| |
| |||||||
Log-Analyse und Auswertung: Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.02.2014, 21:38
| #1 |
| |  Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, bei meinem Vista-Rechner habe ich seit einigen Wochen Probleme mit dem Internetzugang gehabt. Zugang über Firefox und IE war kaum möglich. Einzig über Chrome war der Zugang teilweise möglich. Manchmal nicht einmal das. Also kein Internetzugang möglich. Internetverbindung allerdings stets aktiv. Heute habe ich einmal einen Scan mit MBAM durchgeführt. Dieser hat insgesamt 192 (!) Funde angezeigt. Bei der Bereinigung ist allerdings MBAM abgestürzt, so dass es leider kein LOG gibt, welches ich hier anhängen kann. Bei zwei weiteren Versuchen war es ähnlich. Danach bin ich allerdings wieder ins Internet gekommen. Auch mit Firefox und IE. Allerdings denke ich, dass der Rechner bestimmt noch nicht sauber ist. Zudem wird auch die Geschwindigkeit des Rechners immer langsamer. defogger_disable Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:52 on 26/02/2014 (Gabriele)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by Gabriele (administrator) on GABRIELE-PC on 26-02-2014 20:54:42
Running from C:\Users\Gabriele\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell Inc. and SightSpeed Inc.) C:\Program Files\Dell Video Chat\DellVideoChat.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Logitech, Inc.) C:\Users\Gabriele\Downloads\SetPoint\SetPoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-08-05] (Dell Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe [57344 2005-06-23] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\Program Files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2014-02-04] (Geek Software GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKLM\...\RunOnce: [DSC3 updater] - "C:\Users\Gabriele\Downloads\aulauncher.exe" /launchrunonce [1748448 2011-04-06] (Dell Inc)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [SightSpeed] - C:\Program Files\Dell Video Chat\DellVideoChat.exe [4812664 2008-08-15] (Dell Inc. and SightSpeed Inc.)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392665651&from=tugs&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE908JM6923M6923&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files\Hewlett-Packard\Smart Print 2.6\Espresso.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212
FF user.js: detected! => C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\user.js
FF DefaultSearchEngine: awesomehp
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\lightningnewtab@gmail.com [2014-02-19]
FF Extension: Extension_Protected - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17]
FF Extension: Adblock Plus - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\firefoxext [2011-04-06]
Chrome:
=======
CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1392665651&from=tugs&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE908JM6923M6923
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Google-Suche) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (Google Wallet) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-29] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1168632 2008-05-05] (AuthenTec, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
S2 gupdate1c9e137e18a018; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-30] (Google Inc.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-29] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-08-05] (Dell Inc.)
S3 GoogleDesktopManager-110309-193829; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X]
==================== Drivers (Whitelisted) ====================
S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF9035BDA.sys [245720 2009-02-18] (AfaTech )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-08-05] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-26] (Malwarebytes Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [91168 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-13] (Realtek)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-26 20:54 - 2014-02-26 20:54 - 00022821 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-26 20:54 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 19:26 - 2014-02-26 20:08 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip
2014-02-26 16:14 - 2014-02-26 16:14 - 00028882 _____ () C:\Users\Gabriele\Desktop\AVSCAN-20140226-140405-53E40ED5.LOG
2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip
2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Uniblue
2014-02-17 20:36 - 2014-02-26 20:17 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\WPM
2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-02-12 10:04 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-12 09:57 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 09:57 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-12 09:57 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-12 09:57 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 09:57 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 09:57 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 09:57 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-12 09:57 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 09:57 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe
2014-02-10 14:01 - 2014-02-23 22:16 - 00000000 ____D () C:\Program Files\Amazon
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 13:58 - 2014-02-10 17:06 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\systweak
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-04 18:13 - 2014-02-04 18:14 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher
2014-02-04 15:54 - 2014-02-11 16:03 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:23 - 2014-02-26 19:46 - 00000000 ____D () C:\Program Files\SearchProtect
2014-02-04 15:23 - 2014-02-04 15:24 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SearchProtect
2014-02-04 15:23 - 2014-02-04 15:23 - 00000000 _____ () C:\END
2014-02-04 15:22 - 2014-02-26 19:46 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\DownloadGuide
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24
2014-01-30 19:04 - 2014-02-04 15:49 - 00000000 ____D () C:\Program Files\PDF24
2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-30 19:00 - 2014-01-30 19:01 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe
2014-01-30 18:59 - 2014-01-30 19:00 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-30 18:40 - 2014-01-30 18:42 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe
2014-01-30 17:05 - 2014-01-05 16:51 - 00013673 _____ () C:\Users\Gabriele\Ebay-text.odt
2014-01-30 17:05 - 2011-06-09 13:50 - 00027136 _____ () C:\Users\Gabriele\Vertragsrücksendung.wps
2014-01-30 17:05 - 2011-03-06 20:13 - 00027648 _____ () C:\Users\Gabriele\Anschreiben_Ulrike.txt.wps
==================== One Month Modified Files and Folders =======
2014-02-26 20:54 - 2014-02-26 20:54 - 00022821 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-26 20:54 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST
2014-02-26 20:54 - 2012-10-26 10:18 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\FRITZ!
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:52 - 2008-11-07 15:35 - 00000000 ____D () C:\Users\Gabriele
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 20:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:26 - 2013-12-22 18:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-26 20:26 - 2008-11-05 08:28 - 01083212 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 20:23 - 2012-11-16 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 20:21 - 2011-04-06 18:53 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SoftThinks
2014-02-26 20:20 - 2009-07-01 20:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 20:20 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 20:17 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-26 20:08 - 2014-02-26 19:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-26 20:06 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 20:00 - 2009-07-01 20:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 19:46 - 2014-02-04 15:23 - 00000000 ____D () C:\Program Files\SearchProtect
2014-02-26 19:46 - 2014-02-04 15:22 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\DownloadGuide
2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip
2014-02-26 16:14 - 2014-02-26 16:14 - 00028882 _____ () C:\Users\Gabriele\Desktop\AVSCAN-20140226-140405-53E40ED5.LOG
2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip
2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip
2014-02-25 19:25 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 19:23 - 2008-11-08 15:23 - 00032530 _____ () C:\Users\Gabriele\AppData\Roaming\wklnhst.dat
2014-02-25 19:19 - 2008-11-17 20:48 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Neues
2014-02-25 19:10 - 2011-04-19 13:40 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Sonstiges
2014-02-25 19:08 - 2011-04-06 18:50 - 00000000 ____D () C:\Program Files\Dell DataSafe Local Backup
2014-02-25 18:44 - 2014-01-17 17:05 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-24 22:14 - 2008-11-10 13:29 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-02-24 22:14 - 2008-11-10 13:29 - 00000034 _____ () C:\Windows\system32\BD2030.DAT
2014-02-24 13:31 - 2010-06-03 16:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\CrashDumps
2014-02-24 12:54 - 2008-01-21 03:47 - 00713982 _____ () C:\Windows\PFRO.log
2014-02-23 22:32 - 2011-03-04 18:14 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-23 22:25 - 2014-02-12 10:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-23 22:25 - 2012-12-14 19:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-23 22:25 - 2008-11-21 20:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Apple Computer
2014-02-23 22:16 - 2014-02-10 14:01 - 00000000 ____D () C:\Program Files\Amazon
2014-02-23 17:27 - 2012-11-16 17:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 17:27 - 2011-08-18 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 17:20 - 2008-12-04 13:27 - 00007052 _____ () C:\Users\Gabriele\AppData\Local\d3d9caps.dat
2014-02-23 17:14 - 2013-07-07 11:54 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 14:17 - 2008-11-07 15:40 - 00000951 _____ () C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 22:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-19 22:39 - 2006-11-02 11:22 - 43778048 _____ () C:\Windows\system32\config\software_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 42467328 _____ () C:\Windows\system32\config\components_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 26738688 _____ () C:\Windows\system32\config\system_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Uniblue
2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\WPM
2014-02-13 17:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-02-12 11:24 - 2013-08-16 19:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 11:21 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 16:03 - 2014-02-04 15:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 18:29 - 2009-05-29 18:48 - 00000000 ____D () C:\ProgramData\Apple
2014-02-10 17:06 - 2014-02-10 13:58 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\systweak
2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 14:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-10 13:20 - 2008-11-10 15:35 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Adobe
2014-02-04 18:14 - 2014-02-04 18:13 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:49 - 2014-01-30 19:04 - 00000000 ____D () C:\Program Files\PDF24
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:24 - 2014-02-04 15:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SearchProtect
2014-02-04 15:23 - 2014-02-04 15:23 - 00000000 _____ () C:\END
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 21:10 - 2014-02-12 09:57 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-02 21:10 - 2014-02-12 09:57 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-02 12:20 - 2014-01-17 17:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\HpUpdate
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-02-02 11:12 - 2006-11-02 13:47 - 00306232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 23:54 - 2014-02-12 09:57 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-01 23:47 - 2014-02-12 09:57 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 23:47 - 2014-02-12 09:57 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-01 23:46 - 2014-02-12 09:57 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 23:46 - 2014-02-12 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-31 16:53 - 2008-11-07 15:35 - 00074200 _____ () C:\Users\Gabriele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24
2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-30 19:01 - 2014-01-30 19:00 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe
2014-01-30 19:00 - 2014-01-30 18:59 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-30 18:59 - 2011-04-06 18:01 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-30 18:42 - 2014-01-30 18:40 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe
2014-01-28 18:28 - 2011-03-13 12:12 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Spiritualität
Files to move or delete:
====================
C:\Users\Gabriele\AppData\Roaming\desktop.ini
C:\Users\Public\AlexaNSISPlugin.6872.dll
Some content of TEMP:
====================
C:\Users\Gabriele\AppData\Local\Temp\APNStub.exe
C:\Users\Gabriele\AppData\Local\Temp\avgnt.exe
C:\Users\Gabriele\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gabriele\AppData\Local\Temp\contentDATs.exe
C:\Users\Gabriele\AppData\Local\Temp\FileSystemView.dll
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Gabriele\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1].exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Gabriele\AppData\Local\Temp\setup.exe
C:\Users\Gabriele\AppData\Local\Temp\{D39E6783-6B9A-4ADA-8DE0-83C86F0080B8}.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-26 20:26
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2014 01
Ran by Gabriele at 2014-02-26 20:55:13
Running from C:\Users\Gabriele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.00.000 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version: - )
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.260 - ArcSoft)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0407.2138 - )
AuthenTec Fingerprint System (HKLM\...\{140BF0D0-E848-405C-9A01-D3256B918B6D}) (Version: 8.0.26.22 - AuthenTec, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version: - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version: - AVM Berlin)
AVM FRITZ!DSL (HKLM\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2030 (HKLM\...\{671FE013-B628-4624-B5EF-1B4E9F35423C}) (Version: 1.00 - Brother)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0407.2139.36897 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Danish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Dutch (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help English (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Finnish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help French (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help German (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Italian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Japanese (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Korean (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Russian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Spanish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Swedish (Version: 2008.0407.2138.36897 - ATI) Hidden
ccc-core-static (Version: 2008.0407.2139.36897 - ATI) Hidden
ccc-utility (Version: 2008.0407.2139.36897 - ATI) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Handbuch zum Einstieg (HKLM\...\{FD023F61-65E9-465C-B558-7C64EB2B97E6}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.104 - Alps Electric)
Dell Video Chat (remove only) (HKLM\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version: - )
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
DigitalPersona Personal 4.01 (HKLM\...\{3D8AE086-030F-4EF4-B705-63F8130B043E}) (Version: 4.02.3769 - DigitalPersona, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version: - )
Garmin City Navigator Europe (Unicode) NT 2012.30 Update (HKLM\...\{402754E1-22AD-42D9-86C5-B0AC52C7D70D}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{DB1F11B1-A35C-45C1-904C-68A6D1481D80}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Print 2.6 (HKLM\...\{602847AC-F50C-41B0-B080-EC190B195FAF}) (Version: 2.6.0.238 - Hewlett-Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Integrated Webcam Driver (1.06.03.0309) (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )
ITECIR Driver (Version: 1.00.000 - ITE) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF24 Creator 6.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.0.12 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SA32xx Device Manager (HKLM\...\{7CDC26F7-D6BF-442A-B599-0075A48310F7}) (Version: 01.01.00.1022 - Philips)
SA32xx Media Converter (HKLM\...\{D57ACD92-6A27-43BB-B3AE-894930940D41}) (Version: 1.0.6.1013 - Philips)
SA32xx Media Converter (Version: 1.0.6.1013 - Philips) Hidden
Skins (Version: 2008.0407.2139.36897 - ATI) Hidden
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{A8F97B7C-7D31-4D52-B7DD-BF3C20DFE5F9}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
==================== Restore Points =========================
13-01-2014 17:31:15 Geplanter Prüfpunkt
17-01-2014 15:59:21 Gerätetreiber-Paketinstallation: HP Drucker
17-01-2014 15:59:28 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
17-01-2014 16:01:02 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
17-01-2014 16:02:53 Gerätetreiber-Paketinstallation: Hewlett-Packard USB-Controller
17-01-2014 19:08:19 Installed Java 7 Update 51
18-01-2014 09:16:59 Windows Update
19-01-2014 11:59:22 Geplanter Prüfpunkt
21-01-2014 17:10:44 Installed PDF Split And Merge Basic
30-01-2014 06:04:45 Windows Update
30-01-2014 17:55:29 OpenOffice 4.0.1 wird installiert
31-01-2014 08:20:01 Geplanter Prüfpunkt
03-02-2014 18:37:40 Geplanter Prüfpunkt
04-02-2014 13:41:09 Geplanter Prüfpunkt
12-02-2014 10:16:14 Windows Update
17-02-2014 19:36:13 Uniblue SpeedUpMyPC installation
19-02-2014 21:35:07 Wiederherstellungsvorgang
20-02-2014 18:15:55 Windows Update
23-02-2014 21:02:03 Removed Ask Toolbar.
23-02-2014 21:37:33 Windows Update
25-02-2014 17:43:41 Installed HP Smart Print 2.6
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C114D4C-2842-47DB-AB5A-A1FE75B98C18} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3855BA1A-918D-423C-80DF-4D0829E58744} - System32\Tasks\HP AR Program Upload - 13dbbf79990d408bb0e6d5332c5cf5f455671535982341cbb5f496956aafcb96 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E9BB38D-A227-4E12-A466-C50EDFAC788B} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59BE70FD-4732-4A83-BF8B-0558099C9FFD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gabriele => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {5CD57C23-1E5F-40A3-BF10-A7086825B64A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {7A935A20-97AB-4373-ADB0-C22A5F21CDE9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DE3478E4-EFEF-444B-AC83-152C0F273667} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F56DFD22-4840-45F1-8963-EE5FC754210C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {FA21E3B3-DF6C-4807-9459-CF1487BA7117} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-30] (Google Inc.)
Task: {FC335229-B4D4-4F24-8E91-7C1FAD265B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-11-05 07:47 - 2008-08-05 13:17 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-11-05 07:47 - 2008-08-05 13:16 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-11-05 16:21 - 2008-05-04 09:42 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-12-17 10:10 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-06 18:50 - 2011-01-13 19:39 - 00783680 _____ () C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2011-04-06 18:50 - 2011-01-13 19:37 - 00128320 _____ () C:\Program Files\Dell DataSafe Local Backup\STLog.dll
2011-04-06 18:50 - 2011-01-13 19:36 - 01123648 _____ () C:\Program Files\Dell DataSafe Local Backup\LibXml2.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00079168 _____ () C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00234816 _____ () C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00075072 _____ () C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00111936 _____ () C:\Program Files\Dell DataSafe Local Backup\STPE.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00121152 _____ () C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 01657168 _____ () C:\Program Files\Dell Video Chat\QtCore4.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 06510416 _____ () C:\Program Files\Dell Video Chat\QtGui4.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 00026960 _____ () C:\Program Files\Dell Video Chat\SDL.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 00366928 _____ () C:\Program Files\Dell Video Chat\QtNetwork4.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 00396112 _____ () C:\Program Files\Dell Video Chat\QtOpenGL4.dll
2009-11-02 19:57 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-09-19 18:38 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2009-11-02 19:57 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2009-11-02 19:57 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2014-02-26 20:26 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2014 08:21:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 08:09:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 08:08:01 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (02/26/2014 08:06:12 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/26/2014 08:05:31 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1694
Anfangszeit: 01cf33238c4c8915
Zeitpunkt der Beendigung: 12
Error: (02/26/2014 07:49:39 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 11fc
Anfangszeit: 01cf33205068fda5
Zeitpunkt der Beendigung: 49
Error: (02/26/2014 07:00:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 05:39:32 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/26/2014 05:27:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 05:06:22 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: AFD
avipbb
avkmgr
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
ssmdrv
Tcpip
tdx
Wanarpv6
ws2ifsl
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: TCP/IP Registry CompatibilityTCP/IP-Protokolltreiber%%31
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)TCP/IP-Protokolltreiber%%31
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bonjour"TCP/IP-Protokolltreiber%%31
Microsoft Office Sessions:
=========================
Error: (02/26/2014 08:21:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 08:09:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 08:08:01 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
Error: (02/26/2014 08:06:12 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/26/2014 08:05:31 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1169401cf33238c4c891512
Error: (02/26/2014 07:49:39 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.111fc01cf33205068fda549
Error: (02/26/2014 07:00:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 05:39:32 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/26/2014 05:27:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2014 05:06:22 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
CodeIntegrity Errors:
===================================
Date: 2010-11-01 10:14:19.702
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:19.560
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:19.415
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:19.216
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:06.417
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:06.271
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:06.130
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-11-01 10:14:05.960
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-10-08 17:59:50.724
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2010-10-08 17:59:50.601
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3069.24 MB
Available physical RAM: 1630.52 MB
Total Pagefile: 6358.76 MB
Available Pagefile: 4677.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.78 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:287.92 GB) (Free:172.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.81 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=173 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-26 21:13:15
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Gabriele\AppData\Local\Temp\pwlyrkob.sys
---- System - GMER 2.1 ----
SSDT 8CEB199E ZwCreateSection
SSDT 8CEB19A8 ZwRequestWaitReplyPort
SSDT 8CEB19A3 ZwSetContextThread
SSDT 8CEB19AD ZwSetSecurityObject
SSDT 8CEB19B2 ZwSystemDebugControl
SSDT 8CEB193F ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!KeSetEvent + 215 826E4860 4 Bytes [9E, 19, EB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 539 826E4B84 4 Bytes [A8, 19, EB, 8C] {TEST AL, 0x19; JMP 0xffffff90}
.text ntkrnlpa.exe!KeSetEvent + 56D 826E4BB8 4 Bytes [A3, 19, EB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 5D1 826E4C1C 4 Bytes [AD, 19, EB, 8C]
.text ntkrnlpa.exe!KeSetEvent + 619 826E4C64 4 Bytes [B2, 19, EB, 8C] {MOV DL, 0x19; JMP 0xffffff90}
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E00D000, 0x1FB0FA, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[176] ntdll.dll!LdrLoadDll 77589378 5 Bytes JMP 748C1FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!HeapSetInformation + 26 7600A8B0 7 Bytes JMP 5C095A06 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!LockResource + C 76026ACB 7 Bytes JMP 5C48049D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!VirtualAllocEx + 54 7602AF50 7 Bytes JMP 5C480455 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[176] GDI32.dll!SetStretchBltMode + 256 76F3745C 2 Bytes JMP 5C4804C4 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[176] GDI32.dll!SetStretchBltMode + 259 76F3745F 4 Bytes [54, E5, EB, F9] {PUSH ESP; IN EAX, 0xeb; STC }
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- EOF - GMER 2.1 ----
Gruß Hasenfuß |
|
26.02.2014, 22:48
| #2 |
  | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld  |
|
27.02.2014, 11:28
| #3 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, Hasenfuß und
__________________Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Starte noch einmal FRST.
|
|
27.02.2014, 21:21
| #4 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, vielen Dank für die prompte Bearbeitung. Anbei die Logdatei zu Schritt 1:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.020 - Bericht erstellt am 27/02/2014 um 20:41:46
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Gabriele - GABRIELE-PC
# Gestartet von : C:\Users\Gabriele\Downloads\adwcleaner(1).exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\SearchProtect
Ordner Gelöscht : C:\Windows\system32\SearchProtect
Ordner Gelöscht : C:\Users\Gabriele\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Gabriele\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Gabriele\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\Gabriele\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Gabriele\AppData\Roaming\uniblue
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E9BB38D-A227-4E12-A466-C50EDFAC788B}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E9BB38D-A227-4E12-A466-C50EDFAC788B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\supTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IePlugins
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\supTab
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
***** [ Browser ] *****
-\\ Internet Explorer v8.0.6001.19499
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "awesomehp");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "14450465ebc382d9eceb912e1c6c65b3");
-\\ Google Chrome v33.0.1750.117
[ Datei : C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [4247 octets] - [27/02/2014 20:40:53]
AdwCleaner[S0].txt - [4033 octets] - [27/02/2014 20:41:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4093 octets] ##########
zu FRST Schritt 2: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by Gabriele (administrator) on GABRIELE-PC on 27-02-2014 21:09:23
Running from C:\Users\Gabriele\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
==================== Processes (Whitelisted) =================
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell Inc. and SightSpeed Inc.) C:\Program Files\Dell Video Chat\DellVideoChat.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Logitech, Inc.) C:\Users\Gabriele\Downloads\SetPoint\SetPoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-08-05] (Dell Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe [57344 2005-06-23] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\Program Files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2014-02-04] (Geek Software GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKLM\...\RunOnce: [DSC3 updater] - "C:\Users\Gabriele\Downloads\aulauncher.exe" /launchrunonce [1748448 2011-04-06] (Dell Inc)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [SightSpeed] - C:\Program Files\Dell Video Chat\DellVideoChat.exe [4812664 2008-08-15] (Dell Inc. and SightSpeed Inc.)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files\Hewlett-Packard\Smart Print 2.6\Espresso.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212
FF Homepage: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\lightningnewtab@gmail.com [2014-02-19]
FF Extension: Extension_Protected - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17]
FF Extension: Adblock Plus - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\firefoxext [2011-04-06]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Google-Suche) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (Google Wallet) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-29] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1168632 2008-05-05] (AuthenTec, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
S2 gupdate1c9e137e18a018; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-30] (Google Inc.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-29] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-08-05] (Dell Inc.)
S3 GoogleDesktopManager-110309-193829; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X]
==================== Drivers (Whitelisted) ====================
S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF9035BDA.sys [245720 2009-02-18] (AfaTech )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-08-05] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [91168 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-13] (Realtek)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-27 20:57 - 2014-02-27 20:57 - 00004173 _____ () C:\Users\Gabriele\Desktop\AdwCleaner[S0].txt
2014-02-27 20:03 - 2014-02-27 20:46 - 00000000 ____D () C:\AdwCleaner
2014-02-27 20:03 - 2014-02-27 20:03 - 01244192 _____ () C:\Users\Gabriele\Downloads\adwcleaner(1).exe
2014-02-27 20:02 - 2014-02-27 20:02 - 01244192 _____ () C:\Users\Gabriele\Downloads\adwcleaner.exe
2014-02-26 21:13 - 2014-02-26 21:13 - 00003415 _____ () C:\Users\Gabriele\Desktop\Gmer.txt
2014-02-26 20:55 - 2014-02-26 20:57 - 00032934 _____ () C:\Users\Gabriele\Desktop\Addition.txt
2014-02-26 20:54 - 2014-02-27 21:09 - 00022133 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-26 20:54 - 2014-02-27 21:09 - 00000000 ____D () C:\FRST
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip
2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip
2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-12 10:04 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-12 09:57 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 09:57 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-12 09:57 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-12 09:57 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 09:57 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 09:57 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 09:57 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-12 09:57 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 09:57 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe
2014-02-10 14:01 - 2014-02-23 22:16 - 00000000 ____D () C:\Program Files\Amazon
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-04 18:13 - 2014-02-04 18:14 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher
2014-02-04 15:54 - 2014-02-27 19:37 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24
2014-01-30 19:04 - 2014-02-04 15:49 - 00000000 ____D () C:\Program Files\PDF24
2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-30 19:00 - 2014-01-30 19:01 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe
2014-01-30 18:59 - 2014-01-30 19:00 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-30 18:40 - 2014-01-30 18:42 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe
2014-01-30 17:05 - 2014-01-05 16:51 - 00013673 _____ () C:\Users\Gabriele\Ebay-text.odt
2014-01-30 17:05 - 2011-06-09 13:50 - 00027136 _____ () C:\Users\Gabriele\Vertragsrücksendung.wps
2014-01-30 17:05 - 2011-03-06 20:13 - 00027648 _____ () C:\Users\Gabriele\Anschreiben_Ulrike.txt.wps
==================== One Month Modified Files and Folders =======
2014-02-27 21:09 - 2014-02-26 20:54 - 00022133 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-27 21:09 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST
2014-02-27 21:00 - 2009-07-01 20:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 20:57 - 2014-02-27 20:57 - 00004173 _____ () C:\Users\Gabriele\Desktop\AdwCleaner[S0].txt
2014-02-27 20:55 - 2011-04-06 18:53 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SoftThinks
2014-02-27 20:54 - 2009-07-01 20:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 20:54 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 20:54 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 20:54 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 20:53 - 2008-11-05 08:28 - 01121407 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 20:53 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-27 20:46 - 2014-02-27 20:03 - 00000000 ____D () C:\AdwCleaner
2014-02-27 20:29 - 2012-10-26 10:18 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\FRITZ!
2014-02-27 20:23 - 2012-11-16 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 20:03 - 2014-02-27 20:03 - 01244192 _____ () C:\Users\Gabriele\Downloads\adwcleaner(1).exe
2014-02-27 20:02 - 2014-02-27 20:02 - 01244192 _____ () C:\Users\Gabriele\Downloads\adwcleaner.exe
2014-02-27 19:37 - 2014-02-04 15:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG
2014-02-27 19:37 - 2008-11-08 15:23 - 00032688 _____ () C:\Users\Gabriele\AppData\Roaming\wklnhst.dat
2014-02-27 10:25 - 2010-06-03 16:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\CrashDumps
2014-02-26 21:13 - 2014-02-26 21:13 - 00003415 _____ () C:\Users\Gabriele\Desktop\Gmer.txt
2014-02-26 20:57 - 2014-02-26 20:55 - 00032934 _____ () C:\Users\Gabriele\Desktop\Addition.txt
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:52 - 2008-11-07 15:35 - 00000000 ____D () C:\Users\Gabriele
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:26 - 2013-12-22 18:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip
2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip
2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip
2014-02-25 19:25 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 19:19 - 2008-11-17 20:48 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Neues
2014-02-25 19:10 - 2011-04-19 13:40 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Sonstiges
2014-02-25 19:08 - 2011-04-06 18:50 - 00000000 ____D () C:\Program Files\Dell DataSafe Local Backup
2014-02-25 18:44 - 2014-01-17 17:05 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-24 22:14 - 2008-11-10 13:29 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-02-24 22:14 - 2008-11-10 13:29 - 00000034 _____ () C:\Windows\system32\BD2030.DAT
2014-02-24 12:54 - 2008-01-21 03:47 - 00713982 _____ () C:\Windows\PFRO.log
2014-02-23 22:32 - 2011-03-04 18:14 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-23 22:25 - 2014-02-12 10:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-23 22:25 - 2012-12-14 19:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-23 22:25 - 2008-11-21 20:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Apple Computer
2014-02-23 22:16 - 2014-02-10 14:01 - 00000000 ____D () C:\Program Files\Amazon
2014-02-23 17:27 - 2012-11-16 17:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 17:27 - 2011-08-18 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 17:20 - 2008-12-04 13:27 - 00007052 _____ () C:\Users\Gabriele\AppData\Local\d3d9caps.dat
2014-02-23 17:14 - 2013-07-07 11:54 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 14:17 - 2008-11-07 15:40 - 00000951 _____ () C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 22:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-19 22:39 - 2006-11-02 11:22 - 43778048 _____ () C:\Windows\system32\config\software_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 42467328 _____ () C:\Windows\system32\config\components_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 26738688 _____ () C:\Windows\system32\config\system_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-13 17:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 11:24 - 2013-08-16 19:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 11:21 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 18:29 - 2009-05-29 18:48 - 00000000 ____D () C:\ProgramData\Apple
2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 14:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-10 13:20 - 2008-11-10 15:35 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Adobe
2014-02-04 18:14 - 2014-02-04 18:13 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:49 - 2014-01-30 19:04 - 00000000 ____D () C:\Program Files\PDF24
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 21:10 - 2014-02-12 09:57 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-02 21:10 - 2014-02-12 09:57 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-02 12:20 - 2014-01-17 17:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\HpUpdate
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-02-02 11:12 - 2006-11-02 13:47 - 00306232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 23:54 - 2014-02-12 09:57 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-01 23:47 - 2014-02-12 09:57 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 23:47 - 2014-02-12 09:57 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-01 23:46 - 2014-02-12 09:57 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 23:46 - 2014-02-12 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-31 16:53 - 2008-11-07 15:35 - 00074200 _____ () C:\Users\Gabriele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24
2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-30 19:01 - 2014-01-30 19:00 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe
2014-01-30 19:00 - 2014-01-30 18:59 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-30 18:59 - 2011-04-06 18:01 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-30 18:42 - 2014-01-30 18:40 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe
2014-01-28 18:28 - 2011-03-13 12:12 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Spiritualität
Files to move or delete:
====================
C:\Users\Gabriele\AppData\Roaming\desktop.ini
C:\Users\Public\AlexaNSISPlugin.6872.dll
Some content of TEMP:
====================
C:\Users\Gabriele\AppData\Local\Temp\APNStub.exe
C:\Users\Gabriele\AppData\Local\Temp\avgnt.exe
C:\Users\Gabriele\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gabriele\AppData\Local\Temp\contentDATs.exe
C:\Users\Gabriele\AppData\Local\Temp\FileSystemView.dll
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Gabriele\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1].exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\Quarantine.exe
C:\Users\Gabriele\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Gabriele\AppData\Local\Temp\setup.exe
C:\Users\Gabriele\AppData\Local\Temp\{D39E6783-6B9A-4ADA-8DE0-83C86F0080B8}.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-27 21:01
==================== End Of Log ============================
Vorab schon mal vielen Dank. Viele Grüße Hasenfuß |
|
28.02.2014, 08:56
| #5 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
|
|
28.02.2014, 22:47
| #6 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, zu Schritt 1: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.28.05 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19499 Gabriele :: GABRIELE-PC [Administrator] Schutz: Aktiviert 28.02.2014 13:08:01 mbam-log-2014-02-28 (13-08-01).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 387897 Laufzeit: 1 Stunde(n), 58 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.26.06 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus) Internet Explorer 8.0.6001.19499 Gabriele :: GABRIELE-PC [Administrator] 26.02.2014 20:08:42 MBAM-log-2014-02-26 (20-17-25).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 215736 Laufzeit: 8 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 8 C:\Users\Gabriele\AppData\Roaming\systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Keine Aktion durchgeführt. C:\Users\Gabriele\AppData\Roaming\systweak\RegClean Pro\Version 6.1 (PUP.Optional.RegCleanerPro.A) -> Keine Aktion durchgeführt. C:\Users\Gabriele\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice (PUP.Optional.RegCleanerPro.A) -> Keine Aktion durchgeführt. C:\Users\Gabriele\AppData\Roaming\systweak\RegClean Pro\Version 6.1\voice\de (PUP.Optional.RegCleanerPro.A) -> Keine Aktion durchgeführt. C:\Program Files\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\ProgramData\IePluginService (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt. C:\ProgramData\IePluginService\update (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 5 C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Keine Aktion durchgeführt. C:\Program Files\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.SearchProtect.A) -> Keine Aktion durchgeführt. C:\ProgramData\IePluginService\PluginService.exe (PUP.Optional.IePluginService.A) -> Keine Aktion durchgeführt. (Ende) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.26.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19499 Gabriele :: GABRIELE-PC [Administrator] 28.02.2014 08:35:02 mbam-log-2014-02-28 (08-35-02).txt Art des Suchlaufs: Benutzerdefinierter Suchlauf (C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip|) Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P Durchsuchte Objekte: 1 Laufzeit: 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Hierbei ergab es keine Ergebnisse, zu Schritt 2: ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a7adce2c0c7f384d81264614caa84b9e # engine=17265 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-28 03:10:45 # local_time=2014-02-28 04:10:45 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 97 109170 259023535 101902 0 # compatibility_mode=5892 16776574 100 100 243440 231132973 0 0 # scanned=54469 # found=1 # cleaned=0 # scan_time=2753 sh=9BAD76A1DBA2DEB207BC5789161BE9174A63CF46 ft=1 fh=3d0bba9b2704ddbf vn="a variant of Win32/Webprefix.B trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabriele\AppData\Local\DownloadGuide\Offers\dprotect_setup.exe.vir" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a7adce2c0c7f384d81264614caa84b9e # engine=17268 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-28 06:53:41 # local_time=2014-02-28 07:53:41 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 97 6519 259036911 2883 0 # compatibility_mode=5892 16776574 100 100 253216 231146349 0 0 # scanned=168 # found=0 # cleaned=0 # scan_time=45 ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=a7adce2c0c7f384d81264614caa84b9e # engine=17268 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-02-28 08:57:09 # local_time=2014-02-28 09:57:09 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=1799 16775165 100 97 13927 259044319 10291 0 # compatibility_mode=5892 16776574 100 100 260624 231153757 0 0 # scanned=186565 # found=1 # cleaned=0 # scan_time=7262 sh=9BAD76A1DBA2DEB207BC5789161BE9174A63CF46 ft=1 fh=3d0bba9b2704ddbf vn="a variant of Win32/Webprefix.B trojan" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Gabriele\AppData\Local\DownloadGuide\Offers\dprotect_setup.exe.vir" Hoffe ich habe alles richtig gemacht.  Schönes Wochenende |
|
01.03.2014, 12:01
| #7 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Schritt 1 Starte noch einmal FRST.
|
|
02.03.2014, 11:12
| #8 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, anbei das Ergebnis vom Scan: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2014 01
Ran by Gabriele (administrator) on GABRIELE-PC on 02-03-2014 11:04:40
Running from C:\Users\Gabriele\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Microsoft Corporation) C:\Windows\system32\conime.exe
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell Inc. and SightSpeed Inc.) C:\Program Files\Dell Video Chat\DellVideoChat.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Logitech, Inc.) C:\Users\Gabriele\Downloads\SetPoint\SetPoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-08-05] (Dell Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe [57344 2005-06-23] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\Program Files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2014-02-04] (Geek Software GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKLM\...\RunOnce: [DSC3 updater] - "C:\Users\Gabriele\Downloads\aulauncher.exe" /launchrunonce [1748448 2011-04-06] (Dell Inc)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [SightSpeed] - C:\Program Files\Dell Video Chat\DellVideoChat.exe [4812664 2008-08-15] (Dell Inc. and SightSpeed Inc.)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files\Hewlett-Packard\Smart Print 2.6\Espresso.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\lightningnewtab@gmail.com [2014-02-19]
FF Extension: Extension_Protected - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17]
FF Extension: Adblock Plus - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\firefoxext [2011-04-06]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Google-Suche) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (Google Wallet) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-29] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1168632 2008-05-05] (AuthenTec, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
S2 gupdate1c9e137e18a018; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-30] (Google Inc.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-29] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-08-05] (Dell Inc.)
S3 GoogleDesktopManager-110309-193829; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X]
==================== Drivers (Whitelisted) ====================
S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF9035BDA.sys [245720 2009-02-18] (AfaTech )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-08-05] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [91168 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-13] (Realtek)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-02 11:04 - 2014-03-02 11:04 - 00000000 ____D () C:\Users\Gabriele\Desktop\FRST-OlderVersion
2014-02-28 12:59 - 2014-02-28 12:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300(2).exe
2014-02-28 12:52 - 2014-02-28 12:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-02-27 20:57 - 2014-02-27 20:57 - 00004173 _____ () C:\Users\Gabriele\Desktop\AdwCleaner[S0].txt
2014-02-27 20:03 - 2014-02-27 20:46 - 00000000 ____D () C:\AdwCleaner
2014-02-27 20:02 - 2014-02-27 20:02 - 01244192 _____ () C:\Users\Gabriele\Downloads\adwcleaner.exe
2014-02-26 21:13 - 2014-02-26 21:13 - 00003415 _____ () C:\Users\Gabriele\Desktop\Gmer.txt
2014-02-26 20:55 - 2014-02-26 20:57 - 00032934 _____ () C:\Users\Gabriele\Desktop\Addition.txt
2014-02-26 20:54 - 2014-03-02 11:04 - 00022805 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-26 20:54 - 2014-03-02 11:04 - 00000000 ____D () C:\FRST
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-03-02 11:04 - 01144832 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 19:26 - 2014-02-28 13:01 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-28 13:01 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 11:20 - 2014-03-01 08:37 - 02869426 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-12 10:04 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-12 09:57 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 09:57 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-12 09:57 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-12 09:57 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 09:57 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 09:57 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 09:57 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-12 09:57 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 09:57 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 14:01 - 2014-02-23 22:16 - 00000000 ____D () C:\Program Files\Amazon
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
==================== One Month Modified Files and Folders =======
2014-03-02 11:05 - 2014-02-26 20:54 - 00022805 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-03-02 11:04 - 2014-03-02 11:04 - 00000000 ____D () C:\Users\Gabriele\Desktop\FRST-OlderVersion
2014-03-02 11:04 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST
2014-03-02 11:04 - 2014-02-26 20:49 - 01144832 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-03-02 11:04 - 2012-10-26 10:18 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\FRITZ!
2014-03-02 11:00 - 2009-07-01 20:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-02 10:23 - 2012-11-16 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-02 09:22 - 2011-04-06 18:53 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SoftThinks
2014-03-02 09:21 - 2009-07-01 20:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-02 09:20 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-02 09:20 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-02 09:20 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-02 09:14 - 2008-11-05 08:28 - 01190372 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 11:13 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-01 09:26 - 2008-11-08 15:23 - 00035528 _____ () C:\Users\Gabriele\AppData\Roaming\wklnhst.dat
2014-03-01 08:37 - 2014-02-26 11:20 - 02869426 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-03-01 07:48 - 2008-01-21 03:47 - 00714764 _____ () C:\Windows\PFRO.log
2014-02-28 19:54 - 2011-04-06 18:50 - 00000000 ____D () C:\Program Files\Dell DataSafe Local Backup
2014-02-28 18:39 - 2008-11-07 15:35 - 00000000 ____D () C:\Users\Gabriele
2014-02-28 15:21 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-28 13:01 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-28 13:01 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-28 12:59 - 2014-02-28 12:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300(2).exe
2014-02-28 12:52 - 2014-02-28 12:52 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-02-27 20:57 - 2014-02-27 20:57 - 00004173 _____ () C:\Users\Gabriele\Desktop\AdwCleaner[S0].txt
2014-02-27 20:46 - 2014-02-27 20:03 - 00000000 ____D () C:\AdwCleaner
2014-02-27 20:02 - 2014-02-27 20:02 - 01244192 _____ () C:\Users\Gabriele\Downloads\adwcleaner.exe
2014-02-27 10:25 - 2010-06-03 16:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\CrashDumps
2014-02-26 21:13 - 2014-02-26 21:13 - 00003415 _____ () C:\Users\Gabriele\Desktop\Gmer.txt
2014-02-26 20:57 - 2014-02-26 20:55 - 00032934 _____ () C:\Users\Gabriele\Desktop\Addition.txt
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:26 - 2013-12-22 18:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-25 19:19 - 2008-11-17 20:48 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Neues
2014-02-25 19:10 - 2011-04-19 13:40 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Sonstiges
2014-02-25 18:44 - 2014-01-17 17:05 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-24 22:14 - 2008-11-10 13:29 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-02-24 22:14 - 2008-11-10 13:29 - 00000034 _____ () C:\Windows\system32\BD2030.DAT
2014-02-23 22:32 - 2011-03-04 18:14 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-23 22:25 - 2014-02-12 10:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-23 22:25 - 2012-12-14 19:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-23 22:25 - 2008-11-21 20:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Apple Computer
2014-02-23 22:16 - 2014-02-10 14:01 - 00000000 ____D () C:\Program Files\Amazon
2014-02-23 17:27 - 2012-11-16 17:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 17:27 - 2011-08-18 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 17:20 - 2008-12-04 13:27 - 00007052 _____ () C:\Users\Gabriele\AppData\Local\d3d9caps.dat
2014-02-23 17:14 - 2013-07-07 11:54 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 14:17 - 2008-11-07 15:40 - 00000951 _____ () C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 22:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-19 22:39 - 2006-11-02 11:22 - 43778048 _____ () C:\Windows\system32\config\software_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 42467328 _____ () C:\Windows\system32\config\components_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 26738688 _____ () C:\Windows\system32\config\system_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-13 17:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-12 11:24 - 2013-08-16 19:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 11:21 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 18:29 - 2009-05-29 18:48 - 00000000 ____D () C:\ProgramData\Apple
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 14:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-10 13:20 - 2008-11-10 15:35 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Adobe
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:49 - 2014-01-30 19:04 - 00000000 ____D () C:\Program Files\PDF24
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 21:10 - 2014-02-12 09:57 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-02 21:10 - 2014-02-12 09:57 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-02 12:20 - 2014-01-17 17:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\HpUpdate
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-02-02 11:12 - 2006-11-02 13:47 - 00306232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 23:54 - 2014-02-12 09:57 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-01 23:47 - 2014-02-12 09:57 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 23:47 - 2014-02-12 09:57 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-01 23:46 - 2014-02-12 09:57 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 23:46 - 2014-02-12 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-31 16:53 - 2008-11-07 15:35 - 00074200 _____ () C:\Users\Gabriele\AppData\Local\GDIPFONTCACHEV1.DAT
Files to move or delete:
====================
C:\Users\Gabriele\AppData\Roaming\desktop.ini
C:\Users\Public\AlexaNSISPlugin.6872.dll
Some content of TEMP:
====================
C:\Users\Gabriele\AppData\Local\Temp\APNStub.exe
C:\Users\Gabriele\AppData\Local\Temp\avgnt.exe
C:\Users\Gabriele\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gabriele\AppData\Local\Temp\contentDATs.exe
C:\Users\Gabriele\AppData\Local\Temp\FileSystemView.dll
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Gabriele\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1].exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\Quarantine.exe
C:\Users\Gabriele\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Gabriele\AppData\Local\Temp\setup.exe
C:\Users\Gabriele\AppData\Local\Temp\{D39E6783-6B9A-4ADA-8DE0-83C86F0080B8}.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-02 09:27
==================== End Of Log ============================
 Viele Grüße Hasenfuß |
|
02.03.2014, 15:00
| #9 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found
C:\Users\Gabriele\AppData\Roaming\desktop.ini
C:\Users\Public\AlexaNSISPlugin.6872.dll
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
hast du noch Probleme? |
|
02.03.2014, 22:48
| #10 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, anbei die Fixlist. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-03-2014 03 Ran by Gabriele at 2014-03-02 22:41:44 Run:1 Running from C:\Users\Gabriele\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found C:\Users\Gabriele\AppData\Roaming\desktop.ini C:\Users\Public\AlexaNSISPlugin.6872.dll ***************** "C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL" => Value Data removed successfully. C:\Users\Gabriele\AppData\Roaming\desktop.ini => Moved successfully. C:\Users\Public\AlexaNSISPlugin.6872.dll => Moved successfully.http://www.trojaner-board.de/images/smilies/blabla.gif ==== End of Fixlog ==== Der Internetzugang erfolgt jetzt problemlos. Der PC ist auch nicht mehr so langsam wie vorher. Danke für die Hilfe. Grüße Hasenfuß |
|
02.03.2014, 23:46
| #11 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Ich sehe in deinen Logs nichts gefährliches mehr. Cleanup Die Reihenfolge ist hier entscheidend.
Tipps  Welches Antiviren Programm soll ich nehmen?Es gibt kein Antiviren Programm, dass alles findet. Du kannst dich nicht 100%-ig auf das Programm verlassen und musst auch selber nachdenken. Es hängt immernoch von deinem Verhalten ab. Mit dem richtigen Verhalten schützt du dich am besten davor, dass du überhaupt infiziert wirst.
Nutze immer nur ein Antiviren Programm, da mehrere sich gegenseitig blockieren und es somit mehr schadet, als es nutzt. Falls du mehr als einen installiert hast, entscheide dich für einen von denen und deinstalliere die anderen. Halte ausserdem dein Antiviren Programm auch immer Aktuell, denn durch eine veraltete Datenbank findet dein Programm auch nicht die neuen Infektionen.
Du kannst auch regelmäßig einen On-Demand Scanner laufen lassen um dir eine zweite Meinung zu holen. Ein On-Demand Scanner läuft im gegensatz zu einem normalem Antiviren Programm nicht ständig mit sondern nur wenn du ihm sagst, dass er das System scannen soll.
Für den Firefox würde ich dir empfehlen das Addon NoScript herunterzuladen. Dieses kostenlose Addon blockiert JavaScript, Java und Flash. Sie werden nur ausgeführt, wenn du es erlaubst. Ich empfehle dir auch das Addon WoT (Web of Trust) zu installieren. Es warnt dich davor eine als gefährlich bewertete Seit zu betreten. Was sollte ich vor dem Runterladen beachten?
Sonstige Tipps
Wenn du das Trojaner-Board untersützten willst, kannst du gerne Spenden. Ich wünsche dir noch eine schöne Zeit. |
|
04.03.2014, 12:37
| #12 |
| | Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam Hallo, vielen Dank für die super Hilfe und den Tipps. Ihr habt mir sehr geholfen, ich werde mich mit einer Spende erkenntlich zeigen.  Alles Gute für Euch. Grüße von Hasenfuß |
|
| Themen zu Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam |
| antivir, awesomehp, awesomehp entfernen, bonjour, branding, error, google, hängen, ip-hilfsdienst, lightning, ntdll.dll, programm, pup.optional.iepluginservice.a, pup.optional.regcleanerpro.a, pup.optional.searchprotect.a, pup.optional.wpmanager.a, security, svchost.exe, win32/webprefix.b, windows |
Linear-Darstellung
