Computer wird langsamer nach Download von doc-to-pdf-Tool

kurtzweil · 16.02.2014, 12:23

Guten Tag!
Ich bin neu hier in dem Forum und habe leider auch nicht so viel Ahnung von Computern. Bitte entschuldigt daher, wenn ich etwas nachfragen muss.
Weil mein Word beim Konvertieren zu pdf plötzlich Wasserzeichen über die Seiten gedruckt hat, hab ich (blöderweise) ein Tool zum Konvertieren von .doc zu .pdf heruntergeladen (PDF Creator). Seitdem wird mein Computer immer langsamer, mein Virenprogramm findet aber leider nichts. Die logfiles sehen bei mir so aus:

defogger_disable:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:13 on 16/02/2014 (Hanna)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Hanna (administrator) on KASIMIR on 16-02-2014 10:14:11
Running from C:\Users\Hanna\Desktop
Microsoft Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Dropbox, Inc.) C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [SpybotSnD] - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [5365592 2009-01-26] (Safer Networking Limited)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AVMUSBFernanschluss] - C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-19] (AVM Berlin)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-24] (Adobe Systems Incorporated)
Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_nt_
FF DefaultSearchEngine: Znout (de)
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Znout (de)
FF Homepage: about:home
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\searchplugins\SearchOnMe.xml
FF SearchPlugin: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\searchplugins\znout-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-21]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 AviraUpgradeService; "C:\windows\TEMP\AVSETUP_50940d4d\avupgsvc.exe" /TEMPSTART:""C:\windows\TEMP\AVSETUP_50940d4d\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\windows\System32\DRIVERS\avmaura.sys [105728 2012-12-19] (AVM Berlin)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-16 10:14 - 2014-02-16 10:15 - 00016328 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-16 10:13 - 2014-02-16 10:14 - 00000000 ____D () C:\FRST
2014-02-16 10:12 - 2014-02-16 10:12 - 01141248 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-16 10:09 - 2014-02-16 10:09 - 00000472 _____ () C:\Users\Hanna\Desktop\defogger_disable.log
2014-02-16 10:09 - 2014-02-16 10:09 - 00000000 _____ () C:\Users\Hanna\defogger_reenable
2014-02-16 10:06 - 2014-02-16 10:06 - 00050477 _____ () C:\Users\Hanna\Desktop\Defogger.exe
2014-01-31 22:52 - 2014-02-09 15:29 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013

==================== One Month Modified Files and Folders =======

2014-02-16 10:15 - 2014-02-16 10:14 - 00016328 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-16 10:14 - 2014-02-16 10:13 - 00000000 ____D () C:\FRST
2014-02-16 10:12 - 2014-02-16 10:12 - 01141248 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-16 10:09 - 2014-02-16 10:09 - 00000472 _____ () C:\Users\Hanna\Desktop\defogger_disable.log
2014-02-16 10:09 - 2014-02-16 10:09 - 00000000 _____ () C:\Users\Hanna\defogger_reenable
2014-02-16 10:09 - 2011-01-20 22:05 - 00000000 ____D () C:\Users\Hanna
2014-02-16 10:06 - 2014-02-16 10:06 - 00050477 _____ () C:\Users\Hanna\Desktop\Defogger.exe
2014-02-16 10:01 - 2011-01-21 06:52 - 01351034 _____ () C:\windows\WindowsUpdate.log
2014-02-15 19:34 - 2011-01-22 13:05 - 00045147 _____ () C:\windows\setupact.log
2014-02-15 10:48 - 2013-12-21 11:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 17:48 - 2010-01-06 00:28 - 01535366 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-14 06:17 - 2010-01-06 00:32 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-12 20:23 - 2011-01-26 20:32 - 00000052 _____ () C:\windows\system32\DOErrors.log
2014-02-12 20:22 - 2012-06-07 17:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-09 15:29 - 2014-01-31 22:52 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013
2014-02-05 16:55 - 2013-06-08 10:58 - 00000000 ____D () C:\Users\Hanna\Recht
2014-01-31 22:52 - 2014-01-05 16:30 - 00000000 ____D () C:\Users\Hanna\Desktop\Patientenverfügung
2014-01-19 15:44 - 2013-10-20 17:28 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Dropbox
2014-01-18 18:59 - 2013-02-10 15:53 - 00000000 ____D () C:\Users\Hanna\Documents\Wohnung Werrastr

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2728.dll

Some content of TEMP:
====================
C:\Users\Hanna\AppData\Local\Temp\avgnt.exe
C:\Users\Hanna\AppData\Local\Temp\ose00000.exe
C:\Users\Hanna\AppData\Local\Temp\_is22C0.exe
C:\Users\Hanna\AppData\Local\Temp\_isB205.exe

==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-09 12:32

==================== End Of Log ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2014 01
Ran by Hanna at 2014-02-16 10:16:05
Running from C:\Users\Hanna\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (Version: - Microsoft)
AAVUpdateManager (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (Version: 1.2 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (Version: 12.0.5.146 - Adobe Systems, Inc.)
Apple Application Support (Version: 2.3.4 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 3 (Version: - ArcSoft)
ATI Catalyst Install Manager (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira Free Antivirus (Version: 14.0.2.286 - Avira)
AVM FRITZ!Box Druckeranschluss (Version: - AVM Berlin)
Brother MFL-Pro Suite MFC-J220 (Version: 1.0.3.0 - Brother Industries, Ltd.)
CANON iMAGE GATEWAY MyCamera Download Plugin (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0804.1118.18368 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0804.1118.18368 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Czech (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Danish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Dutch (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help English (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Finnish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help French (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help German (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Greek (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Italian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Japanese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Korean (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Polish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Russian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Spanish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Swedish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Thai (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Turkish (Version: 2009.0804.1117.18368 - ATI) Hidden
ccc-core-static (Version: 2009.0804.1118.18368 - ATI) Hidden
ccc-utility (Version: 2009.0804.1118.18368 - ATI) Hidden
CCleaner (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001 - Microsoft Corporation)
CPQ Wallpaper (Version: 1.0.1.1 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
FaceFilter Studio Brother Edition (Version: 1.0 - )
Forte Free 2.0 (Version: - )
FRITZ!Box USB-Fernanschluss (HKCU Version: 2.3.0.2 - AVM Berlin)
gs_x86 (Version: 8.71 - MAY-Computer)
GSview 5.0 (Version: 5.0 - Ghostgum Software Pty Ltd)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Common Access Service Library (Version: 3.0.28.1 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (Version: 1.0.3.1 - Hewlett-Packard)
HP Quick Launch Buttons (Version: 6.50.4.2 - Hewlett-Packard)
HP Setup (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (Version: 1.0.0.15 - Hewlett-Packard)
HP Support Assistant (Version: 7.0.39.15 - Hewlett-Packard Company)
HP User Guides 0133 (Version: 1.02.0001 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (Version: 5.8.50008.0 - Sonix)
HP Wireless Assistant (Version: 3.50.9.1 - Hewlett-Packard)
IDT Audio (Version: 1.0.6222.0 - IDT)
Java 7 Update 17 (Version: 7.0.170 - Oracle)
Java 7 Update 7 (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LightScribe System Software (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (Version: 2.1.94 - LSI Corporation)
Marvell Miniport Driver (Version: 10.70.5.3 - Marvell)
Messenger Plus! Live (Version: 4.90.0.392 - Yuna Software)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon FotoShare (Version: 1.0.1.0 - )
Nikon Message Center (Version: 0.91.000 - )
Opera 12.16 (Version: 12.16.1860 - Opera Software ASA)
PDF Complete Special Edition (Version: 3.5.108 - PDF Complete, Inc)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PictureProject (Version: 1.0 - )
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
REALTEK Wireless LAN Software (Version: 1.00.09.1021 - REALTEK Semiconductor Corp.)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Skype Click to Call (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.3 (Version: 6.3.107 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
Steuer-Spar-Erklärung 2013 (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 13.2.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual DJ Home - Atomix Productions (Version: - )
Windows 7 Default Setting (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Live Anmelde-Assistent (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points =========================

12-01-2014 20:29:44 Geplanter Prüfpunkt
24-01-2014 23:49:09 Geplanter Prüfpunkt
05-02-2014 16:37:26 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A79FA7E-A3E6-427E-BD97-A043F855B06B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4773D1A4-89D9-4961-BD01-58C1C4F94A3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {83B30F02-12AE-48A3-9A3A-248BFA3CA106} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {965A90B7-BFE6-44CF-8C83-3BDE807D20CE} - System32\Tasks\{3F9B8F14-9D46-4A61-B07B-08332B500380} => c:\program files\opera\opera.exe [2013-08-03] (Opera Software)
Task: {A15232C1-9E10-461F-A933-CF96BDF5C0DB} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {BC2758AA-9881-4BC3-A554-9414F0459509} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {C253170E-0D7C-4F48-BCA9-31E1699F66BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C891EECC-590E-44DF-903E-BB6A51A8F893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-01-28] (Microsoft)

==================== Loaded Modules (whitelisted) =============

2011-01-22 13:01 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-08-29 01:23 - 2013-08-29 01:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Hanna\AppData\Roaming\Dropbox\bin\libcef.dll
2008-12-19 00:03 - 2008-12-19 00:03 - 00020480 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-21 06:52 - 2011-01-21 06:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-07-02 00:44 - 2009-07-02 00:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2013-12-21 11:50 - 2013-12-21 11:50 - 03559024 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-24 06:53 - 2013-12-24 06:53 - 16242056 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP

FC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2014 06:25:19 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "X:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (02/03/2014 06:30:22 AM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "X:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (01/26/2014 07:00:10 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "X:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (01/21/2014 05:54:43 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_Audiosrv, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100
Name des fehlerhaften Moduls: stapo.dll, Version: 1.0.6222.0, Zeitstempel: 0x4a5ba25a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000bd271
ID des fehlerhaften Prozesses: 0x2334
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_Audiosrv0
Pfad der fehlerhaften Anwendung: svchost.exe_Audiosrv1
Pfad des fehlerhaften Moduls: svchost.exe_Audiosrv2
Berichtskennung: svchost.exe_Audiosrv3

Error: (01/19/2014 07:18:41 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "X:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (01/12/2014 08:58:12 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "X:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (01/12/2014 08:29:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385, Zeitstempel: 0x4a5bccb3
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x9a515f5d
ID des fehlerhaften Prozesses: 0x494
Startzeit der fehlerhaften Anwendung: 0xwmpnetwk.exe0
Pfad der fehlerhaften Anwendung: wmpnetwk.exe1
Pfad des fehlerhaften Moduls: wmpnetwk.exe2
Berichtskennung: wmpnetwk.exe3

Error: (01/11/2014 08:19:33 AM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x81000101).

Error: (01/11/2014 08:19:33 AM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x81000101).

Error: (01/10/2014 09:23:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

System errors:
=============
Error: (02/16/2014 10:00:50 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/16/2014 10:00:47 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (02/15/2014 08:04:52 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/15/2014 08:04:49 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AntiVirSchedulerService erreicht.

Error: (02/15/2014 07:18:35 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/15/2014 09:52:15 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/15/2014 09:52:13 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (02/14/2014 08:47:29 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/14/2014 05:29:43 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/14/2014 06:16:26 AM) (Source: atikmdag) (User: )
Description: Display is not active

Microsoft Office Sessions:
=========================
Error: (07/03/2012 05:06:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18116 seconds with 720 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 79%
Total physical RAM: 1788.87 MB
Available physical RAM: 366.18 MB
Total Pagefile: 4070.28 MB
Available Pagefile: 844.24 MB
Total Virtual: 2047.88 MB
Available Virtual: 1896.49 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:131.75 GB) (Free:61.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E9E34362)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

GMER:

GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-16 12:06:38
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS725016A9A364 rev.PCBOC72E 149,05GB
Running: Gmer-19357.exe; Driver: C:\Users\Hanna\AppData\Local\Temp\axddqpod.sys

---- System - GMER 2.1 ----

SSDT 8EB082AE ZwCreateSection
SSDT 8EB082B8 ZwRequestWaitReplyPort
SSDT 8EB082B3 ZwSetContextThread
SSDT 8EB082BD ZwSetSecurityObject
SSDT 8EB082C2 ZwSystemDebugControl
SSDT 8EB0824F ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82C885C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAD092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 370 82CB49B0 4 Bytes [AE, 82, B0, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 6CC 82CB4D0C 4 Bytes [B8, 82, B0, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 710 82CB4D50 4 Bytes [B3, 82, B0, 8E] {MOV BL, 0x82; MOV AL, 0x8e}
.text ntkrnlpa.exe!RtlSidHashLookup + 78C 82CB4DCC 4 Bytes [BD, 82, B0, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 7E0 82CB4E20 4 Bytes [C2, 82, B0, 8E]
.text ...
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC1C000, 0x2D51CE, 0xE8000020]

---- EOF - GMER 2.1 ----

Kann man daraus etwas erkennen?
Vielen Dank für Eure Hilfe!

schrauber · 16.02.2014, 17:02

hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

kurtzweil · 16.02.2014, 19:47

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.16.04

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Hanna :: KASIMIR [Administrator]

16.02.2014 18:53:33
mbam-log-2014-02-16 (18-53-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207268
Laufzeit: 14 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 5
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hanna\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hanna\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hanna\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 2
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

# AdwCleaner v3.018 - Bericht erstellt am 16/02/2014 um 19:22:08
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzername : Hanna - KASIMIR
# Gestartet von : C:\Users\Hanna\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Conduit

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16421


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10829 octets] - [17/11/2013 20:21:21]
AdwCleaner[R1].txt - [8089 octets] - [17/11/2013 20:34:59]
AdwCleaner[R2].txt - [6486 octets] - [17/11/2013 20:46:06]
AdwCleaner[R3].txt - [1154 octets] - [19/11/2013 13:45:08]
AdwCleaner[R4].txt - [1515 octets] - [16/02/2014 19:21:01]
AdwCleaner[S0].txt - [10558 octets] - [17/11/2013 20:24:38]
AdwCleaner[S1].txt - [7814 octets] - [17/11/2013 20:38:01]
AdwCleaner[S2].txt - [6503 octets] - [18/11/2013 14:53:19]
AdwCleaner[S3].txt - [1216 octets] - [19/11/2013 13:46:20]
AdwCleaner[S4].txt - [1436 octets] - [16/02/2014 19:22:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1496 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x86
Ran by Hanna on 16.02.2014 at 19:31:59,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1069123905-1725157069-2146362146-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dmwu_rasmancs



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Hanna\appdata\locallow\codec-c"



~~~ FireFox

Successfully deleted: [File] C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\zhc4yj4i.default\searchplugins\searchonme.xml
Emptied folder: C:\Users\Hanna\AppData\Roaming\mozilla\firefox\profiles\zhc4yj4i.default\minidumps [38 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.02.2014 at 19:35:49,35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Hanna (administrator) on KASIMIR on 16-02-2014 19:41:27
Running from C:\Users\Hanna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [SpybotSnD] - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [5365592 2009-01-26] (Safer Networking Limited)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AVMUSBFernanschluss] - C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-19] (AVM Berlin)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_nt_
FF DefaultSearchEngine: Znout (de)
FF SearchEngineOrder.1: Amazon 
FF SelectedSearchEngine: Znout (de)
FF Homepage: about:home
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\searchplugins\znout-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 AviraUpgradeService; "C:\windows\TEMP\AVSETUP_50940d4d\avupgsvc.exe" /TEMPSTART:""C:\windows\TEMP\AVSETUP_50940d4d\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\windows\System32\DRIVERS\avmaura.sys [105728 2012-12-19] (AVM Berlin)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-16 19:35 - 2014-02-16 19:35 - 00001351 _____ () C:\Users\Hanna\Desktop\JRT.txt
2014-02-16 19:31 - 2014-02-16 19:31 - 00000000 ____D () C:\windows\ERUNT
2014-02-16 18:50 - 2014-02-16 18:50 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-16 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-16 18:31 - 2014-02-16 18:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hanna\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01166132 _____ () C:\Users\Hanna\Desktop\adwcleaner.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01037530 _____ (Thisisu) C:\Users\Hanna\Desktop\JRT.exe
2014-02-16 12:08 - 2009-06-10 22:39 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140216-120800.backup
2014-02-16 12:06 - 2014-02-16 12:06 - 00001682 _____ () C:\Users\Hanna\Desktop\Gmer.txt
2014-02-16 11:41 - 2014-02-16 11:41 - 00131072 ____N () C:\windows\Minidump\021614-27908-01.dmp
2014-02-16 11:10 - 2014-02-16 11:10 - 00380416 _____ () C:\Users\Hanna\Desktop\Gmer-19357.exe
2014-02-16 10:16 - 2014-02-16 11:17 - 00024585 _____ () C:\Users\Hanna\Desktop\Addition.txt
2014-02-16 10:14 - 2014-02-16 19:41 - 00015678 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-16 10:13 - 2014-02-16 19:41 - 00000000 ____D () C:\FRST
2014-02-16 10:12 - 2014-02-16 10:12 - 01141248 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-16 10:09 - 2014-02-16 11:13 - 00000472 _____ () C:\Users\Hanna\Desktop\defogger_disable.log
2014-02-16 10:09 - 2014-02-16 10:09 - 00000000 _____ () C:\Users\Hanna\defogger_reenable
2014-02-16 10:06 - 2014-02-16 10:06 - 00050477 _____ () C:\Users\Hanna\Desktop\Defogger.exe
2014-02-15 10:48 - 2014-02-15 10:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-31 22:52 - 2014-02-09 15:29 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013

==================== One Month Modified Files and Folders =======

2014-02-16 19:41 - 2014-02-16 10:14 - 00015678 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-16 19:41 - 2014-02-16 10:13 - 00000000 ____D () C:\FRST
2014-02-16 19:35 - 2014-02-16 19:35 - 00001351 _____ () C:\Users\Hanna\Desktop\JRT.txt
2014-02-16 19:34 - 2009-07-14 05:34 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 19:34 - 2009-07-14 05:34 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 19:31 - 2014-02-16 19:31 - 00000000 ____D () C:\windows\ERUNT
2014-02-16 19:28 - 2011-01-21 17:34 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Skype
2014-02-16 19:27 - 2013-10-20 17:36 - 00000000 ___RD () C:\Users\Hanna\Dropbox
2014-02-16 19:27 - 2013-10-20 17:28 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Dropbox
2014-02-16 19:24 - 2011-01-22 13:05 - 00045315 _____ () C:\windows\setupact.log
2014-02-16 19:24 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-16 19:22 - 2013-11-17 20:21 - 00000000 ____D () C:\AdwCleaner
2014-02-16 19:22 - 2010-01-06 00:28 - 01535366 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-16 19:14 - 2012-05-27 10:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 19:14 - 2011-01-22 16:59 - 00328976 _____ () C:\windows\PFRO.log
2014-02-16 19:10 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\twain_32
2014-02-16 18:50 - 2014-02-16 18:50 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-16 18:31 - 2014-02-16 18:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hanna\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01166132 _____ () C:\Users\Hanna\Desktop\adwcleaner.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01037530 _____ (Thisisu) C:\Users\Hanna\Desktop\JRT.exe
2014-02-16 12:19 - 2013-10-20 17:31 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-16 12:06 - 2014-02-16 12:06 - 00001682 _____ () C:\Users\Hanna\Desktop\Gmer.txt
2014-02-16 11:42 - 2011-01-28 12:33 - 00000000 ____D () C:\windows\Minidump
2014-02-16 11:41 - 2014-02-16 11:41 - 00131072 ____N () C:\windows\Minidump\021614-27908-01.dmp
2014-02-16 11:17 - 2014-02-16 10:16 - 00024585 _____ () C:\Users\Hanna\Desktop\Addition.txt
2014-02-16 11:15 - 2011-01-21 06:52 - 01359252 _____ () C:\windows\WindowsUpdate.log
2014-02-16 11:13 - 2014-02-16 10:09 - 00000472 _____ () C:\Users\Hanna\Desktop\defogger_disable.log
2014-02-16 11:10 - 2014-02-16 11:10 - 00380416 _____ () C:\Users\Hanna\Desktop\Gmer-19357.exe
2014-02-16 10:12 - 2014-02-16 10:12 - 01141248 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-16 10:09 - 2014-02-16 10:09 - 00000000 _____ () C:\Users\Hanna\defogger_reenable
2014-02-16 10:09 - 2011-01-20 22:05 - 00000000 ____D () C:\Users\Hanna
2014-02-16 10:06 - 2014-02-16 10:06 - 00050477 _____ () C:\Users\Hanna\Desktop\Defogger.exe
2014-02-15 10:48 - 2014-02-15 10:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 06:17 - 2010-01-06 00:32 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-12 20:23 - 2011-01-26 20:32 - 00000052 _____ () C:\windows\system32\DOErrors.log
2014-02-12 20:22 - 2012-06-07 17:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-09 15:29 - 2014-01-31 22:52 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013
2014-02-05 16:55 - 2013-06-08 10:58 - 00000000 ____D () C:\Users\Hanna\Recht
2014-01-31 22:52 - 2014-01-05 16:30 - 00000000 ____D () C:\Users\Hanna\Desktop\Patientenverfügung
2014-01-18 18:59 - 2013-02-10 15:53 - 00000000 ____D () C:\Users\Hanna\Documents\Wohnung Werrastr

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2728.dll


Some content of TEMP:
====================
C:\Users\Hanna\AppData\Local\Temp\avgnt.exe
C:\Users\Hanna\AppData\Local\Temp\ose00000.exe
C:\Users\Hanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Hanna\AppData\Local\Temp\_is22C0.exe
C:\Users\Hanna\AppData\Local\Temp\_isB205.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 12:32

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Bitte entschuldige die falsche Darstellungsform, ich hoffe, so ist es richtig.

schrauber · 17.02.2014, 14:20

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

kurtzweil · 17.02.2014, 21:56

Hm, ich hab das Programm dreimal laufen lassen (ESET Online Scanner) und jedes Mal ist es nach 25-30% einfach stehen geblieben. Ich habe dann eine Stunde gewartet, aber es hat sich nichts mehr getan. Hier ist also das logfile von dem Durchlauf, der es am Weitesten geschafft hat. Passiert so etwas manchmal oder habe ich etwas falsch gemacht?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7d054f4d886fb54b9621307f971014fa
# engine=17105
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 05:43:14
# local_time=2014-02-17 06:43:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 97 10758 258082284 3460 0
# compatibility_mode=5893 16776574 100 94 34675677 144290185 0 0
# scanned=103126
# found=1
# cleaned=0
# scan_time=5090
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1069123905-1725157069-2146362146-1001\$R526C3Z\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7d054f4d886fb54b9621307f971014fa
# engine=17105
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-17 08:47:58
# local_time=2014-02-17 09:47:58 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 97 21842 258093368 14544 0
# compatibility_mode=5893 16776574 100 94 34683161 144301269 0 0
# scanned=163645
# found=3
# cleaned=0
# scan_time=10952
sh=FDF652F803592E6840E076A89A19BF655686B8A8 ft=1 fh=de76e936397b25d2 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-1069123905-1725157069-2146362146-1001\$R526C3Z\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=AAA512D9D576BD0204906D38C9D45BBDEFD21D07 ft=0 fh=0000000000000000 vn="HTML/Ransom.I trojan" ac=I fn="C:\Users\Hanna\AppData\Local\Opera\Opera\cache\g_007B\opr01QR5.tmp"
sh=D777AEFC63AAB54CA5E3583AFD207EA880D70CCE ft=1 fh=0aca7386b8acee6f vn="a variant of Win32/Adware.CiDHelp application" ac=I fn="C:\Users\Hanna\Downloads\MsgPlusLive-484.exe"

Und das passiert, wenn ich Security Check starte:

Code:

ATTFilter

 UNSUPPORTED OPERATING SYSTEM! ABORTED!

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2014 01
Ran by Hanna (administrator) on KASIMIR on 17-02-2014 21:54:27
Running from C:\Users\Hanna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVM Berlin) C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [SpybotSnD] - C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe [5365592 2009-01-26] (Safer Networking Limited)
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-12] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AVMUSBFernanschluss] - C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-19] (AVM Berlin)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_nt_
FF DefaultSearchEngine: Znout (de)
FF SearchEngineOrder.1: Amazon 
FF SelectedSearchEngine: Znout (de)
FF Homepage: about:home
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\searchplugins\znout-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)
S2 AviraUpgradeService; "C:\windows\TEMP\AVSETUP_50940d4d\avupgsvc.exe" /TEMPSTART:""C:\windows\TEMP\AVSETUP_50940d4d\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\windows\System32\DRIVERS\avmaura.sys [105728 2012-12-19] (AVM Berlin)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-17 17:15 - 2014-02-17 17:15 - 00000000 ____D () C:\Program Files\ESET
2014-02-17 16:38 - 2014-02-17 16:38 - 02347384 _____ (ESET) C:\Users\Hanna\Desktop\esetsmartinstaller_enu.exe
2014-02-17 16:38 - 2014-02-17 16:38 - 00987425 _____ () C:\Users\Hanna\Desktop\SecurityCheck.exe
2014-02-16 19:35 - 2014-02-16 19:35 - 00001351 _____ () C:\Users\Hanna\Desktop\JRT.txt
2014-02-16 19:31 - 2014-02-16 19:31 - 00000000 ____D () C:\windows\ERUNT
2014-02-16 18:50 - 2014-02-16 18:50 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-16 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-16 18:31 - 2014-02-16 18:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hanna\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01166132 _____ () C:\Users\Hanna\Desktop\adwcleaner.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01037530 _____ (Thisisu) C:\Users\Hanna\Desktop\JRT.exe
2014-02-16 12:08 - 2009-06-10 22:39 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140216-120800.backup
2014-02-16 12:06 - 2014-02-16 12:06 - 00001682 _____ () C:\Users\Hanna\Desktop\Gmer.txt
2014-02-16 11:41 - 2014-02-16 11:41 - 00131072 ____N () C:\windows\Minidump\021614-27908-01.dmp
2014-02-16 11:10 - 2014-02-16 11:10 - 00380416 _____ () C:\Users\Hanna\Desktop\Gmer-19357.exe
2014-02-16 10:16 - 2014-02-16 11:17 - 00024585 _____ () C:\Users\Hanna\Desktop\Addition.txt
2014-02-16 10:14 - 2014-02-17 21:54 - 00015774 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-16 10:13 - 2014-02-17 21:54 - 00000000 ____D () C:\FRST
2014-02-16 10:12 - 2014-02-16 10:12 - 01141248 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-16 10:09 - 2014-02-16 11:13 - 00000472 _____ () C:\Users\Hanna\Desktop\defogger_disable.log
2014-02-16 10:09 - 2014-02-16 10:09 - 00000000 _____ () C:\Users\Hanna\defogger_reenable
2014-02-16 10:06 - 2014-02-16 10:06 - 00050477 _____ () C:\Users\Hanna\Desktop\Defogger.exe
2014-02-15 10:48 - 2014-02-15 10:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-31 22:52 - 2014-02-09 15:29 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013

==================== One Month Modified Files and Folders =======

2014-02-17 21:55 - 2014-02-16 10:14 - 00015774 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-17 21:54 - 2014-02-16 10:13 - 00000000 ____D () C:\FRST
2014-02-17 17:15 - 2014-02-17 17:15 - 00000000 ____D () C:\Program Files\ESET
2014-02-17 17:14 - 2010-01-06 00:28 - 01535366 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-17 16:38 - 2014-02-17 16:38 - 02347384 _____ (ESET) C:\Users\Hanna\Desktop\esetsmartinstaller_enu.exe
2014-02-17 16:38 - 2014-02-17 16:38 - 00987425 _____ () C:\Users\Hanna\Desktop\SecurityCheck.exe
2014-02-17 10:43 - 2011-01-22 13:05 - 00045371 _____ () C:\windows\setupact.log
2014-02-16 19:35 - 2014-02-16 19:35 - 00001351 _____ () C:\Users\Hanna\Desktop\JRT.txt
2014-02-16 19:34 - 2009-07-14 05:34 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-16 19:34 - 2009-07-14 05:34 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 19:31 - 2014-02-16 19:31 - 00000000 ____D () C:\windows\ERUNT
2014-02-16 19:28 - 2011-01-21 17:34 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Skype
2014-02-16 19:27 - 2013-10-20 17:36 - 00000000 ___RD () C:\Users\Hanna\Dropbox
2014-02-16 19:27 - 2013-10-20 17:28 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Dropbox
2014-02-16 19:24 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-16 19:22 - 2013-11-17 20:21 - 00000000 ____D () C:\AdwCleaner
2014-02-16 19:14 - 2012-05-27 10:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 19:14 - 2011-01-22 16:59 - 00328976 _____ () C:\windows\PFRO.log
2014-02-16 19:14 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\twain_32
2014-02-16 18:50 - 2014-02-16 18:50 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-16 18:31 - 2014-02-16 18:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Hanna\Desktop\mbam-setup-1.75.0.1300.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01166132 _____ () C:\Users\Hanna\Desktop\adwcleaner.exe
2014-02-16 18:31 - 2014-02-16 18:31 - 01037530 _____ (Thisisu) C:\Users\Hanna\Desktop\JRT.exe
2014-02-16 12:19 - 2013-10-20 17:31 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-16 12:06 - 2014-02-16 12:06 - 00001682 _____ () C:\Users\Hanna\Desktop\Gmer.txt
2014-02-16 11:42 - 2011-01-28 12:33 - 00000000 ____D () C:\windows\Minidump
2014-02-16 11:41 - 2014-02-16 11:41 - 00131072 ____N () C:\windows\Minidump\021614-27908-01.dmp
2014-02-16 11:17 - 2014-02-16 10:16 - 00024585 _____ () C:\Users\Hanna\Desktop\Addition.txt
2014-02-16 11:15 - 2011-01-21 06:52 - 01359252 _____ () C:\windows\WindowsUpdate.log
2014-02-16 11:13 - 2014-02-16 10:09 - 00000472 _____ () C:\Users\Hanna\Desktop\defogger_disable.log
2014-02-16 11:10 - 2014-02-16 11:10 - 00380416 _____ () C:\Users\Hanna\Desktop\Gmer-19357.exe
2014-02-16 10:12 - 2014-02-16 10:12 - 01141248 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-16 10:09 - 2014-02-16 10:09 - 00000000 _____ () C:\Users\Hanna\defogger_reenable
2014-02-16 10:09 - 2011-01-20 22:05 - 00000000 ____D () C:\Users\Hanna
2014-02-16 10:06 - 2014-02-16 10:06 - 00050477 _____ () C:\Users\Hanna\Desktop\Defogger.exe
2014-02-15 10:48 - 2014-02-15 10:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 06:17 - 2010-01-06 00:32 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-12 20:23 - 2011-01-26 20:32 - 00000052 _____ () C:\windows\system32\DOErrors.log
2014-02-12 20:22 - 2012-06-07 17:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-09 15:29 - 2014-01-31 22:52 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013
2014-02-05 16:55 - 2013-06-08 10:58 - 00000000 ____D () C:\Users\Hanna\Recht
2014-01-31 22:52 - 2014-01-05 16:30 - 00000000 ____D () C:\Users\Hanna\Desktop\Patientenverfügung
2014-01-18 18:59 - 2013-02-10 15:53 - 00000000 ____D () C:\Users\Hanna\Documents\Wohnung Werrastr

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2728.dll


Some content of TEMP:
====================
C:\Users\Hanna\AppData\Local\Temp\avgnt.exe
C:\Users\Hanna\AppData\Local\Temp\ose00000.exe
C:\Users\Hanna\AppData\Local\Temp\Quarantine.exe
C:\Users\Hanna\AppData\Local\Temp\_is22C0.exe
C:\Users\Hanna\AppData\Local\Temp\_isB205.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-09 12:32

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

schrauber · 18.02.2014, 16:32

Kommt schon mal vor.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\$RECYCLE.BIN

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

kurtzweil · 19.02.2014, 13:23

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2014 01
Ran by Hanna at 2014-02-19 12:41:59 Run:1
Running from C:\Users\Hanna\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\$RECYCLE.BIN
*****************

C:\$RECYCLE.BIN => Moved successfully.

==== End of Fixlog ====

Hey, also leider läuft der Laptop noch genauso langsam wie vorher...kann es vielleicht noch an was Anderem liegen? Das Gerät ist ungefähr 5 Jahre alt, lief seither problemlos. Ist das vielleicht eine Art "Alterserscheinung"?

schrauber · 20.02.2014, 12:15

allgemein langsam oder nur beim Starten?

kurtzweil · 20.02.2014, 19:13

Hm, eher allgemein langsam...die Programme (Word, Excel etc.) öffnen sich langsamer und bleiben öfter "hängen"

schrauber · 21.02.2014, 15:01

How to perform a clean boot in Windows

Mach bitte mal nen Clean Boot und teste nochmal.

kurtzweil · 22.02.2014, 14:36

Eine merkliche Besserung hat das leider auch nicht gebracht

schrauber · 23.02.2014, 11:27

Ok, deinstalliere dein AV Programm und teste ohne.

kurtzweil · 26.02.2014, 12:08

Hm, da hab ich leider auch nichts bemerkt...aber jetzt kommt's mir so vor, als wär der Computer beim Surfen langsamer als bei anderen Funktionen (die allerdings immer noch langsamer sind als früher)

Jetzt ist es auch so, dass das Shockwave Plugin öfter abgestürzt ist. Die Meldung sagt: "Das Shockwave Player Plugin ist möglicherweise beschäftigt oder reagiert nicht mehr. Sie können das Plugin fortführen[...]oder stoppen." Hat das auch etwas damit zu tun?

schrauber · 27.02.2014, 11:56

In welchem Browser? Poste nochmal ein frisches FRST Log bitte.

kurtzweil · 27.02.2014, 16:08

Firefox 27.0.1

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-02-2014 02
Ran by Hanna at 2014-02-27 15:59:48
Running from C:\Users\Hanna\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 3 (HKLM\...\{A5F68DC8-0278-4AD8-B413-861509B5F25B}) (Version:  - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Brother MFL-Pro Suite MFC-J220 (HKLM\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.10 (HKLM\...\DPP) (Version: 3.10.0.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM\...\EOS Utility) (Version: 2.10.0.0 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0804.1118.18368 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0804.1118.18368 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Czech (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Danish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Dutch (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help English (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Finnish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help French (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help German (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Greek (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Italian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Japanese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Korean (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Polish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Russian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Spanish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Swedish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Thai (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Turkish (Version: 2009.0804.1117.18368 - ATI) Hidden
ccc-core-static (Version: 2009.0804.1118.18368 - ATI) Hidden
ccc-utility (Version: 2009.0804.1118.18368 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CPQ Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.1 - Hewlett-Packard)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.87 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FaceFilter Studio Brother Edition (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 1.0 - )
Forte Free 2.0 (HKLM\...\Forte Free) (Version:  - )
FRITZ!Box USB-Fernanschluss (HKCU\...\f018cf21c0452c64) (Version: 2.3.0.2 - AVM Berlin)
gs_x86 (HKLM\...\{E93FA0AE-24E0-4D5B-A6FF-1C46B4829776}) (Version: 8.71 - MAY-Computer)
GSview 5.0 (HKLM\...\GSview 5.0) (Version: 5.0 - Ghostgum Software Pty Ltd)
Hewlett-Packard ACLM.NET v1.2.1.1 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Common Access Service Library (HKLM\...\{87CA636B-85B8-4611-A81D-F97E71024AFD}) (Version: 3.0.28.1 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{FFBDA363-A033-4F32-8DE0-AEF0F105410E}) (Version: 1.0.3.1 - Hewlett-Packard)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.4.2 - Hewlett-Packard)
HP Setup (HKLM\...\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}) (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (HKLM\...\{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}) (Version: 1.0.0.15 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP User Guides 0133 (HKLM\...\{816F5E94-B7FE-43EF-B4E6-F22D40A4AFCC}) (Version: 1.02.0001 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0.25.0 - Roxio)
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50008.0 - Sonix)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6222.0 - IDT)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 7 Update 7 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007F0}) (Version: 7.0.70 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.5.3 - Marvell)
Messenger Plus! Live (HKLM\...\Messenger Plus! Live) (Version: 4.90.0.392 - Yuna Software)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B0-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nikon FotoShare (HKLM\...\Nikon FotoShare) (Version: 1.0.1.0 - )
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.91.000 - )
Opera 12.16 (HKLM\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
PictureProject (HKLM\...\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}) (Version: 1.0 - )
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
REALTEK Wireless LAN Software (HKLM\...\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}) (Version: 1.00.09.1021 - REALTEK Semiconductor Corp.)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Steuer-Spar-Erklärung 2013 (HKLM\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{B7873DF5-9E1C-45EE-8895-D29C6AE01202}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C20964A7-5181-45E5-9E82-72F5D400DEBF}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{F1070E28-73A6-4C99-98DF-17F584E4C2B6}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{567103D1-96CD-4B76-93B9-2681A187DEFF}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_STANDARD_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_STANDARD_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_STANDARD_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_STANDARD_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Virtual DJ Home - Atomix Productions (HKLM\...\Virtual DJ Home - Atomix Productions) (Version:  - )
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Restore Points  =========================

19-02-2014 12:09:09 Ende der Bereinigung

==================== Hosts content: ==========================

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1A79FA7E-A3E6-427E-BD97-A043F855B06B} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {4773D1A4-89D9-4961-BD01-58C1C4F94A3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {83B30F02-12AE-48A3-9A3A-248BFA3CA106} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {965A90B7-BFE6-44CF-8C83-3BDE807D20CE} - System32\Tasks\{3F9B8F14-9D46-4A61-B07B-08332B500380} => c:\program files\opera\opera.exe [2013-08-03] (Opera Software)
Task: {A15232C1-9E10-461F-A933-CF96BDF5C0DB} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {BC2758AA-9881-4BC3-A554-9414F0459509} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2009-07-08] ()
Task: {C253170E-0D7C-4F48-BCA9-31E1699F66BE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C891EECC-590E-44DF-903E-BB6A51A8F893} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-02-25] (Microsoft)
Task: {D76C2375-7153-49AC-812E-863E9E4B2ACA} - System32\Tasks\Malware Scan => C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2013-04-04] (Malwarebytes Corporation)

==================== Loaded Modules (whitelisted) =============

2013-01-12 11:35 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2008-10-24 15:35 - 2008-10-24 15:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2011-01-22 13:01 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2013-08-29 01:23 - 2013-08-29 01:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 01:25 - 2013-08-29 01:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Hanna\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-15 10:48 - 2014-02-15 10:48 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2009-07-02 00:44 - 2009-07-02 00:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
2008-12-19 00:03 - 2008-12-19 00:03 - 00020480 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-01-21 06:52 - 2011-01-21 06:52 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-12-24 06:53 - 2013-12-24 06:53 - 16242056 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2014 06:43:48 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{1f475846-2522-11e0-bc29-806e6f6e6963} - 000000B4,0x0053c010,00E16048,0,00E1B068,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (02/25/2014 06:43:30 AM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Die Schattenkopie kann nicht zugesichert werden - Vorgang hat das Zeitlimit überschritten.
Fehlerkontext: DeviceIoControl(\\?\Volume{1f475846-2522-11e0-bc29-806e6f6e6963} - 000000E4,0x0053c010,00E16048,0,00E1B068,4096,[0]).


Vorgang:
   Schattenkopien werden übertragen

Kontext:
   Ausführungskontext: System Provider

Error: (02/23/2014 07:00:07 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "X:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"

Error: (02/22/2014 05:03:06 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 27.0.1.5156 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 9a0

Startzeit: 01cf2d71df2d5b72

Endzeit: 1047

Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID: c7ddbf1c-9bda-11e3-8d35-0027138ba278

Error: (02/19/2014 01:15:59 PM) (Source: MsiInstaller) (User: Kasimir)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/19/2014 01:15:18 PM) (Source: Microsoft-Windows-RestartManager) (User: Kasimir)
Description: Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren werden.

Error: (02/19/2014 01:09:04 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {1b67a810-bc8c-4e58-90e5-be566db7ca76}

Error: (02/19/2014 01:05:42 PM) (Source: MsiInstaller) (User: Kasimir)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011006}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127

Error: (02/19/2014 01:05:10 PM) (Source: Application Hang) (User: )
Description: Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: dc4

Startzeit: 01cf2d6a86c64807

Endzeit: 51

Anwendungspfad: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Berichts-ID:

Error: (02/19/2014 00:59:30 PM) (Source: Application Hang) (User: )
Description: Programm SpybotSD.exe, Version 1.6.2.46 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: e80

Startzeit: 01cf2d6995553369

Endzeit: 99

Anwendungspfad: C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

Berichts-ID:


System errors:
=============
Error: (02/27/2014 03:20:53 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/27/2014 10:08:19 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/26/2014 02:07:13 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/26/2014 02:07:08 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht.

Error: (02/26/2014 00:01:42 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/26/2014 00:01:42 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (02/26/2014 11:37:24 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/26/2014 07:35:43 AM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/25/2014 10:31:34 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (02/25/2014 08:35:49 PM) (Source: atikmdag) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (07/03/2012 05:06:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 18116 seconds with 720 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 80%
Total physical RAM: 1788.87 MB
Available physical RAM: 355.8 MB
Total Pagefile: 3577.73 MB
Available Pagefile: 1296.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:131.75 GB) (Free:67.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E9E34362)

Partition: GPT Partition Type.

==================== End Of Log ============================

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Hanna (administrator) on KASIMIR on 27-02-2014 16:02:57
Running from C:\Users\Hanna\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
(AMD) C:\windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Andrea Electronics Corporation) C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Apple Inc.) C:\Program Files\QuickTime\QTTask.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVM Berlin) C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\fritzbox-usb-fernanschluss.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PDF Complete] - C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-14] (IDT, Inc.)
HKLM\...\Run: [SpybotSnD] - "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
HKLM\...\Run: [ControlCenter3] - C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-02-09] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] - C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-11] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AdobeBridge] - [X]
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [AVMUSBFernanschluss] - C:\Users\Hanna\AppData\Local\Apps\2.0\MMYD67T3.2QW\YOTZPTH7.41P\frit..tion_8488884cfbcefd60_0002.0003_f406d43803d5433d\AVMAutoStart.exe [139264 2012-12-19] (AVM Berlin)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
HKU\S-1-5-21-1069123905-1725157069-2146362146-1001\...\RunOnce: [FlashPlayerUpdate] - C:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe [839560 2013-12-24] (Adobe Systems Incorporated)
Startup: C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Hanna\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCOM/10
SearchScopes: HKLM - DefaultScope value is missing.
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default
FF NewTab: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_nt_
FF DefaultSearchEngine: Znout (de)
FF SearchEngineOrder.1: Amazon 
FF SelectedSearchEngine: Znout (de)
FF Homepage: about:home
FF Keyword.URL: hxxp://www.amazon.de/gp/bit/amazonserp/ref=bit_bds-p24_serp_ff_de_display?ie=UTF8&tagbase=bds-p24&tag=bds-p24-serp-de-ff-21&tbrId=v1_abb-channel-24_784af7f6ec51467aae43b3af3f8ac6bb_39_1007_20131115_DE_ff_ab_&query=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Computer, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Computer, Inc.)
FF SearchPlugin: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\searchplugins\znout-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\zhc4yj4i.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-17]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-02-15]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa

========================== Services (Whitelisted) =================

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-14] (IDT, Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
R3 avmaura; C:\windows\System32\DRIVERS\avmaura.sys [105728 2012-12-19] (AVM Berlin)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 15:59 - 2014-02-27 16:02 - 00030431 _____ () C:\Users\Hanna\Desktop\Addition.txt
2014-02-27 15:56 - 2014-02-27 16:03 - 00015492 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-27 15:54 - 2014-02-27 15:54 - 01143808 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-25 07:48 - 2014-02-25 07:48 - 00131072 ____N () C:\windows\Minidump\022514-24195-01.dmp
2014-02-19 13:46 - 2014-02-19 13:52 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-02-19 13:46 - 2014-02-19 13:46 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-19 13:08 - 2014-02-19 13:09 - 00001700 _____ () C:\DelFix.txt
2014-02-16 19:31 - 2014-02-19 13:08 - 00000000 ____D () C:\windows\ERUNT
2014-02-16 18:50 - 2014-02-19 13:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 18:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-02-16 12:08 - 2009-06-10 22:39 - 00000824 _____ () C:\windows\system32\Drivers\etc\hosts.20140216-120800.backup
2014-02-16 11:41 - 2014-02-16 11:41 - 00131072 ____N () C:\windows\Minidump\021614-27908-01.dmp
2014-02-16 10:13 - 2014-02-27 16:02 - 00000000 ____D () C:\FRST
2014-02-15 10:48 - 2014-02-15 10:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-01-31 22:52 - 2014-02-09 15:29 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013

==================== One Month Modified Files and Folders =======

2014-02-27 16:03 - 2014-02-27 15:56 - 00015492 _____ () C:\Users\Hanna\Desktop\FRST.txt
2014-02-27 16:02 - 2014-02-27 15:59 - 00030431 _____ () C:\Users\Hanna\Desktop\Addition.txt
2014-02-27 16:02 - 2014-02-16 10:13 - 00000000 ____D () C:\FRST
2014-02-27 15:54 - 2014-02-27 15:54 - 01143808 _____ (Farbar) C:\Users\Hanna\Desktop\FRST.exe
2014-02-27 10:50 - 2011-01-26 20:32 - 00000052 _____ () C:\windows\system32\DOErrors.log
2014-02-27 10:48 - 2012-06-07 17:54 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-26 12:11 - 2009-07-14 05:34 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:11 - 2009-07-14 05:34 - 00019536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 12:05 - 2013-10-20 17:36 - 00000000 ___RD () C:\Users\Hanna\Dropbox
2014-02-26 12:05 - 2013-10-20 17:28 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Dropbox
2014-02-26 12:04 - 2011-01-21 17:34 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Skype
2014-02-26 12:01 - 2011-01-22 13:05 - 00046379 _____ () C:\windows\setupact.log
2014-02-26 12:01 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-25 22:36 - 2010-01-06 00:28 - 01535366 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-25 07:48 - 2014-02-25 07:48 - 00131072 ____N () C:\windows\Minidump\022514-24195-01.dmp
2014-02-25 07:48 - 2011-01-28 12:33 - 00000000 ____D () C:\windows\Minidump
2014-02-21 06:20 - 2010-01-06 00:32 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-19 13:52 - 2014-02-19 13:46 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-02-19 13:50 - 2011-01-20 22:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-19 13:46 - 2014-02-19 13:46 - 00000000 ____D () C:\ProgramData\Licenses
2014-02-19 13:26 - 2014-02-16 18:50 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-19 13:09 - 2014-02-19 13:08 - 00001700 _____ () C:\DelFix.txt
2014-02-19 13:08 - 2014-02-16 19:31 - 00000000 ____D () C:\windows\ERUNT
2014-02-19 13:06 - 2011-01-20 22:05 - 00000000 ____D () C:\Users\Hanna
2014-02-18 12:46 - 2013-06-04 20:29 - 00000000 ____D () C:\Users\Hanna\Desktop\Bewerbung Charlotte
2014-02-16 19:14 - 2012-05-27 10:38 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 19:14 - 2011-01-22 16:59 - 00328976 _____ () C:\windows\PFRO.log
2014-02-16 19:14 - 2009-07-14 05:52 - 00000000 ____D () C:\windows\twain_32
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Malwarebytes
2014-02-16 18:50 - 2014-02-16 18:50 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 12:19 - 2013-10-20 17:31 - 00000000 ____D () C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-16 11:41 - 2014-02-16 11:41 - 00131072 ____N () C:\windows\Minidump\021614-27908-01.dmp
2014-02-16 11:15 - 2011-01-21 06:52 - 01359252 _____ () C:\windows\WindowsUpdate.log
2014-02-15 10:48 - 2014-02-15 10:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-09 15:29 - 2014-01-31 22:52 - 00000000 ____D () C:\Users\Hanna\Desktop\Steuer 2013
2014-02-05 16:55 - 2013-06-08 10:58 - 00000000 ____D () C:\Users\Hanna\Recht
2014-01-31 22:52 - 2014-01-05 16:30 - 00000000 ____D () C:\Users\Hanna\Desktop\Patientenverfügung

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2728.dll


Some content of TEMP:
====================
C:\Users\Hanna\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit

20.02.2014, 12:15	#8
schrauber /// the machine /// TB-Ausbilder	Computer wird langsamer nach Download von doc-to-pdf-Tool allgemein langsam oder nur beim Starten? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

21.02.2014, 15:01	#10
schrauber /// the machine /// TB-Ausbilder	Computer wird langsamer nach Download von doc-to-pdf-Tool How to perform a clean boot in Windows Mach bitte mal nen Clean Boot und teste nochmal. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

23.02.2014, 11:27	#12
schrauber /// the machine /// TB-Ausbilder	Computer wird langsamer nach Download von doc-to-pdf-Tool Ok, deinstalliere dein AV Programm und teste ohne. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

27.02.2014, 11:56	#14
schrauber /// the machine /// TB-Ausbilder	Computer wird langsamer nach Download von doc-to-pdf-Tool In welchem Browser? Poste nochmal ein frisches FRST Log bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Computer wird langsamer nach Download von doc-to-pdf-Tool

Log-Analyse und Auswertung: Computer wird langsamer nach Download von doc-to-pdf-Tool