Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Qon8 Problem, Avira wurde geblockt, (https://www.trojaner-board.de/154101-qon8-problem-avira-wurde-geblockt.html)

huhuhu 19.05.2014 22:00
Qon8 Problem, Avira wurde geblockt,
 
Hallo liebe Helfer,
ich habe mir mit einem Download riesige Probleme eingehandelt. Zum einen Qone8, zum anderen ist Avira blockiert. Darüber hinaus habe ich versucht hier schon Vorbereitungen für Logfiles zu erstellen und bin immer wieder umgeleitet worden, mit der Aufforderungen Adobe irgendwas runterzuladen.
Ich habe jetzt diverse Screenshots gemacht, von den Umleitungen wenn ich innerhalb des Board auf Links klicke, weiß aber nicht wie ich das posten kann.

Ich bitte deswegen, ohne das ich irgendwas vorab runterladen kann um Hilfe. Besten Dank

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:08 on 19/05/2014 (Sylvia Schmidt)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Sylvia Schmidt (administrator) on SYLVIASCHMIDT on 19-05-2014 22:10:25
Running from C:\Users\Sylvia Schmidt\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
() C:\Users\Sylvia Schmidt\AppData\Local\Temp\NOD984.tmp
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Updater) C:\ProgramData\Updater\updater.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(WatchDog) C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe
(WatchDog) C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe
(WatchDog) C:\ProgramData\RHelpers\IeHelper\IeHelper.exe
() C:\Users\Sylvia Schmidt\AppData\Local\Temp\NOD5BC.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
() C:\Program Files\CouponDownloader\CouponDownloaderService64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(UpdaterResponse) C:\Users\Sylvia Schmidt\AppData\Local\Temp\setup{6077ED47-2AB2-4114-B22C-FE51C9D0821B}.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [485960 2014-04-12] ( )
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Updater] => C:\ProgramData\Updater\Updater.exe [486264 2013-12-19] (Updater)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [RadioRage EPM Support] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe [12872 2014-04-12] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe [55368 2014-04-12] (Mindspark)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon.exe [61512 2014-04-12] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [RadioRage_4j Browser Plugin Loader 64] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbrmon64.exe [71752 2014-04-12] (VER_COMPANY_NAME)
HKLM-x32\...\Runonce: [removeSettingsManagerdatamngr] - cmd.exe /c RD /S /Q "C:\Program Files (x86)\Settings Manager" [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [Updater] => C:\ProgramData\Updater\updater.exe [486264 2013-12-19] (Updater)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QONE8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo laptops - ThinkPads & IdeaPad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QONE8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = QONE8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = QONE8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = QONE8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
URLSearchHook: HKCU - (No Name) - {3c35ad63-af1d-4e21-b484-b6651a8efcf9} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe QONE8
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=12565&tm=350&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1400311128&from=adks&uid=WDCXWD5000BPVT-08HXZT1_WD-WXR1A816032360323&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=12565&tm=350&src=ds&p={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: CouponDownloader - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\Coupon Downloader\Coupon Downloader.dll ()
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: Toolbar BHO - {48909954-14fb-4971-a7b3-47e7af10b38a} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
BHO-x32: Search Assistant BHO - {5848763c-2668-44ca-adbe-2999a6ee2858} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrcAs.dll (Mindspark)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - RadioRage - {78ba36c9-6036-482b-b48d-ecca6f964b84} - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbar.dll (Mindspark)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RadioRage_4j.com/Plugin - C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll (Mindspark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sylvia Schmidt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-02-05]
FF Extension: M2k Downloader - C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi [2013-04-08]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 CouponDownloaderService64; c:\Program Files\CouponDownloader\CouponDownloaderService64.exe [172544 2014-05-01] ()
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 RadioRage_4jService; C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe [88648 2014-04-12] (COMPANYVERS_NAME)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()
R2 rqpbhevlkc64; C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=A6ADCE5D-859A-4E7E-B0B2-D07F8AB9237E [X]
R2 vxlsnyaiet64; C:\Program Files\003\vxlsnyaiet64.exe run options=01100010030000000000000000000000 sourceguid=CB78F643-3729-434F-8C25-F28D15F025F3 [X]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
R4 F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\systemk\x64\systemkmgrc1.cfg [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 22:10 - 2014-05-19 22:11 - 00019722 _____ () C:\Users\Sylvia Schmidt\Desktop\FRST.txt
2014-05-19 22:10 - 2014-05-19 22:10 - 00000000 ____D () C:\FRST
2014-05-19 22:08 - 2014-05-19 22:08 - 02067456 _____ (Farbar) C:\Users\Sylvia Schmidt\Desktop\FRST64.exe
2014-05-19 22:07 - 2014-05-19 22:08 - 00000490 _____ () C:\Users\Sylvia Schmidt\Desktop\defogger_disable.log
2014-05-19 22:07 - 2014-05-19 22:07 - 00000000 _____ () C:\Users\Sylvia Schmidt\defogger_reenable
2014-05-19 22:04 - 2014-05-19 22:04 - 00050477 _____ () C:\Users\Sylvia Schmidt\Desktop\Defogger.exe
2014-05-19 21:32 - 2014-05-19 21:56 - 01315424 _____ () C:\Users\Sylvia Schmidt\Desktop\OpenDocument Text (neu) (2).odt
2014-05-18 22:14 - 2014-05-19 21:42 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 ____D () C:\Program Files (x86)\Coupon Downloader
2014-05-18 21:49 - 2014-05-18 21:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-18 21:17 - 2014-05-19 20:45 - 00000514 _____ () C:\Users\Sylvia Schmidt\Desktop\Trojaner-Board - Viren und Trojaner entfernen - kostenlos.website
2014-05-17 21:13 - 2014-05-17 22:27 - 00000392 _____ () C:\Windows\setupact.log
2014-05-17 21:13 - 2014-05-17 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:34 - 2014-05-17 09:34 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-05-17 09:33 - 2014-05-19 01:08 - 00000000 ____D () C:\Program Files\004
2014-05-17 09:33 - 2014-05-12 17:03 - 01728484 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\AnyProtectScannerSetup.exe
2014-05-17 09:25 - 2014-05-17 09:25 - 00000322 _____ () C:\Users\Sylvia Schmidt\AppData\Roaming\aps.uninstall.scan.results
2014-05-17 09:24 - 2014-05-17 09:24 - 01746032 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp
2014-05-17 09:22 - 2014-05-17 09:56 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\systweak
2014-05-17 09:22 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) C:\Windows\system32\roboot64.exe
2014-05-17 09:21 - 2014-05-17 09:55 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-05-17 09:19 - 2014-05-19 01:08 - 00000000 ____D () C:\Program Files\003
2014-05-17 09:19 - 2014-05-17 09:57 - 00000000 ____D () C:\ProgramData\WPM
2014-05-17 09:19 - 2014-05-17 09:19 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\SupTab
2014-05-17 09:19 - 2014-05-17 09:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-17 09:19 - 2014-05-17 09:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-17 09:18 - 2014-05-17 09:18 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\qone8
2014-05-14 22:55 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:55 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:55 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:55 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:55 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:55 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 11:42 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 11:42 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 11:42 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 11:42 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 11:42 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 11:42 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 11:42 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 11:42 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 11:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 11:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 11:42 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 11:42 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 11:42 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 11:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 11:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 11:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 11:42 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-08 19:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-08 19:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-08 19:10 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-08 19:10 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-08 19:10 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-08 19:10 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-08 19:10 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-08 19:10 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-08 19:10 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-08 19:10 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-08 19:10 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-08 19:10 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-08 19:10 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-08 19:10 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-08 19:10 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-08 19:10 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-08 19:10 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-08 19:10 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-07 20:57 - 2014-05-08 19:09 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-07 20:57 - 2014-05-08 19:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-07 20:57 - 2014-05-08 19:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-07 20:57 - 2014-05-08 19:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-07 20:12 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-07 20:12 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-07 03:00 - 2014-05-15 11:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 11:48 - 2014-05-01 11:48 - 00001539 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-01 11:48 - 2014-05-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 11:47 - 2014-05-01 11:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-26 21:43 - 2014-05-17 21:20 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Unity
2014-04-26 21:42 - 2014-05-17 21:20 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Deployment
2014-04-26 21:42 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Apps\2.0
2014-04-23 15:55 - 2014-04-23 15:55 - 142303580 _____ () C:\Users\Sylvia Schmidt\Documents\Arabic House Music 2014 Free Down.mp4
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieUserList
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieSiteList
2014-04-23 14:38 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 14:38 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 14:38 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 14:38 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 14:38 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 14:38 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 14:38 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 14:38 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 14:38 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 14:38 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 14:38 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 14:38 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 14:38 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 14:38 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 14:38 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 14:38 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 14:38 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 14:38 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 14:38 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 14:38 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 14:38 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 14:38 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 14:38 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 14:38 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 14:38 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 14:37 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 14:37 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 14:37 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 14:37 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 14:37 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 14:37 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 14:37 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 14:37 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 14:37 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 14:37 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 14:37 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 14:37 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 14:37 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 14:37 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 14:37 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 14:37 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 14:37 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 14:37 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 14:37 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-19 10:00 - 2014-05-14 21:26 - 00001053 _____ () C:\Users\Sylvia Schmidt\Desktop\Knöchellänge Einfache Chiffon V Ausschnitt Schwarzes Kleid.website

==================== One Month Modified Files and Folders =======

2014-05-19 22:11 - 2014-05-19 22:10 - 00019722 _____ () C:\Users\Sylvia Schmidt\Desktop\FRST.txt
2014-05-19 22:10 - 2014-05-19 22:10 - 00000000 ____D () C:\FRST
2014-05-19 22:08 - 2014-05-19 22:08 - 02067456 _____ (Farbar) C:\Users\Sylvia Schmidt\Desktop\FRST64.exe
2014-05-19 22:08 - 2014-05-19 22:07 - 00000490 _____ () C:\Users\Sylvia Schmidt\Desktop\defogger_disable.log
2014-05-19 22:07 - 2014-05-19 22:07 - 00000000 _____ () C:\Users\Sylvia Schmidt\defogger_reenable
2014-05-19 22:07 - 2013-02-15 23:22 - 00000000 ____D () C:\Users\Sylvia Schmidt
2014-05-19 22:04 - 2014-05-19 22:04 - 00050477 _____ () C:\Users\Sylvia Schmidt\Desktop\Defogger.exe
2014-05-19 21:56 - 2014-05-19 21:32 - 01315424 _____ () C:\Users\Sylvia Schmidt\Desktop\OpenDocument Text (neu) (2).odt
2014-05-19 21:55 - 2013-02-16 15:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-19 21:42 - 2014-05-18 22:14 - 00000000 ____D () C:\Program Files\CouponDownloader
2014-05-19 21:12 - 2011-11-02 12:16 - 01713370 _____ () C:\Windows\WindowsUpdate.log
2014-05-19 20:45 - 2014-05-18 21:17 - 00000514 _____ () C:\Users\Sylvia Schmidt\Desktop\Trojaner-Board - Viren und Trojaner entfernen - kostenlos.website
2014-05-19 16:00 - 2013-02-15 23:23 - 00003520 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-19 16:00 - 2013-02-15 23:23 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-19 16:00 - 2013-02-15 23:23 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-19 01:08 - 2014-05-17 09:33 - 00000000 ____D () C:\Program Files\004
2014-05-19 01:08 - 2014-05-17 09:19 - 00000000 ____D () C:\Program Files\003
2014-05-19 01:08 - 2014-02-04 18:06 - 00000000 ____D () C:\ProgramData\Updater
2014-05-18 22:14 - 2014-05-18 22:14 - 00000000 ____D () C:\Program Files (x86)\Coupon Downloader
2014-05-18 21:49 - 2014-05-18 21:49 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-18 18:39 - 2013-02-16 18:55 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\vlc
2014-05-18 15:08 - 2013-02-16 11:44 - 00000000 ____D () C:\ldiag
2014-05-18 07:22 - 2011-11-02 12:48 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-17 22:27 - 2014-05-17 21:13 - 00000392 _____ () C:\Windows\setupact.log
2014-05-17 21:36 - 2013-02-16 00:10 - 00000547 _____ () C:\Users\Sylvia Schmidt\Desktop\Facebook.website
2014-05-17 21:20 - 2014-04-26 21:43 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Unity
2014-05-17 21:20 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Deployment
2014-05-17 21:13 - 2014-05-17 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 11:53 - 2013-05-05 19:26 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Facebook
2014-05-17 10:16 - 2013-02-16 00:35 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\UseNeXT
2014-05-17 10:09 - 2013-02-16 00:35 - 00000000 ____D () C:\Users\Sylvia Schmidt\Documents\UseNeXT
2014-05-17 10:03 - 2013-05-05 21:58 - 00000000 ____D () C:\Program Files (x86)\Titanic - Schluessel der Vergangenheit
2014-05-17 09:57 - 2014-05-17 09:19 - 00000000 ____D () C:\ProgramData\WPM
2014-05-17 09:56 - 2014-05-17 09:22 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\systweak
2014-05-17 09:55 - 2014-05-17 09:21 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-05-17 09:55 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-17 09:55 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-17 09:51 - 2011-11-02 20:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-17 09:51 - 2011-11-02 20:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-17 09:51 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-17 09:46 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-17 09:44 - 2013-02-15 23:27 - 00000000 ___RD () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 09:34 - 2014-05-17 09:34 - 00000000 ____D () C:\Program Files (x86)\Settings Manager
2014-05-17 09:25 - 2014-05-17 09:25 - 00000322 _____ () C:\Users\Sylvia Schmidt\AppData\Roaming\aps.uninstall.scan.results
2014-05-17 09:24 - 2014-05-17 09:24 - 01746032 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp
2014-05-17 09:19 - 2014-05-17 09:19 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\SupTab
2014-05-17 09:19 - 2014-05-17 09:19 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-17 09:19 - 2014-05-17 09:19 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-17 09:18 - 2014-05-17 09:18 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\qone8
2014-05-17 09:18 - 2013-02-15 23:27 - 00002498 _____ () C:\Users\Sylvia Schmidt\Desktop\Internet.lnk
2014-05-17 09:18 - 2013-02-15 23:27 - 00001648 _____ () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-17 07:59 - 2014-01-13 05:13 - 00000000 ____D () C:\Users\Sylvia Schmidt\Desktop\Bilder1
2014-05-15 11:30 - 2013-02-16 17:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 11:24 - 2013-02-15 23:27 - 00000000 ___RD () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:21 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 22:54 - 2013-10-06 20:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:53 - 2013-02-16 11:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:26 - 2014-04-19 10:00 - 00001053 _____ () C:\Users\Sylvia Schmidt\Desktop\Knöchellänge Einfache Chiffon V Ausschnitt Schwarzes Kleid.website
2014-05-14 11:55 - 2013-02-16 15:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:55 - 2013-02-16 15:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:55 - 2013-02-16 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-12 17:03 - 2014-05-17 09:33 - 01728484 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\AnyProtectScannerSetup.exe
2014-05-09 08:14 - 2014-05-14 11:42 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 11:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:12 - 2011-11-02 12:48 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 19:12 - 2011-11-02 12:48 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 19:09 - 2014-05-07 20:57 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-08 19:09 - 2014-05-07 20:57 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-08 19:09 - 2014-05-07 20:57 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-08 19:09 - 2011-11-02 12:27 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-08 19:08 - 2014-05-07 20:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-08 00:45 - 2011-11-02 12:48 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 00:45 - 2011-11-02 12:48 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 20:35 - 2013-02-16 00:10 - 00000448 _____ () C:\Users\Sylvia Schmidt\Desktop\Yahoo!.website
2014-05-06 06:40 - 2014-05-14 22:55 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:55 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:55 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:55 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 13:25 - 2014-04-06 23:00 - 00000569 _____ () C:\Users\Sylvia Schmidt\Desktop\Bodendecker - Pflanzenschleuder.website
2014-05-01 17:24 - 2013-02-16 22:38 - 00000625 _____ () C:\Users\Sylvia Schmidt\Desktop\Google Übersetzer.website
2014-05-01 11:48 - 2014-05-01 11:48 - 00001539 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-01 11:48 - 2014-05-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 11:48 - 2014-05-01 11:47 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-01 11:47 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\DVDVideoSoft
2014-04-28 18:14 - 2013-02-15 23:23 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-04-27 12:56 - 2013-02-15 23:23 - 00004260 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-04-26 21:42 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Apps\2.0
2014-04-25 14:49 - 2014-05-17 09:22 - 00020312 _____ (Systweak Inc., (Systweak - Download Software utilities for Windows optimization, Scan & Clean Spyware for Free)) C:\Windows\system32\roboot64.exe
2014-04-23 15:55 - 2014-04-23 15:55 - 142303580 _____ () C:\Users\Sylvia Schmidt\Documents\Arabic House Music 2014 Free Down.mp4
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieUserList
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieSiteList
2014-04-23 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 22:17 - 2014-02-09 12:47 - 00000631 _____ () C:\Users\Sylvia Schmidt\Desktop\Sixx.website

Some content of TEMP:
====================
C:\Users\Sylvia Schmidt\AppData\Local\Temp\avgnt.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsi31ED.tmp.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsiDDD2.tmp.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsq9C50.tmp.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nss144E.tmp.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\setup{6077ED47-2AB2-4114-B22C-FE51C9D0821B}.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 11:42] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 03:42

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014
Ran by Sylvia Schmidt at 2014-05-19 22:11:29
Running from C:\Users\Sylvia Schmidt\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 6.67.05 - )
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.2.286 - Avira)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2200 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
CouponDownloader (Version: 1.0.0.0 - CouponDownloader) Hidden <==== ATTENTION
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2476 - Intel Corporation)
IP Camera Tool (HKLM-x32\...\{0C141E39-BFED-40B3-ADA2-C58A6DC055E5}) (Version: 1.00.0000 - IP Camera Tool)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.10 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo SimpleTap (HKLM\...\{39969C3E-B297-41E5-9A7B-E252B504B21B}) (Version: 2.1.0003.00 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.05.0009 - Lenovo)
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5849.23 - PC-Doctor, Inc.)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0008.00 - Ihr Firmenname)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0005.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
RadioRage Internet Explorer Toolbar (HKLM-x32\...\RadioRage_4jbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
RapidBoot (HKLM\...\{5E2652DF-743F-482B-A593-C95F431A5769}) (Version: 1.11 - Lenovo)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2200 - Broadcom Corporation)
ThinkPad Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.63 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.8 - REALTEK Semiconductor Corp.)
ThinkVantage AutoLock (HKLM\...\{E224B44B-B5EB-4af3-A80A-A255358E241A}_is1) (Version: 1.03 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 2.07 - Lenovo)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.75 - Lenovo)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version:  - Tangysoft Ltd.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Intel (iaStor) hdc  (11/06/2010 10.1.0.1008) (HKLM\...\73C6BE3E3B6FC5418F2B47E6C75F6C8F9552DC12) (Version: 11/06/2010 10.1.0.1008 - Intel)
Windows-Treiberpaket - Lenovo 1.64.00.00 (07/28/2011 1.64.00.00) (HKLM\...\01E3B64834B04ABAC85D8E1D3EBDC567D83AD29B) (Version: 07/28/2011 1.64.00.00 - Lenovo)
Windows-Treiberpaket - Realtek (RTL8167) Net  (12/29/2010 7.037.1229.2010) (HKLM\...\828B05D2B647CDAEA22493F7BFB96847265EE596) (Version: 12/29/2010 7.037.1229.2010 - Realtek)
Windows-Treiberpaket - Synaptics (SynTP) Mouse  (05/19/2011 15.3.8.0) (HKLM\...\DDD8A532E361E9A878EBEF69C338B306810DF059) (Version: 05/19/2011 15.3.8.0 - Synaptics)
YTD Video Downloader 4.7.4 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.4 - GreenTree Applications SRL)

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {044B360F-627E-45D5-85F3-D4CF4F67F63F} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {092857AD-4C6E-4AE2-B112-331DC09BDD57} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {22398AAE-1A1D-45DA-9BDF-1445B7F68A36} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: {2899F878-B072-44F3-BB49-643061CA1F0D} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {2CDCC13F-6A9D-4BC4-B7B9-E376B0C700C7} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {46B27546-44C2-44BC-9983-1CF967643EAB} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-27] ()
Task: {4D76A292-3957-47BC-8805-F9F18EB6F31E} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)
Task: {5AF33FE1-9C02-4DE4-A104-63E26D67AC16} - System32\Tasks\Funmoods => C:\Users\SYLVIA~1\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {679FFA71-D2C0-4370-B2A1-6DF53590A6F6} - System32\Tasks\{D2395776-27D3-470C-8A8A-6A41950CC756} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.13.0.104/de/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {6B0896FF-C929-4250-8CD8-2A7EFEF1415B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)
Task: {7F723099-05F0-4915-94CD-E0C3B847D2F7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {83BA2FA2-3300-42C3-818E-23C98ABCD6C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {911955CB-E2BF-4A8F-B295-B7E27AE34D49} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2014-02-21] ()
Task: {A991EE77-102D-4EA1-A09E-F7837DE481A9} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {AC7BC19D-80D3-476E-9A16-50CEDAC35395} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {B5ED5202-F6BA-4E4B-BA7E-EF08D46AF640} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2011-08-31] (Lenovo Group Limited)
Task: {B6B17BCD-49E6-4D9D-A72F-3EF89D960F86} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {B8FC5F1F-38CE-489D-BCE1-5E3D0C9845CC} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()
Task: {C32AD053-AAF9-4D79-8F5E-A5377983C2CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {DB5047FF-204E-4469-A8C0-E32BB03DFAAE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-02] (Google Inc.)
Task: {DCBC80D0-DAF9-4DE6-AECC-62980CFDEE1C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {F8206E8E-69F0-45BB-ACDA-CE3EF39CE22B} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files (x86)\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-01-21] (Microsoft)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 12:37 - 2011-08-31 20:03 - 00055808 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2014-05-01 14:37 - 2014-05-01 14:37 - 00172544 _____ () c:\Program Files\CouponDownloader\CouponDownloaderService64.exe
2014-03-04 14:25 - 2014-03-04 14:25 - 00110080 _____ () c:\Program Files\CouponDownloader\nfapi.dll
2014-03-04 14:25 - 2014-03-04 14:25 - 00317952 _____ () c:\Program Files\CouponDownloader\ProtocolFilters.dll
2013-02-15 23:59 - 2013-02-15 23:58 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2012-08-10 17:51 - 2012-08-10 17:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2012-08-10 17:50 - 2012-08-10 17:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:AD022376
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Facebook.website:TASKICON_0news964078814
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Facebook.website:TASKICON_1messages523453257
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Facebook.website:TASKICON_2events-954496249
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Facebook.website:TASKICON_3friends2073392651
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Yahoo!.website:TASKICON_0favicon-2079221766
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Yahoo!.website:TASKICON_1favicon1313128964
AlternateDataStreams: C:\Users\Sylvia Schmidt\Desktop\Yahoo!.website:TASKICON_2favicon-2092717923

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/19/2014 10:11:31 PM) (Source: VSS) (EventID: 12292) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (05/19/2014 10:11:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} und dem Namen "SW_PROV" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (05/19/2014 10:10:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 10:03:15 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 10:03:12 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 09:56:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 09:32:37 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 09:32:24 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 09:32:10 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.

Error: (05/19/2014 09:04:00 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: Fehler beim Erstellen des neuen Suchindex durch Windows Search. Interner Fehler <1, 0x800700b7, Fehler beim Hinzufügen der Gatherer-Anwendung: Windows>.


System errors:
=============
Error: (05/19/2014 10:10:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 126 Mal passiert.

Error: (05/19/2014 10:10:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (05/19/2014 10:03:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 125 Mal passiert.

Error: (05/19/2014 10:03:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (05/19/2014 10:03:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 124 Mal passiert.

Error: (05/19/2014 10:03:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (05/19/2014 09:56:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 123 Mal passiert.

Error: (05/19/2014 09:56:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183

Error: (05/19/2014 09:32:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 122 Mal passiert.

Error: (05/19/2014 09:32:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%183


Microsoft Office Sessions:
=========================
Error: (05/19/2014 10:11:31 PM) (Source: VSS) (EventID: 12292) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (05/19/2014 10:11:31 PM) (Source: VSS) (EventID: 13) (User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (05/19/2014 10:10:45 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 10:03:15 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 10:03:12 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 09:56:42 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 09:32:37 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 09:32:24 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 09:32:10 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows

Error: (05/19/2014 09:04:00 PM) (Source: Windows Search Service) (EventID: 1006) (User: )
Description: 10x800700b7Fehler beim Hinzufügen der Gatherer-Anwendung: Windows


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 4007.23 MB
Available physical RAM: 1914.07 MB
Total Pagefile: 8012.65 MB
Available Pagefile: 5751.67 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:452.58 GB) (Free:216.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:2.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 618FB9E4)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

GMER Logfile:
Code:
GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-05-19 22:28:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\SYLVIA~1\AppData\Local\Temp\kwroqpog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                                                            fffff80002fb5000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                                                            fffff80002fb502f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                0000000075401465 2 bytes [40, 75]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[3096] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                              00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\ProgramData\Updater\updater.exe[3528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                                              0000000075401465 2 bytes [40, 75]
.text    C:\ProgramData\Updater\updater.exe[3528] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                                              00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000075401465 2 bytes [40, 75]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                      00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                      0000000075401465 2 bytes [40, 75]
.text    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                    00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                      0000000075401465 2 bytes [40, 75]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe[4292] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[62376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                          0000000075401465 2 bytes [40, 75]
.text    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE[62376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                          00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[81272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      0000000075401465 2 bytes [40, 75]
.text    C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe[81272] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                    00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
.text    C:\Users\SYLVIA~1\AppData\Local\Temp\setup{6077ED47-2AB2-4114-B22C-FE51C9D0821B}.exe[85740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                            0000000075401465 2 bytes [40, 75]
.text    C:\Users\SYLVIA~1\AppData\Local\Temp\setup{6077ED47-2AB2-4114-B22C-FE51C9D0821B}.exe[85740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000754014bb 2 bytes [40, 75]
.text    ...                                                                                                                                                                                                                            * 2
---- Processes - GMER 2.1 ----

Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\system32\wininit.exe [536]                                                                                                  000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\system32\services.exe [596]                                                                                                000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\system32\winlogon.exe [624]                                                                                                000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [784]                                                                                                  000007fefcc30000
Library  c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{394D10DA-01BA-44E4-B62C-838289F257F9}\offreg.dll (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [1000](2014-05-19 17:09:04)  000007fef9f80000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [976]                                                                                                  000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1044]                                                                                                000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1088]                                                                                                000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\ProgramData\IePluginService\PluginService.exe [1412]                                                                                    000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1696]                                                                              000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [1896]                                                                                          000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [1944]                                                                                    000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2004]                                                                            000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2288]                                                                                          000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [2380]                                                                                    000007fefcc30000
Library  C:\Program Files\004\rqpbhevlkc64.exe (*** suspicious ***) @ C:\Program Files\004\rqpbhevlkc64.exe [2544]                                                                                                                      000000013f0e0000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Windows\Explorer.EXE [2936]                                                                                                        000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3056]                                                                                  000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\ProgramData\Updater\updater.exe [3528]                                                                                                  000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [3884]                                                                        000000006bb20000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe [4876]                                                                              000000006bb20000
Library  C:\Program Files\003\vxlsnyaiet64.exe (*** suspicious ***) @ C:\Program Files\003\vxlsnyaiet64.exe [4596]                                                                                                                      000000013f4c0000
Library  C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [4224]                                                        000007fefcc30000
Library  C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll (*** suspicious ***) @ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [604]                                                                                000000006bb20000

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\60d819bb2d39                                                                                                                                                   
Reg      HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\60d819bb2d39 (not active ControlSet)                                                                                                                               

---- Disk sectors - GMER 2.1 ----

Disk      \Device\Harddisk0\DR0                                                                                                                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
--- --- ---

Mit Mühe hat es doch geklappt, wobei Qone8 mich immer versucht umzulenken. Der Computerstart dauert fast 10 Minuten ..... Ich hoffe nun auf Hilfe und werde geduldig warten. Danke

schrauber 20.05.2014 05:56
hi,

Adware & Co. deinstallieren

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

huhuhu 20.05.2014 22:29
Mein Rechner spinnt total kann ihn teilweise nicht hochfahren, er hängt einfach. Ich hatte vergangene Nacht noch Malwarebyte drüber laufen lassen. Ich arbeite jetzt mal soweit ab wie ich es schaffe. Danke schonmal ...

Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Suchlauf Datum: 20.05.2014
Suchlauf-Zeit: 22:47:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.20.10
Rootkit Datenbank: v2014.03.27.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sylvia Schmidt

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 262090
Verstrichene Zeit: 12 Min, 44 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Shuriken: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 2
PUP.Optional.MindSpark.A, HKU\S-1-5-21-9339577-2972830039-1014465289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{3c35ad63-af1d-4e21-b484-b6651a8efcf9}, In Quarantäne, [eac0da792e4d8fa78e584dda4db5c13f],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-9339577-2972830039-1014465289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}, In Quarantäne, [eac0da792e4d8fa78e584dda4db5c13f],

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

AdwCleaner Logfile:
Code:
# AdwCleaner v3.210 - Bericht erstellt am 20/05/2014 um 22:54:39
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sylvia Schmidt - SYLVIASCHMIDT
# Gestartet von : C:\Users\Sylvia Schmidt\Desktop\adwcleaner_3.210.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Websteroids
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\sizlsearch
Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\SYLVIA~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\LocalLow\RadioRage_4j
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\Funmoods
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\qone8
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com
Datei Gelöscht : C:\Users\Sylvia Schmidt\AppData\Local\AnyProtectScannerSetup.exe
Datei Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Funmoods

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Sylvia Schmidt\Desktop\Internet.lnk
Verknüpfung Desinfiziert : C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lbbbdmbjkgojacipgefbifkiebpcdjhn
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Movie2KDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hear_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hear_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5E5E0B49-1A81-4ACC-BD6B-FF5F4EFEF01A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44DB423D-A0DB-4664-9477-CCDCEB7CD666}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B5731AB1-8566-4441-AEFB-9AFB2EEA63D9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DynConIE
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RadioRage_4j
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\SystemK
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\526AB318AF0B8D84B9579557C9882C91
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ Datei : C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


*************************

AdwCleaner[R0].txt - [11582 octets] - [20/05/2014 22:54:01]
AdwCleaner[S0].txt - [9621 octets] - [20/05/2014 22:54:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9681 octets] ##########
--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sylvia Schmidt on 20.05.2014 at 23:17:04,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C35AD63-AF1D-4E21-B484-B6651A8EFCF9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\free video converter"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Sylvia Schmidt\appdata\local\{7B6C010F-FA69-4B10-A560-8F84583AEAD5}
Successfully deleted: [Empty Folder] C:\Users\Sylvia Schmidt\appdata\local\{AED5E591-CD68-480B-B9DA-6531873DE98B}
Successfully deleted: [Empty Folder] C:\Users\Sylvia Schmidt\appdata\local\{CC4F250E-DBD4-4A0F-B52E-99170AF9C4DE}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.05.2014 at 23:24:55,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Sylvia Schmidt (administrator) on SYLVIASCHMIDT on 20-05-2014 23:27:47
Running from C:\Users\Sylvia Schmidt\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Thisisu) C:\Users\Sylvia Schmidt\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
Startup: C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo laptops - ThinkPads & IdeaPad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=12565&tm=350&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=12565&tm=350&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sylvia Schmidt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-02-05]
FF Extension: M2k Downloader - C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi [2013-04-08]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 23:24 - 2014-05-20 23:24 - 00001340 _____ () C:\Users\Sylvia Schmidt\Desktop\JRT.txt
2014-05-20 23:15 - 2014-05-20 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 23:14 - 2014-05-20 23:14 - 01016261 _____ (Thisisu) C:\Users\Sylvia Schmidt\Desktop\JRT.exe
2014-05-20 22:53 - 2014-05-20 22:54 - 00000000 ____D () C:\AdwCleaner
2014-05-20 22:52 - 2014-05-20 22:52 - 01326389 _____ () C:\Users\Sylvia Schmidt\Desktop\adwcleaner_3.210.exe
2014-05-20 22:48 - 2014-05-20 22:48 - 00001651 _____ () C:\Users\Sylvia Schmidt\Desktop\mbam.txt
2014-05-20 22:24 - 2014-05-20 22:24 - 00001271 _____ () C:\Users\Sylvia Schmidt\Desktop\Revo Uninstaller.lnk
2014-05-20 22:24 - 2014-05-20 22:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-19 23:18 - 2014-05-20 22:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 23:18 - 2014-05-19 23:18 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 23:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 23:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 23:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 22:37 - 2014-05-20 22:57 - 00204378 _____ () C:\Windows\PFRO.log
2014-05-19 22:28 - 2014-05-19 22:28 - 00014031 _____ () C:\Users\Sylvia Schmidt\Desktop\Gmer.txt
2014-05-19 22:15 - 2014-05-19 22:15 - 00380416 _____ () C:\Users\Sylvia Schmidt\Desktop\Gmer-19357.exe
2014-05-19 22:10 - 2014-05-20 23:27 - 00012766 _____ () C:\Users\Sylvia Schmidt\Desktop\FRST.txt
2014-05-19 22:10 - 2014-05-20 23:27 - 00000000 ____D () C:\FRST
2014-05-19 22:08 - 2014-05-19 22:08 - 02067456 _____ (Farbar) C:\Users\Sylvia Schmidt\Desktop\FRST64.exe
2014-05-19 22:07 - 2014-05-19 22:08 - 00000490 _____ () C:\Users\Sylvia Schmidt\Desktop\defogger_disable.log
2014-05-19 22:07 - 2014-05-19 22:07 - 00000000 _____ () C:\Users\Sylvia Schmidt\defogger_reenable
2014-05-19 22:04 - 2014-05-19 22:04 - 00050477 _____ () C:\Users\Sylvia Schmidt\Desktop\Defogger.exe
2014-05-19 21:32 - 2014-05-19 21:56 - 01315424 _____ () C:\Users\Sylvia Schmidt\Desktop\OpenDocument Text (neu) (2).odt
2014-05-18 21:17 - 2014-05-20 23:25 - 00000514 _____ () C:\Users\Sylvia Schmidt\Desktop\Trojaner-Board - Viren und Trojaner entfernen - kostenlos.website
2014-05-17 21:13 - 2014-05-20 22:57 - 00000560 _____ () C:\Windows\setupact.log
2014-05-17 21:13 - 2014-05-17 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:33 - 2014-05-19 01:08 - 00000000 ____D () C:\Program Files\004
2014-05-17 09:24 - 2014-05-17 09:24 - 01746032 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp
2014-05-14 22:55 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:55 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:55 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:55 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:55 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:55 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 11:42 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 11:42 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 11:42 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 11:42 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 11:42 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 11:42 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 11:42 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 11:42 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 11:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 11:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 11:42 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 11:42 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 11:42 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 11:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 11:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 11:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 11:42 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-08 19:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-08 19:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-08 19:10 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-08 19:10 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-08 19:10 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-08 19:10 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-08 19:10 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-08 19:10 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-08 19:10 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-08 19:10 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-08 19:10 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-08 19:10 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-08 19:10 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-08 19:10 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-08 19:10 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-08 19:10 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-08 19:10 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-08 19:10 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-07 20:57 - 2014-05-08 19:09 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-07 20:57 - 2014-05-08 19:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-07 20:57 - 2014-05-08 19:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-07 20:57 - 2014-05-08 19:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-07 20:12 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-07 20:12 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-07 03:00 - 2014-05-15 11:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 11:48 - 2014-05-01 11:48 - 00001539 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-01 11:48 - 2014-05-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 11:47 - 2014-05-01 11:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-26 21:43 - 2014-05-17 21:20 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Unity
2014-04-26 21:42 - 2014-05-17 21:20 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Deployment
2014-04-26 21:42 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Apps\2.0
2014-04-23 15:55 - 2014-04-23 15:55 - 142303580 _____ () C:\Users\Sylvia Schmidt\Documents\Arabic House Music 2014 Free Down.mp4
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieUserList
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieSiteList
2014-04-23 14:38 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 14:38 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 14:38 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 14:38 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 14:38 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 14:38 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 14:38 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 14:38 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 14:38 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 14:38 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 14:38 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 14:38 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 14:38 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 14:38 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 14:38 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 14:38 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 14:38 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 14:38 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 14:38 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 14:38 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 14:38 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 14:38 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 14:38 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 14:38 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 14:38 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 14:37 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 14:37 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 14:37 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 14:37 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 14:37 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 14:37 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 14:37 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 14:37 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 14:37 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 14:37 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 14:37 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 14:37 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 14:37 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 14:37 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 14:37 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 14:37 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 14:37 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 14:37 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 14:37 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-20 23:28 - 2014-05-19 22:10 - 00012766 _____ () C:\Users\Sylvia Schmidt\Desktop\FRST.txt
2014-05-20 23:27 - 2014-05-19 22:10 - 00000000 ____D () C:\FRST
2014-05-20 23:25 - 2014-05-18 21:17 - 00000514 _____ () C:\Users\Sylvia Schmidt\Desktop\Trojaner-Board - Viren und Trojaner entfernen - kostenlos.website
2014-05-20 23:24 - 2014-05-20 23:24 - 00001340 _____ () C:\Users\Sylvia Schmidt\Desktop\JRT.txt
2014-05-20 23:15 - 2014-05-20 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 23:14 - 2014-05-20 23:14 - 01016261 _____ (Thisisu) C:\Users\Sylvia Schmidt\Desktop\JRT.exe
2014-05-20 23:05 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-20 23:05 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-20 23:04 - 2011-11-02 20:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-20 23:04 - 2011-11-02 20:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-20 23:04 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-20 23:02 - 2011-11-02 12:16 - 01766464 _____ () C:\Windows\WindowsUpdate.log
2014-05-20 22:59 - 2014-05-19 23:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-20 22:57 - 2014-05-19 22:37 - 00204378 _____ () C:\Windows\PFRO.log
2014-05-20 22:57 - 2014-05-17 21:13 - 00000560 _____ () C:\Windows\setupact.log
2014-05-20 22:57 - 2013-02-15 23:23 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-20 22:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 22:55 - 2013-02-16 15:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-20 22:54 - 2014-05-20 22:53 - 00000000 ____D () C:\AdwCleaner
2014-05-20 22:54 - 2013-02-15 23:27 - 00001024 _____ () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-20 22:54 - 2013-02-15 23:27 - 00000994 _____ () C:\Users\Sylvia Schmidt\Desktop\Internet.lnk
2014-05-20 22:52 - 2014-05-20 22:52 - 01326389 _____ () C:\Users\Sylvia Schmidt\Desktop\adwcleaner_3.210.exe
2014-05-20 22:48 - 2014-05-20 22:48 - 00001651 _____ () C:\Users\Sylvia Schmidt\Desktop\mbam.txt
2014-05-20 22:30 - 2013-02-15 23:23 - 00003520 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-20 22:30 - 2013-02-15 23:23 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-20 22:24 - 2014-05-20 22:24 - 00001271 _____ () C:\Users\Sylvia Schmidt\Desktop\Revo Uninstaller.lnk
2014-05-20 22:24 - 2014-05-20 22:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-19 23:37 - 2014-02-04 18:06 - 00000000 ____D () C:\ProgramData\Updater
2014-05-19 23:36 - 2011-02-15 11:42 - 00000000 ____D () C:\Windows\Panther
2014-05-19 23:18 - 2014-05-19 23:18 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 22:50 - 2011-11-02 12:48 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-19 22:28 - 2014-05-19 22:28 - 00014031 _____ () C:\Users\Sylvia Schmidt\Desktop\Gmer.txt
2014-05-19 22:15 - 2014-05-19 22:15 - 00380416 _____ () C:\Users\Sylvia Schmidt\Desktop\Gmer-19357.exe
2014-05-19 22:08 - 2014-05-19 22:08 - 02067456 _____ (Farbar) C:\Users\Sylvia Schmidt\Desktop\FRST64.exe
2014-05-19 22:08 - 2014-05-19 22:07 - 00000490 _____ () C:\Users\Sylvia Schmidt\Desktop\defogger_disable.log
2014-05-19 22:07 - 2014-05-19 22:07 - 00000000 _____ () C:\Users\Sylvia Schmidt\defogger_reenable
2014-05-19 22:07 - 2013-02-15 23:22 - 00000000 ____D () C:\Users\Sylvia Schmidt
2014-05-19 22:04 - 2014-05-19 22:04 - 00050477 _____ () C:\Users\Sylvia Schmidt\Desktop\Defogger.exe
2014-05-19 21:56 - 2014-05-19 21:32 - 01315424 _____ () C:\Users\Sylvia Schmidt\Desktop\OpenDocument Text (neu) (2).odt
2014-05-19 01:08 - 2014-05-17 09:33 - 00000000 ____D () C:\Program Files\004
2014-05-18 18:39 - 2013-02-16 18:55 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\vlc
2014-05-18 15:08 - 2013-02-16 11:44 - 00000000 ____D () C:\ldiag
2014-05-17 21:36 - 2013-02-16 00:10 - 00000547 _____ () C:\Users\Sylvia Schmidt\Desktop\Facebook.website
2014-05-17 21:20 - 2014-04-26 21:43 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Unity
2014-05-17 21:20 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Deployment
2014-05-17 21:13 - 2014-05-17 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 11:53 - 2013-05-05 19:26 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Facebook
2014-05-17 10:16 - 2013-02-16 00:35 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\UseNeXT
2014-05-17 10:09 - 2013-02-16 00:35 - 00000000 ____D () C:\Users\Sylvia Schmidt\Documents\UseNeXT
2014-05-17 10:03 - 2013-05-05 21:58 - 00000000 ____D () C:\Program Files (x86)\Titanic - Schluessel der Vergangenheit
2014-05-17 09:44 - 2013-02-15 23:27 - 00000000 ___RD () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 09:24 - 2014-05-17 09:24 - 01746032 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp
2014-05-17 07:59 - 2014-01-13 05:13 - 00000000 ____D () C:\Users\Sylvia Schmidt\Desktop\Bilder1
2014-05-15 11:30 - 2013-02-16 17:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 11:24 - 2013-02-15 23:27 - 00000000 ___RD () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:21 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 22:54 - 2013-10-06 20:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:53 - 2013-02-16 11:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:26 - 2014-04-19 10:00 - 00001053 _____ () C:\Users\Sylvia Schmidt\Desktop\Knöchellänge Einfache Chiffon V Ausschnitt Schwarzes Kleid.website
2014-05-14 11:55 - 2013-02-16 15:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:55 - 2013-02-16 15:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:55 - 2013-02-16 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-09 08:14 - 2014-05-14 11:42 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 11:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:12 - 2011-11-02 12:48 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 19:12 - 2011-11-02 12:48 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 19:09 - 2014-05-07 20:57 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-08 19:09 - 2014-05-07 20:57 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-08 19:09 - 2014-05-07 20:57 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-08 19:09 - 2011-11-02 12:27 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-08 19:08 - 2014-05-07 20:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-08 00:45 - 2011-11-02 12:48 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 00:45 - 2011-11-02 12:48 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 20:35 - 2013-02-16 00:10 - 00000448 _____ () C:\Users\Sylvia Schmidt\Desktop\Yahoo!.website
2014-05-06 06:40 - 2014-05-14 22:55 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:55 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:55 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:55 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 13:25 - 2014-04-06 23:00 - 00000569 _____ () C:\Users\Sylvia Schmidt\Desktop\Bodendecker - Pflanzenschleuder.website
2014-05-01 17:24 - 2013-02-16 22:38 - 00000625 _____ () C:\Users\Sylvia Schmidt\Desktop\Google Übersetzer.website
2014-05-01 11:48 - 2014-05-01 11:48 - 00001539 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-01 11:48 - 2014-05-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 11:48 - 2014-05-01 11:47 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-05-01 11:47 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\DVDVideoSoft
2014-04-28 18:14 - 2013-02-15 23:23 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-04-27 12:56 - 2013-02-15 23:23 - 00004260 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-04-26 21:42 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Apps\2.0
2014-04-23 15:55 - 2014-04-23 15:55 - 142303580 _____ () C:\Users\Sylvia Schmidt\Documents\Arabic House Music 2014 Free Down.mp4
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieUserList
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieSiteList
2014-04-23 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-20 22:17 - 2014-02-09 12:47 - 00000631 _____ () C:\Users\Sylvia Schmidt\Desktop\Sixx.website

Some content of TEMP:
====================
C:\Users\Sylvia Schmidt\AppData\Local\Temp\avgnt.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsiDDD2.tmp.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nss144E.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 11:42] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 03:42

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 21.05.2014 10:43

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

huhuhu 21.05.2014 22:41
Hallo,
ja Avira läßt sich nach wie vor nicht updaten. Es kommt immer eine Fehlermeldung auf englisch deren Inhalt ich mir nicht merken kann. Aber Computer läßt sich schon wieder normal starten. Mache jetzt erstmal die weiteren Schritte. Danke!

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7bc8d551bfdc8f4186eb2ac5a0a31eb7
# engine=18357
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-21 09:22:45
# local_time=2014-05-21 11:22:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 7566436 39745637 8288923 0
# compatibility_mode=5893 16776574 100 94 1327009 152337215 0 0
# scanned=144315
# found=8
# cleaned=0
# scan_time=3700
sh=18604C2FB56F21F16733FB88A3DA8F8A1635EB44 ft=1 fh=6b3d2c94b3e55b25 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sylvia Schmidt\AppData\Local\AnyProtectScannerSetup.exe.vir"
sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\SYLVIA~1\AppData\Local\Temp\OCS\ocs_v71a.exe.vir"
sh=398108E40F29E24D2C73989CEEEF6F27EB99BE4B ft=1 fh=32eec468cf56bbd2 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp"
sh=E184388DEC4513DB0D06601EEF64F89367499946 ft=1 fh=afd61d6a81a6d4f9 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sylvia Schmidt\AppData\Local\Temp\ICReinstall_nsb2C57.tmp"
sh=E184388DEC4513DB0D06601EEF64F89367499946 ft=1 fh=afd61d6a81a6d4f9 vn="Variante von Win32/InstallCore.OZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsb2C57.tmp"
sh=398108E40F29E24D2C73989CEEEF6F27EB99BE4B ft=1 fh=32eec468cf56bbd2 vn="Win32/AnyProtect.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsd74F7.tmp"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsn50CE.tmp\wajam_validate.exe"
sh=EBCAF0F000C3AEFC116F97AB30A00C8D6ACF434D ft=1 fh=08da89e280477535 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sylvia Schmidt\Downloads\CCleaner - CHIP-Downloader.exe"

Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Hier noch der neue FRST Log

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014
Ran by Sylvia Schmidt (administrator) on SYLVIASCHMIDT on 21-05-2014 23:39:51
Running from C:\Users\Sylvia Schmidt\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\mkrmsg.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-9339577-2972830039-1014465289-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1326408 2013-11-15] (Apple Inc.)
Startup: C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Lenovo laptops - ThinkPads & IdeaPad
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=12565&tm=350&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL = hxxp://www.default-search.net/search?sid=492&aid=103&itype=n&ver=12565&tm=350&src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2492} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Sylvia Schmidt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: No Name - C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2014-02-05]
FF Extension: M2k Downloader - C:\Users\Sylvia Schmidt\AppData\Roaming\Mozilla\Firefox\profiles\extensions\m2k@m2kdownloader.com.xpi [2013-04-08]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-23] (Avira Operations GmbH & Co. KG)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [61736 2014-02-28] (NetFilterSDK.com)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 REN2CAP_DRIVER; C:\Windows\System32\drivers\ren2cap.sys [46728 2011-11-07] ()
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-01-15] (Anchorfree Inc.)
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-21 23:39 - 2014-05-21 23:39 - 00013574 _____ () C:\Users\Sylvia Schmidt\Desktop\FRST.txt
2014-05-21 23:36 - 2014-05-21 23:36 - 00854367 _____ () C:\Users\Sylvia Schmidt\Desktop\SecurityCheck.exe
2014-05-21 22:09 - 2014-05-21 22:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-20 23:15 - 2014-05-20 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 23:14 - 2014-05-20 23:14 - 01016261 _____ (Thisisu) C:\Users\Sylvia Schmidt\Desktop\JRT.exe
2014-05-20 22:53 - 2014-05-20 22:54 - 00000000 ____D () C:\AdwCleaner
2014-05-20 22:52 - 2014-05-20 22:52 - 01326389 _____ () C:\Users\Sylvia Schmidt\Desktop\adwcleaner_3.210.exe
2014-05-20 22:24 - 2014-05-20 22:24 - 00001271 _____ () C:\Users\Sylvia Schmidt\Desktop\Revo Uninstaller.lnk
2014-05-20 22:24 - 2014-05-20 22:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-19 23:18 - 2014-05-21 21:52 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-19 23:18 - 2014-05-19 23:18 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 23:18 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-19 23:18 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-19 23:18 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-19 22:37 - 2014-05-20 22:57 - 00204378 _____ () C:\Windows\PFRO.log
2014-05-19 22:15 - 2014-05-19 22:15 - 00380416 _____ () C:\Users\Sylvia Schmidt\Desktop\Gmer-19357.exe
2014-05-19 22:10 - 2014-05-21 23:39 - 00000000 ____D () C:\FRST
2014-05-19 22:08 - 2014-05-19 22:08 - 02067456 _____ (Farbar) C:\Users\Sylvia Schmidt\Desktop\FRST64.exe
2014-05-19 22:07 - 2014-05-19 22:08 - 00000490 _____ () C:\Users\Sylvia Schmidt\Desktop\defogger_disable.log
2014-05-19 22:07 - 2014-05-19 22:07 - 00000000 _____ () C:\Users\Sylvia Schmidt\defogger_reenable
2014-05-19 22:04 - 2014-05-19 22:04 - 00050477 _____ () C:\Users\Sylvia Schmidt\Desktop\Defogger.exe
2014-05-18 21:17 - 2014-05-21 05:14 - 00000514 _____ () C:\Users\Sylvia Schmidt\Desktop\Trojaner-Board - Viren und Trojaner entfernen - kostenlos.website
2014-05-17 21:13 - 2014-05-21 05:09 - 00000616 _____ () C:\Windows\setupact.log
2014-05-17 21:13 - 2014-05-17 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 09:33 - 2014-05-19 01:08 - 00000000 ____D () C:\Program Files\004
2014-05-17 09:24 - 2014-05-17 09:24 - 01746032 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp
2014-05-14 22:55 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 22:55 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 22:55 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 22:55 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 22:55 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 22:55 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 11:42 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 11:42 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 11:42 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 11:42 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 11:42 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 11:42 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 11:42 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 11:42 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 11:42 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 11:42 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 11:42 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 11:42 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 11:42 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 11:42 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 11:42 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 11:42 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 11:42 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 11:42 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 11:42 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 11:42 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 11:42 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-08 19:24 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-08 19:24 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-08 19:10 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-08 19:10 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-08 19:10 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-08 19:10 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-08 19:10 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-08 19:10 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-08 19:10 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-08 19:10 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-08 19:10 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-08 19:10 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-08 19:10 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-08 19:10 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-08 19:10 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-08 19:10 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-08 19:10 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-08 19:10 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-07 20:57 - 2014-05-08 19:09 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-07 20:57 - 2014-05-08 19:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-07 20:57 - 2014-05-08 19:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-07 20:57 - 2014-05-08 19:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-07 20:12 - 2013-09-25 04:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-07 20:12 - 2013-09-25 03:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-07 03:00 - 2014-05-15 11:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-01 11:48 - 2014-05-01 11:48 - 00001539 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-01 11:48 - 2014-05-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 11:47 - 2014-05-01 11:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-26 21:43 - 2014-05-17 21:20 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Unity
2014-04-26 21:42 - 2014-05-17 21:20 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Deployment
2014-04-26 21:42 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Apps\2.0
2014-04-23 15:55 - 2014-04-23 15:55 - 142303580 _____ () C:\Users\Sylvia Schmidt\Documents\Arabic House Music 2014 Free Down.mp4
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieUserList
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieSiteList
2014-04-23 14:38 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-23 14:38 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-23 14:38 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-23 14:38 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-23 14:38 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-23 14:38 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-23 14:38 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-23 14:38 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-23 14:38 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-23 14:38 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-23 14:38 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-23 14:38 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-23 14:38 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-23 14:38 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-23 14:38 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-23 14:38 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-23 14:38 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-23 14:38 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-23 14:38 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-23 14:38 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-23 14:38 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-23 14:38 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-23 14:38 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-23 14:38 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-23 14:38 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-23 14:37 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-23 14:37 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-23 14:37 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-23 14:37 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-23 14:37 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-23 14:37 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-23 14:37 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-23 14:37 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-23 14:37 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-23 14:37 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-23 14:37 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-23 14:37 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-23 14:37 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-23 14:37 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-23 14:37 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-23 14:37 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-23 14:37 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-23 14:37 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-23 14:37 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

==================== One Month Modified Files and Folders =======

2014-05-21 23:40 - 2014-05-21 23:39 - 00013574 _____ () C:\Users\Sylvia Schmidt\Desktop\FRST.txt
2014-05-21 23:39 - 2014-05-19 22:10 - 00000000 ____D () C:\FRST
2014-05-21 23:36 - 2014-05-21 23:36 - 00854367 _____ () C:\Users\Sylvia Schmidt\Desktop\SecurityCheck.exe
2014-05-21 23:32 - 2014-02-09 20:45 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\DVDVideoSoft
2014-05-21 23:11 - 2013-02-16 00:35 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\UseNeXT
2014-05-21 23:10 - 2013-02-16 00:35 - 00000000 ____D () C:\Users\Sylvia Schmidt\Documents\UseNeXT
2014-05-21 23:04 - 2013-02-16 00:10 - 00000547 _____ () C:\Users\Sylvia Schmidt\Desktop\Facebook.website
2014-05-21 22:55 - 2013-02-16 15:53 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-21 22:17 - 2011-11-02 12:16 - 01782324 _____ () C:\Windows\WindowsUpdate.log
2014-05-21 22:09 - 2014-05-21 22:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-21 22:04 - 2013-02-15 23:23 - 00003520 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-05-21 22:04 - 2013-02-15 23:23 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-05-21 22:04 - 2013-02-15 23:23 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-05-21 21:55 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-21 21:55 - 2009-07-14 06:45 - 00024400 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-21 21:52 - 2014-05-19 23:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-21 05:14 - 2014-05-18 21:17 - 00000514 _____ () C:\Users\Sylvia Schmidt\Desktop\Trojaner-Board - Viren und Trojaner entfernen - kostenlos.website
2014-05-21 05:13 - 2011-11-02 20:57 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2014-05-21 05:13 - 2011-11-02 20:57 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2014-05-21 05:13 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-21 05:09 - 2014-05-17 21:13 - 00000616 _____ () C:\Windows\setupact.log
2014-05-21 05:09 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-20 23:15 - 2014-05-20 23:15 - 00000000 ____D () C:\Windows\ERUNT
2014-05-20 23:14 - 2014-05-20 23:14 - 01016261 _____ (Thisisu) C:\Users\Sylvia Schmidt\Desktop\JRT.exe
2014-05-20 22:57 - 2014-05-19 22:37 - 00204378 _____ () C:\Windows\PFRO.log
2014-05-20 22:54 - 2014-05-20 22:53 - 00000000 ____D () C:\AdwCleaner
2014-05-20 22:54 - 2013-02-15 23:27 - 00001024 _____ () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-20 22:54 - 2013-02-15 23:27 - 00000994 _____ () C:\Users\Sylvia Schmidt\Desktop\Internet.lnk
2014-05-20 22:52 - 2014-05-20 22:52 - 01326389 _____ () C:\Users\Sylvia Schmidt\Desktop\adwcleaner_3.210.exe
2014-05-20 22:24 - 2014-05-20 22:24 - 00001271 _____ () C:\Users\Sylvia Schmidt\Desktop\Revo Uninstaller.lnk
2014-05-20 22:24 - 2014-05-20 22:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-19 23:37 - 2014-02-04 18:06 - 00000000 ____D () C:\ProgramData\Updater
2014-05-19 23:36 - 2011-02-15 11:42 - 00000000 ____D () C:\Windows\Panther
2014-05-19 23:18 - 2014-05-19 23:18 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 23:18 - 2014-05-19 23:18 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-19 22:50 - 2011-11-02 12:48 - 00000000 ____D () C:\ProgramData\PCDr
2014-05-19 22:15 - 2014-05-19 22:15 - 00380416 _____ () C:\Users\Sylvia Schmidt\Desktop\Gmer-19357.exe
2014-05-19 22:08 - 2014-05-19 22:08 - 02067456 _____ (Farbar) C:\Users\Sylvia Schmidt\Desktop\FRST64.exe
2014-05-19 22:08 - 2014-05-19 22:07 - 00000490 _____ () C:\Users\Sylvia Schmidt\Desktop\defogger_disable.log
2014-05-19 22:07 - 2014-05-19 22:07 - 00000000 _____ () C:\Users\Sylvia Schmidt\defogger_reenable
2014-05-19 22:07 - 2013-02-15 23:22 - 00000000 ____D () C:\Users\Sylvia Schmidt
2014-05-19 22:04 - 2014-05-19 22:04 - 00050477 _____ () C:\Users\Sylvia Schmidt\Desktop\Defogger.exe
2014-05-19 01:08 - 2014-05-17 09:33 - 00000000 ____D () C:\Program Files\004
2014-05-18 18:39 - 2013-02-16 18:55 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Roaming\vlc
2014-05-18 15:08 - 2013-02-16 11:44 - 00000000 ____D () C:\ldiag
2014-05-17 21:20 - 2014-04-26 21:43 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Unity
2014-05-17 21:20 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Deployment
2014-05-17 21:13 - 2014-05-17 21:13 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-17 11:53 - 2013-05-05 19:26 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Facebook
2014-05-17 10:03 - 2013-05-05 21:58 - 00000000 ____D () C:\Program Files (x86)\Titanic - Schluessel der Vergangenheit
2014-05-17 09:44 - 2013-02-15 23:27 - 00000000 ___RD () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 09:24 - 2014-05-17 09:24 - 01746032 _____ (AnyProtect.com) C:\Users\Sylvia Schmidt\AppData\Local\nsd74F7.tmp
2014-05-17 07:59 - 2014-01-13 05:13 - 00000000 ____D () C:\Users\Sylvia Schmidt\Desktop\Bilder1
2014-05-15 11:30 - 2013-02-16 17:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-15 11:24 - 2013-02-15 23:27 - 00000000 ___RD () C:\Users\Sylvia Schmidt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 11:21 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 22:54 - 2013-10-06 20:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 22:53 - 2013-02-16 11:08 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 21:26 - 2014-04-19 10:00 - 00001053 _____ () C:\Users\Sylvia Schmidt\Desktop\Knöchellänge Einfache Chiffon V Ausschnitt Schwarzes Kleid.website
2014-05-14 11:55 - 2013-02-16 15:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 11:55 - 2013-02-16 15:53 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 11:55 - 2013-02-16 15:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-09 08:14 - 2014-05-14 11:42 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 11:42 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 19:12 - 2011-11-02 12:48 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 19:12 - 2011-11-02 12:48 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 19:09 - 2014-05-07 20:57 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-08 19:09 - 2014-05-07 20:57 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-08 19:09 - 2014-05-07 20:57 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-08 19:09 - 2011-11-02 12:27 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-08 19:08 - 2014-05-07 20:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-08 00:45 - 2011-11-02 12:48 - 00004122 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-08 00:45 - 2011-11-02 12:48 - 00003870 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 20:35 - 2013-02-16 00:10 - 00000448 _____ () C:\Users\Sylvia Schmidt\Desktop\Yahoo!.website
2014-05-06 06:40 - 2014-05-14 22:55 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 22:55 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 22:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 22:55 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 22:55 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 13:25 - 2014-04-06 23:00 - 00000569 _____ () C:\Users\Sylvia Schmidt\Desktop\Bodendecker - Pflanzenschleuder.website
2014-05-01 17:24 - 2013-02-16 22:38 - 00000625 _____ () C:\Users\Sylvia Schmidt\Desktop\Google Übersetzer.website
2014-05-01 11:48 - 2014-05-01 11:48 - 00001539 _____ () C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2014-05-01 11:48 - 2014-05-01 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-05-01 11:48 - 2014-05-01 11:47 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-28 18:14 - 2013-02-15 23:23 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-04-27 12:56 - 2013-02-15 23:23 - 00004260 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-04-26 21:42 - 2014-04-26 21:42 - 00000000 ____D () C:\Users\Sylvia Schmidt\AppData\Local\Apps\2.0
2014-04-23 15:55 - 2014-04-23 15:55 - 142303580 _____ () C:\Users\Sylvia Schmidt\Documents\Arabic House Music 2014 Free Down.mp4
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieUserList
2014-04-23 15:08 - 2014-04-23 15:08 - 00000000 __SHD () C:\Users\Sylvia Schmidt\AppData\Local\EmieSiteList
2014-04-23 15:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

Some content of TEMP:
====================
C:\Users\Sylvia Schmidt\AppData\Local\Temp\avgnt.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nsiDDD2.tmp.exe
C:\Users\Sylvia Schmidt\AppData\Local\Temp\nss144E.tmp.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 11:42] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-30 03:42

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 22.05.2014 13:40
Avira mal neu installieren.

huhuhu 22.05.2014 20:01
Update Avira geht nicht = Fehlermeldung
Deinstallieren geht nicht = Fehlermeldung
Neu runtergeladen, gespeichert = es bleibt das alte Avira mit seinen Fehlermeldungen
Habe Screenshots gemacht kann die aber nicht hier posten.

Hallo,
So lautet eine von den Fehlermeldungen

update.exe unknown software exception 0x80000003 ist in der anwendung an der Stelle 0x74d8e0bc aufgetreten

Ich habe gelegentlich tuneup über den Rechner laufen lassen. Hinterher auch cc cleaner ... hat er mir das System zerschossen?

Hallo,
ja und mein Laufwerk kann weder CDs noch DVDs mehr abspielen. Es läuft aber kann nichts wiedergeben. PC sagt aber Gerät funktioniert.
:-(

Ich kann den Rechner nicht mehr starten Internet Explorer funktioniert nicht mehr und beendet selbst keine Ahnung warum. Ich schreibe vom Handy ....

schrauber 23.05.2014 16:21
was genau heisst du kannst den Rechner nicht mehr starten?

huhuhu 24.05.2014 01:42
Also wenn ich einschalte bleibt er im windows start Bildschirm hängen. Dann muss ich erneut ausschalten und einschalten dann fährt er hoch. Internet Explorer und andere Internet Seiten werden Zwangsweise beendet weil es ein Problem gibt die Problembereiche führt zu nichts ...

Hab die Nerven verloren und den Rechner neu aufgesetzt .... wäre Dankbar für Tipps zum Schutz .... für deine Mühe vielen Schrauben aber ich glaube da waren Teile vom System zerschossen. Kommt von tuneup und Cleaner ....
Lieben Gruß Sylvia

Hallo,
sorry die Schreibfehler (Handy Auto Korrektur) .... wie gesagt hab einen Neustart gemacht. Habe Avast jetzt genommen ....gibt's weitere Tipps???

schrauber 24.05.2014 18:25
Ich geb Dir mal was zu lesen.



Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

huhuhu 24.05.2014 21:22
Hallo Schrauber,
vielen lieben Dank für deine Mühe. Auch wenn ich letztendlich die Nerven verloren habe und den Rechner neu gestartet habe. Ich habe mir deine Tipps zu Herzen genommen und habe Malewarebytes installiert. Ich habe Avira gegen Avast getauscht. Secunia und TFC installiere ich morgen. Wichtige und nützliche Tipps ich danke dir sehr. Von meiner Seite aus habe ich keine Fragen mehr. Ein schönes restliche Wochenende.
Gruß Sylvia

schrauber 25.05.2014 18:31
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:45 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131