30.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Evernote Web Clipper - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
FF Extension: DivX Web Player - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-03-01]
FF Extension: GMX MailCheck - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\toolbar@gmx.net.xpi [2012-05-04]
FF Extension: Ask Toolbar - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-02-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (registryAccess) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.1.0_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Users\Acidfree\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Extension: (No Name) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-09-02]
CHR Extension: (Skype Click to Call) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; E:\Photoshop\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vosr; C:\Users\Acidfree\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-20] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-20 14:07 - 2014-04-20 14:07 - 00000000 ____D () C:\Users\Acidfree\Desktop\FRST-OlderVersion
2014-04-20 13:57 - 2014-04-20 14:04 - 00002052 _____ () C:\Users\Acidfree\Desktop\JRT.txt
2014-04-20 13:49 - 2014-04-20 13:49 - 01016261 _____ (Thisisu) C:\Users\Acidfree\Desktop\JRT.exe
2014-04-20 13:49 - 2014-04-20 13:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 13:48 - 2014-04-20 13:48 - 00123323 _____ () C:\Users\Acidfree\Desktop\AdwCleaner[S0].txt
2014-04-20 13:17 - 2014-04-20 13:24 - 00000000 ____D () C:\AdwCleaner
2014-04-20 13:17 - 2014-04-20 13:16 - 01308369 _____ () C:\Users\Acidfree\Desktop\adwcleaner.exe
2014-04-20 13:00 - 2014-04-20 13:00 - 00003654 _____ () C:\Users\Acidfree\Desktop\mbam.txt
2014-04-19 21:55 - 2014-04-19 21:55 - 423694260 _____ () C:\Windows\MEMORY.DMP
2014-04-19 21:55 - 2014-04-19 21:55 - 00298800 _____ () C:\Windows\Minidump\041914-17659-01.dmp
2014-04-19 21:13 - 2014-04-20 13:37 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 21:13 - 2014-04-19 21:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 21:13 - 2014-04-19 21:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 21:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 21:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 21:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 20:51 - 2014-04-19 20:51 - 00001278 _____ () C:\Users\Acidfree\Desktop\Revo Uninstaller.lnk
2014-04-19 20:51 - 2014-04-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-18 12:01 - 2014-04-18 14:47 - 00003368 _____ () C:\Windows\System32\Tasks\PrivacyDr_Splash
2014-04-18 12:01 - 2014-04-18 12:03 - 00000000 ____D () C:\Users\Acidfree\Documents\PrivacyDr
2014-04-18 12:01 - 2014-04-18 12:01 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\HistoryCleaner
2014-04-18 11:58 - 2014-04-18 11:58 - 01097384 _____ (AnyProtect.com) C:\Users\Acidfree\AppData\Local\nsvD72C.tmp
2014-04-18 10:11 - 2014-04-18 10:11 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Evernote
2014-04-18 10:10 - 2014-04-18 10:10 - 00000932 _____ () C:\Users\Acidfree\Desktop\Evernote.lnk
2014-04-18 10:10 - 2014-04-18 10:10 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-04-18 10:02 - 2014-04-18 10:08 - 00027724 _____ () C:\Users\Acidfree\Desktop\Addition.txt
2014-04-18 10:00 - 2014-04-20 14:07 - 02055680 _____ (Farbar) C:\Users\Acidfree\Desktop\FRST64.exe
2014-04-18 10:00 - 2014-04-20 14:07 - 00017482 _____ () C:\Users\Acidfree\Desktop\FRST.txt
2014-04-18 10:00 - 2014-04-20 14:07 - 00000000 ____D () C:\FRST
2014-04-13 16:51 - 2014-04-20 13:48 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-04-13 16:51 - 2014-04-19 21:06 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 16:51 - 2014-04-13 16:51 - 00001146 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-04-13 16:51 - 2014-04-13 16:51 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\FastMediaConverter
2014-04-09 07:24 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 07:24 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 07:24 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 07:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-06 17:18 - 2014-04-06 17:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 17:17 - 2014-04-06 17:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

2014-04-20 14:08 - 2014-04-18 10:00 - 00017482 _____ () C:\Users\Acidfree\Desktop\FRST.txt
2014-04-20 14:07 - 2014-04-20 14:07 - 00000000 ____D () C:\Users\Acidfree\Desktop\FRST-OlderVersion
2014-04-20 14:07 - 2014-04-18 10:00 - 02055680 _____ (Farbar) C:\Users\Acidfree\Desktop\FRST64.exe
2014-04-20 14:07 - 2014-04-18 10:00 - 00000000 ____D () C:\FRST
2014-04-20 14:06 - 2012-11-02 09:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 14:04 - 2014-04-20 13:57 - 00002052 _____ () C:\Users\Acidfree\Desktop\JRT.txt
2014-04-20 13:49 - 2014-04-20 13:49 - 01016261 _____ (Thisisu) C:\Users\Acidfree\Desktop\JRT.exe
2014-04-20 13:49 - 2014-04-20 13:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 13:48 - 2014-04-20 13:48 - 00123323 _____ () C:\Users\Acidfree\Desktop\AdwCleaner[S0].txt
2014-04-20 13:48 - 2014-04-13 16:51 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-04-20 13:48 - 2013-02-01 22:32 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\Spotify
2014-04-20 13:47 - 2011-08-07 10:03 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\ICQ
2014-04-20 13:42 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 13:42 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 13:37 - 2014-04-19 21:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-20 13:36 - 2011-08-19 21:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 13:34 - 2011-09-16 05:04 - 00135787 _____ () C:\Windows\setupact.log
2014-04-20 13:34 - 2011-08-06 21:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-20 13:34 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 13:33 - 2011-08-06 20:48 - 01294945 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 13:27 - 2011-08-19 21:27 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 13:24 - 2014-04-20 13:17 - 00000000 ____D () C:\AdwCleaner
2014-04-20 13:16 - 2014-04-20 13:17 - 01308369 _____ () C:\Users\Acidfree\Desktop\adwcleaner.exe
2014-04-20 13:03 - 2011-10-21 08:26 - 00319134 _____ () C:\Windows\PFRO.log
2014-04-20 13:00 - 2014-04-20 13:00 - 00003654 _____ () C:\Users\Acidfree\Desktop\mbam.txt
2014-04-19 22:47 - 2011-08-07 08:15 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-19 22:40 - 2011-08-06 21:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-19 21:55 - 2014-04-19 21:55 - 423694260 _____ () C:\Windows\MEMORY.DMP
2014-04-19 21:55 - 2014-04-19 21:55 - 00298800 _____ () C:\Windows\Minidump\041914-17659-01.dmp
2014-04-19 21:55 - 2011-08-08 06:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-19 21:13 - 2014-04-19 21:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 21:13 - 2014-04-19 21:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 21:13 - 2012-09-03 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 21:11 - 2011-08-06 21:34 - 00001152 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 21:11 - 2011-08-06 21:03 - 00001435 _____ () C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-19 21:06 - 2014-04-13 16:51 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 20:51 - 2014-04-19 20:51 - 00001278 _____ () C:\Users\Acidfree\Desktop\Revo Uninstaller.lnk
2014-04-19 20:51 - 2014-04-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-18 14:47 - 2014-04-18 12:01 - 00003368 _____ () C:\Windows\System32\Tasks\PrivacyDr_Splash
2014-04-18 12:03 - 2014-04-18 12:01 - 00000000 ____D () C:\Users\Acidfree\Documents\PrivacyDr
2014-04-18 12:01 - 2014-04-18 12:01 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\HistoryCleaner
2014-04-18 11:58 - 2014-04-18 11:58 - 01097384 _____ (AnyProtect.com) C:\Users\Acidfree\AppData\Local\nsvD72C.tmp
2014-04-18 10:12 - 2011-08-06 21:03 - 00000000 ___RD () C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 10:11 - 2014-04-18 10:11 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Evernote
2014-04-18 10:10 - 2014-04-18 10:10 - 00000932 _____ () C:\Users\Acidfree\Desktop\Evernote.lnk
2014-04-18 10:10 - 2014-04-18 10:10 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-04-18 10:08 - 2014-04-18 10:02 - 00027724 _____ () C:\Users\Acidfree\Desktop\Addition.txt
2014-04-14 17:29 - 2013-02-01 22:33 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Spotify
2014-04-14 04:21 - 2012-11-02 09:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-14 04:21 - 2012-10-03 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-14 04:21 - 2011-08-22 10:13 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Adobe
2014-04-14 04:21 - 2011-08-07 08:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-13 16:51 - 2014-04-13 16:51 - 00001146 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-04-13 16:51 - 2014-04-13 16:51 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\FastMediaConverter
2014-04-13 16:51 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-13 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-10 03:57 - 2013-05-23 19:02 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:02 - 2013-07-24 21:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:01 - 2011-12-12 08:37 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-06 17:18 - 2014-04-06 17:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 17:17 - 2014-04-06 17:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-06 17:17 - 2012-09-13 16:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-06 17:17 - 2011-12-01 08:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-06 17:17 - 2011-12-01 08:43 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-06 17:17 - 2011-08-17 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-04 16:00 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-04 16:00 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-04 16:00 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 09:51 - 2014-04-19 21:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 21:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 21:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 18:50 - 2013-12-18 19:25 - 00000202 _____ () C:\Users\Acidfree\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-09 07:24 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 07:24 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-22 09:48 - 2011-10-20 17:38 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\Winamp

Files to move or delete:
====================
C:\ProgramData\nud0repor.pad


Some content of TEMP:
====================
C:\Users\Acidfree\AppData\Local\Temp\APNSetup.exe
C:\Users\Acidfree\AppData\Local\Temp\avgnt.exe
C:\Users\Acidfree\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Acidfree\AppData\Local\Temp\installer.exe
C:\Users\Acidfree\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Acidfree\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Acidfree\AppData\Local\Temp\PrivacyDrSetup_S.exe
C:\Users\Acidfree\AppData\Local\Temp\Quarantine.exe
C:\Users\Acidfree\AppData\Local\Temp\setup.exe
C:\Users\Acidfree\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-09 06:09

==================== End Of Log ============================
--- --- ---



Ich mach dann mal die Anfangs Logs am Laptop. Den hab ich nicht so oft.

Liebe Grüße
Emmaline

schrauber 21.04.2014 20:55

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Emmaline 22.04.2014 12:40
Sieht alles ganz gut aus :-)

ESET
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1ebb9b40695b044fad82406b94f36bab
# engine=17973
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-22 11:00:37
# local_time=2014-04-22 01:00:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 1002 263587727 0 0
# compatibility_mode=5893 16776574 100 94 23650447 149794287 0 0
# scanned=16741
# found=1
# cleaned=0
# scan_time=459
sh=0F29B7B220F387944DFFDFAC3BD1CC1C94E1B857 ft=1 fh=7db2e4fee41f1bdd vn="a variant of Win32/Skintrim.MG trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Acidfree\AppData\Local\genesis\Genesis.exe.vir"
Checkup
Zitat:
Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
AntiVir Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java(TM) 6 Update 29
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 13.0.0.182
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (7.0.1) Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by Acidfree (administrator) on ACIDFREE-PC on 22-04-2014 13:34:44
Running from C:\Users\Acidfree\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) E:\Photoshop\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
( ) C:\Windows\system32\lxczcoms.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Spotify Ltd) C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\FastMediaConverter\FastMediaConverterApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Nullsoft, Inc.) D:\Winamp\winampa.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [WinampAgent] => D:\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [ICQ] => D:\ICQ7.5\ICQ.exe [124480 2011-08-01] (ICQ, LLC.)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Hoolapp Android] => /Minimized
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Spotify Web Helper] => C:\Users\Acidfree\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Spotify] => C:\Users\Acidfree\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-11] (Spotify Ltd)
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [PrivacyDr] => C:\Program Files (x86)\Privacy Dr\PrivacyDr.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {237ce8bd-cee5-11e0-b0cf-00242178af47} - J:\Startme.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {2518b13b-372c-11e2-87e8-00242178af47} - G:\pushinst.exe
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {5738becf-f4ff-11e1-8895-806e6f6e6963} - explorer index_GB.html
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\MountPoints2: {afbc22a3-b183-11e1-b4a9-00242178af47} - G:\Setup.exe
Startup: C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x449DEC206E54CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM-x32 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ICQ Sparberater - {5A0D6E4B-B0DF-4148-8B1E-F7A430FF5E24} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: ICQ Search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: ICQ Search
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-26.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-27.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-28.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-29.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\icqplugin-30.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Evernote Web Clipper - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2013-12-19]
FF Extension: DivX Web Player - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\DivXWebPlayer@divx.com.xpi [2012-03-01]
FF Extension: GMX MailCheck - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\toolbar@gmx.net.xpi [2012-05-04]
FF Extension: Ask Toolbar - C:\Users\Acidfree\AppData\Roaming\Mozilla\Firefox\Profiles\bag98wu8.default\Extensions\toolbar_ORJ-V7C@apn.ask.com.xpi [2014-02-25]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.83\pdf.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (registryAccess) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.1.0_0\background/registryAccess.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Unity Player) - C:\Users\Acidfree\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Extension: (No Name) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj [2012-09-02]
CHR Extension: (Skype Click to Call) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-08-19]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Acidfree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-03-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor7.0; E:\Photoshop\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-26] (APN LLC.)
R2 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
R2 lxcz_device; C:\Windows\SysWOW64\lxczcoms.exe [537520 2007-04-19] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 vosr; C:\Users\Acidfree\AppData\Roaming\VOPackage\VOsrv.exe [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2013-03-07] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [9584 2013-03-07] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 13:24 - 2014-04-22 13:24 - 00001177 _____ () C:\Users\Acidfree\Desktop\checkup.txt
2014-04-22 13:03 - 2014-04-22 13:02 - 00855379 _____ () C:\Users\Acidfree\Desktop\SecurityCheck.exe
2014-04-22 13:02 - 2014-04-22 13:02 - 00000917 _____ () C:\Users\Acidfree\Desktop\ESET.txt
2014-04-22 12:50 - 2014-04-22 12:50 - 02347384 _____ (ESET) C:\Users\Acidfree\Desktop\esetsmartinstaller_enu.exe
2014-04-20 14:12 - 2014-04-20 14:12 - 00033047 _____ () C:\Users\Acidfree\Desktop\FRST2.txt
2014-04-20 14:07 - 2014-04-22 13:34 - 00000000 ____D () C:\Users\Acidfree\Desktop\FRST-OlderVersion
2014-04-20 13:57 - 2014-04-20 14:04 - 00002052 _____ () C:\Users\Acidfree\Desktop\JRT.txt
2014-04-20 13:49 - 2014-04-20 13:49 - 01016261 _____ (Thisisu) C:\Users\Acidfree\Desktop\JRT.exe
2014-04-20 13:49 - 2014-04-20 13:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 13:48 - 2014-04-20 13:48 - 00123323 _____ () C:\Users\Acidfree\Desktop\AdwCleaner[S0].txt
2014-04-20 13:17 - 2014-04-20 13:24 - 00000000 ____D () C:\AdwCleaner
2014-04-20 13:17 - 2014-04-20 13:16 - 01308369 _____ () C:\Users\Acidfree\Desktop\adwcleaner.exe
2014-04-20 13:00 - 2014-04-20 13:00 - 00003654 _____ () C:\Users\Acidfree\Desktop\mbam.txt
2014-04-19 21:55 - 2014-04-19 21:55 - 423694260 _____ () C:\Windows\MEMORY.DMP
2014-04-19 21:55 - 2014-04-19 21:55 - 00298800 _____ () C:\Windows\Minidump\041914-17659-01.dmp
2014-04-19 21:13 - 2014-04-22 13:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 21:13 - 2014-04-19 21:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 21:13 - 2014-04-19 21:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 21:13 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-19 21:13 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-19 21:13 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-19 20:51 - 2014-04-19 20:51 - 00001278 _____ () C:\Users\Acidfree\Desktop\Revo Uninstaller.lnk
2014-04-19 20:51 - 2014-04-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-18 12:01 - 2014-04-18 14:47 - 00003368 _____ () C:\Windows\System32\Tasks\PrivacyDr_Splash
2014-04-18 12:01 - 2014-04-18 12:03 - 00000000 ____D () C:\Users\Acidfree\Documents\PrivacyDr
2014-04-18 12:01 - 2014-04-18 12:01 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\HistoryCleaner
2014-04-18 11:58 - 2014-04-18 11:58 - 01097384 _____ (AnyProtect.com) C:\Users\Acidfree\AppData\Local\nsvD72C.tmp
2014-04-18 10:11 - 2014-04-18 10:11 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Evernote
2014-04-18 10:10 - 2014-04-18 10:10 - 00000932 _____ () C:\Users\Acidfree\Desktop\Evernote.lnk
2014-04-18 10:10 - 2014-04-18 10:10 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-04-18 10:02 - 2014-04-18 10:08 - 00027724 _____ () C:\Users\Acidfree\Desktop\Addition.txt
2014-04-18 10:00 - 2014-04-22 13:34 - 02061312 _____ (Farbar) C:\Users\Acidfree\Desktop\FRST64.exe
2014-04-18 10:00 - 2014-04-22 13:34 - 00017476 _____ () C:\Users\Acidfree\Desktop\FRST.txt
2014-04-18 10:00 - 2014-04-22 13:34 - 00000000 ____D () C:\FRST
2014-04-13 16:51 - 2014-04-22 13:33 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-04-13 16:51 - 2014-04-19 21:06 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-13 16:51 - 2014-04-13 16:51 - 00001146 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-04-13 16:51 - 2014-04-13 16:51 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\FastMediaConverter
2014-04-09 07:24 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 07:24 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 07:24 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 07:24 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 07:24 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 07:24 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 07:24 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 07:24 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 07:24 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 07:24 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 07:24 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 07:24 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 07:24 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 07:24 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 07:24 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 07:24 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 07:24 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-06 17:18 - 2014-04-06 17:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 17:17 - 2014-04-06 17:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

==================== One Month Modified Files and Folders =======

2014-04-22 13:34 - 2014-04-20 14:07 - 00000000 ____D () C:\Users\Acidfree\Desktop\FRST-OlderVersion
2014-04-22 13:34 - 2014-04-18 10:00 - 02061312 _____ (Farbar) C:\Users\Acidfree\Desktop\FRST64.exe
2014-04-22 13:34 - 2014-04-18 10:00 - 00017476 _____ () C:\Users\Acidfree\Desktop\FRST.txt
2014-04-22 13:34 - 2014-04-18 10:00 - 00000000 ____D () C:\FRST
2014-04-22 13:33 - 2014-04-13 16:51 - 00000000 ____D () C:\Program Files (x86)\FastMediaConverter
2014-04-22 13:28 - 2014-04-19 21:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 13:27 - 2011-08-19 21:27 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 13:24 - 2014-04-22 13:24 - 00001177 _____ () C:\Users\Acidfree\Desktop\checkup.txt
2014-04-22 13:06 - 2012-11-02 09:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 13:02 - 2014-04-22 13:03 - 00855379 _____ () C:\Users\Acidfree\Desktop\SecurityCheck.exe
2014-04-22 13:02 - 2014-04-22 13:02 - 00000917 _____ () C:\Users\Acidfree\Desktop\ESET.txt
2014-04-22 12:52 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 12:52 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 12:52 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 12:51 - 2013-02-01 22:32 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\Spotify
2014-04-22 12:50 - 2014-04-22 12:50 - 02347384 _____ (ESET) C:\Users\Acidfree\Desktop\esetsmartinstaller_enu.exe
2014-04-22 12:48 - 2011-08-07 10:03 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\ICQ
2014-04-22 12:47 - 2011-08-19 21:27 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 12:46 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 12:46 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 12:42 - 2011-08-06 20:48 - 01369921 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 12:38 - 2011-09-16 05:04 - 00135955 _____ () C:\Windows\setupact.log
2014-04-22 12:38 - 2011-08-06 21:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-22 12:38 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 14:12 - 2014-04-20 14:12 - 00033047 _____ () C:\Users\Acidfree\Desktop\FRST2.txt
2014-04-20 14:04 - 2014-04-20 13:57 - 00002052 _____ () C:\Users\Acidfree\Desktop\JRT.txt
2014-04-20 13:49 - 2014-04-20 13:49 - 01016261 _____ (Thisisu) C:\Users\Acidfree\Desktop\JRT.exe
2014-04-20 13:49 - 2014-04-20 13:49 - 00000000 ____D () C:\Windows\ERUNT
2014-04-20 13:48 - 2014-04-20 13:48 - 00123323 _____ () C:\Users\Acidfree\Desktop\AdwCleaner[S0].txt
2014-04-20 13:24 - 2014-04-20 13:17 - 00000000 ____D () C:\AdwCleaner
2014-04-20 13:23 - 2011-08-07 10:03 - 00000000 ____D () C:\ProgramData\ICQ
2014-04-20 13:16 - 2014-04-20 13:17 - 01308369 _____ () C:\Users\Acidfree\Desktop\adwcleaner.exe
2014-04-20 13:03 - 2011-10-21 08:26 - 00319134 _____ () C:\Windows\PFRO.log
2014-04-20 13:00 - 2014-04-20 13:00 - 00003654 _____ () C:\Users\Acidfree\Desktop\mbam.txt
2014-04-19 22:47 - 2011-08-07 08:15 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-04-19 22:40 - 2011-08-06 21:29 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-04-19 21:55 - 2014-04-19 21:55 - 423694260 _____ () C:\Windows\MEMORY.DMP
2014-04-19 21:55 - 2014-04-19 21:55 - 00298800 _____ () C:\Windows\Minidump\041914-17659-01.dmp
2014-04-19 21:55 - 2011-08-08 06:57 - 00000000 ____D () C:\Windows\Minidump
2014-04-19 21:13 - 2014-04-19 21:13 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-19 21:13 - 2014-04-19 21:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-19 21:13 - 2012-09-03 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 21:11 - 2011-08-06 21:34 - 00001152 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 21:11 - 2011-08-06 21:03 - 00001435 _____ () C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-19 21:06 - 2014-04-13 16:51 - 00000444 __RSH () C:\ProgramData\ntuser.pol
2014-04-19 20:51 - 2014-04-19 20:51 - 00001278 _____ () C:\Users\Acidfree\Desktop\Revo Uninstaller.lnk
2014-04-19 20:51 - 2014-04-19 20:51 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-04-18 14:47 - 2014-04-18 12:01 - 00003368 _____ () C:\Windows\System32\Tasks\PrivacyDr_Splash
2014-04-18 12:03 - 2014-04-18 12:01 - 00000000 ____D () C:\Users\Acidfree\Documents\PrivacyDr
2014-04-18 12:01 - 2014-04-18 12:01 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\HistoryCleaner
2014-04-18 11:58 - 2014-04-18 11:58 - 01097384 _____ (AnyProtect.com) C:\Users\Acidfree\AppData\Local\nsvD72C.tmp
2014-04-18 10:12 - 2011-08-06 21:03 - 00000000 ___RD () C:\Users\Acidfree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 10:11 - 2014-04-18 10:11 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Evernote
2014-04-18 10:10 - 2014-04-18 10:10 - 00000932 _____ () C:\Users\Acidfree\Desktop\Evernote.lnk
2014-04-18 10:10 - 2014-04-18 10:10 - 00000000 ____D () C:\Program Files (x86)\Evernote
2014-04-18 10:08 - 2014-04-18 10:02 - 00027724 _____ () C:\Users\Acidfree\Desktop\Addition.txt
2014-04-14 17:29 - 2013-02-01 22:33 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Spotify
2014-04-14 04:21 - 2012-11-02 09:07 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-14 04:21 - 2012-10-03 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-14 04:21 - 2011-08-22 10:13 - 00000000 ____D () C:\Users\Acidfree\AppData\Local\Adobe
2014-04-14 04:21 - 2011-08-07 08:14 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-13 16:51 - 2014-04-13 16:51 - 00001146 _____ () C:\Users\Public\Desktop\Fast Media Converter.lnk
2014-04-13 16:51 - 2014-04-13 16:51 - 00000000 ____D () C:\Users\Acidfree\AppData\Roaming\FastMediaConverter
2014-04-13 16:51 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-13 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-04-10 03:57 - 2013-05-23 19:02 - 00000000 ____D () C:\Windows\rescache
2014-04-10 03:02 - 2013-07-24 21:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 03:01 - 2011-12-12 08:37 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork
2014-04-06 17:19 - 2014-04-06 17:19 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-04-06 17:18 - 2014-04-06 17:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-06 17:17 - 2014-04-06 17:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-06 17:17 - 2012-09-13 16:16 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-06 17:17 - 2011-12-01 08:43 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-06 17:17 - 2011-12-01 08:43 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-06 17:17 - 2011-08-17 16:40 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-03 09:51 - 2014-04-19 21:13 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-19 21:13 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-19 21:13 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 18:50 - 2013-12-18 19:25 - 00000202 _____ () C:\Users\Acidfree\AppData\Roaming\WB.CFG
2014-03-31 03:16 - 2014-04-09 07:24 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-31 03:13 - 2014-04-09 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-31 02:13 - 2014-04-09 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-31 01:57 - 2014-04-09 07:24 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

Files to move or delete:
====================
C:\ProgramData\nud0repor.pad


Some content of TEMP:
====================
C:\Users\Acidfree\AppData\Local\Temp\APNSetup.exe
C:\Users\Acidfree\AppData\Local\Temp\avgnt.exe
C:\Users\Acidfree\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Acidfree\AppData\Local\Temp\installer.exe
C:\Users\Acidfree\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Acidfree\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Acidfree\AppData\Local\Temp\PrivacyDrSetup_S.exe
C:\Users\Acidfree\AppData\Local\Temp\Quarantine.exe
C:\Users\Acidfree\AppData\Local\Temp\setup.exe
C:\Users\Acidfree\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-20 14:48

==================== End Of Log ============================
--- --- ---


Danke :-)

schrauber 22.04.2014 19:06
Java und Thunderbird updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Hoolapp Android] => /Minimized
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\nud0repor.pad

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Downloade dir bitte Farbar Service Scanner Farbar Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.



Emmaline 22.04.2014 21:39
Java habe ich aktuallisiert.
Thunderbird wird überhaupt nicht mehr genutzt. Soll ich es trotzdem aktuallisieren?

Hier die gewünschten Infos:
Fixlog
Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by Acidfree at 2014-04-22 22:21:30 Run:1
Running from C:\Users\Acidfree\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-4292617380-400896395-2015133285-1000\...\Run: [Hoolapp Android] => /Minimized
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\nud0repor.pad
*****************

HKU\S-1-5-21-4292617380-400896395-2015133285-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hoolapp Android => Value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\ProgramData\nud0repor.pad => Moved successfully.


The system needed a reboot.

==== End of Fixlog ====
Zitat:
Farbar Service Scanner Version: 25-02-2014
Ran by Acidfree (administrator) on 22-04-2014 at 22:28:51
Running from "C:\Users\Acidfree\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of WinDefend. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of WinDefend. The value does not exist.
Unable to retrieve ServiceDll of WinDefend. The value does not exist.


Other Services:
==============
Checking Start type iphlpsvc: ATTENTION!=====> Unable to retrieve start type of iphlpsvc. The value does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to retrieve ImagePath of iphlpsvc. The value does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to retrieve ServiceDll of iphlpsvc. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
Liebe Grüße
Emmaline


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:03 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131