Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 26.02.2014, 21:38   #1
Hasenfuß
 
Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam - Standard

Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam



Hallo,

bei meinem Vista-Rechner habe ich seit einigen Wochen Probleme mit dem Internetzugang gehabt. Zugang über Firefox und IE war kaum möglich. Einzig über Chrome war der Zugang teilweise möglich. Manchmal nicht einmal das. Also kein Internetzugang möglich. Internetverbindung allerdings stets aktiv. Heute habe ich einmal einen Scan mit MBAM durchgeführt. Dieser hat insgesamt 192 (!) Funde angezeigt. Bei der Bereinigung ist allerdings MBAM abgestürzt, so dass es leider kein LOG gibt, welches ich hier anhängen kann. Bei zwei weiteren Versuchen war es ähnlich. Danach bin ich allerdings wieder ins Internet gekommen. Auch mit Firefox und IE. Allerdings denke ich, dass der Rechner bestimmt noch nicht sauber ist. Zudem wird auch die Geschwindigkeit des Rechners immer langsamer.

defogger_disable

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:52 on 26/02/2014 (Gabriele)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST.txt

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by Gabriele (administrator) on GABRIELE-PC on 26-02-2014 20:54:42
Running from C:\Users\Gabriele\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
() C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(CyberLink Corp.) C:\Program Files\Dell\MediaDirect\PCMService.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dell Inc. and SightSpeed Inc.) C:\Program Files\Dell Video Chat\DellVideoChat.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
(Logitech, Inc.) C:\Users\Gabriele\Downloads\SetPoint\SetPoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ArcSoft, Inc.) C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ECenter] - C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-29] ( )
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [196608 2008-06-30] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3563520 2008-08-05] (Dell Inc.)
HKLM\...\Run: [Google Desktop Search] - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
HKLM\...\Run: [Dell Webcam Central] - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [dellsupportcenter] - C:\Program Files\Dell Support Center\bin\sprtcmd.exe [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [Adobe Photo Downloader] - C:\Program Files\Adobe\Photoshop Album Starter Edition\Nokia\3.0\Apps\apdproxy.exe [57344 2005-06-23] (Adobe Systems Incorporated)
HKLM\...\Run: [IR_SERVER] - C:\Program Files\Realtek\REALTEK DTV USB DEVICE\IR_SERVER.exe
HKLM\...\Run: [ArcSoft Connection Service] - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [DpAgent] - C:\Program Files\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [442460 2008-08-29] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [374784 2014-01-09] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [186408 2014-02-04] (Geek Software GmbH)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM\...\RunOnce: [Launcher] - C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
HKLM\...\RunOnce: [DSC3 updater] - "C:\Users\Gabriele\Downloads\aulauncher.exe" /launchrunonce [1748448 2011-04-06] (Dell Inc)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [SightSpeed] - C:\Program Files\Dell Video Chat\DellVideoChat.exe [4812664 2008-08-15] (Dell Inc. and SightSpeed Inc.)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)
HKU\S-1-5-21-3930102822-4254617081-1337054973-1000\...\Run: [MobileDocuments] - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL File Not Found
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1392665651&from=tugs&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE908JM6923M6923&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Smart Print Helper - {FD6C6509-FE36-44B0-A917-6C2A0DDBDF88} - C:\Program Files\Hewlett-Packard\Smart Print 2.6\Espresso.dll (Hewlett-Packard)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog5 08 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212
FF user.js: detected! => C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\user.js
FF DefaultSearchEngine: awesomehp
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\lightningnewtab@gmail.com [2014-02-19]
FF Extension: Extension_Protected - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-02-17]
FF Extension: Adblock Plus - C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\7vusi6x0.default-1392045681212\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\FirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\DigitalPersona\Bin\firefoxext
FF Extension: DigitalPersona Extension - C:\Program Files\DigitalPersona\Bin\firefoxext [2011-04-06]

Chrome: 
=======
CHR HomePage: hxxp://www.awesomehp.com/?type=hp&ts=1392665651&from=tugs&uid=WDCXWD3200BEVT-75ZCT2_WD-WXE908JM6923M6923
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Google-Suche) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (Google Wallet) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-06]
CHR Extension: (Google Mail) - C:\Users\Gabriele\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe [73728 2008-08-29] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1168632 2008-05-05] (AuthenTec, Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [161048 2008-05-02] (Stardock Corporation)
S2 gupdate1c9e137e18a018; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-05-30] (Google Inc.)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-26] (SupportSoft, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe [225362 2008-08-29] (IDT, Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-08-05] (Dell Inc.)
S3 GoogleDesktopManager-110309-193829; "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF9035BDA.sys [245720 2009-02-18] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-08-05] (Broadcom Corporation)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-03-14] (ITE Tech. Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-02-26] (Malwarebytes Corporation)
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 RTL2832UBDA; C:\Windows\System32\drivers\RTL2832UBDA.sys [91168 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\System32\Drivers\RTL2832UUSB.sys [32800 2009-07-06] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\System32\DRIVERS\RTL2832U_IRHID.sys [37280 2009-07-13] (Realtek)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 20:54 - 2014-02-26 20:54 - 00022821 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-26 20:54 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 19:26 - 2014-02-26 20:08 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:26 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip
2014-02-26 16:14 - 2014-02-26 16:14 - 00028882 _____ () C:\Users\Gabriele\Desktop\AVSCAN-20140226-140405-53E40ED5.LOG
2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip
2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-26 11:20 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Uniblue
2014-02-17 20:36 - 2014-02-26 20:17 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\WPM
2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-02-12 10:04 - 2014-02-23 22:25 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-12 09:57 - 2014-02-02 21:10 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 09:57 - 2014-02-02 21:10 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 09:57 - 2014-02-02 21:10 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-12 09:57 - 2014-02-01 23:54 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-12 09:57 - 2014-02-01 23:47 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 09:57 - 2014-02-01 23:47 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 09:57 - 2014-02-01 23:46 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 09:57 - 2014-02-01 23:46 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-12 09:57 - 2013-12-22 16:42 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 09:57 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:35 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe
2014-02-10 14:01 - 2014-02-23 22:16 - 00000000 ____D () C:\Program Files\Amazon
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 13:58 - 2014-02-10 17:06 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\systweak
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-04 18:13 - 2014-02-04 18:14 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher
2014-02-04 15:54 - 2014-02-11 16:03 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:23 - 2014-02-26 19:46 - 00000000 ____D () C:\Program Files\SearchProtect
2014-02-04 15:23 - 2014-02-04 15:24 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SearchProtect
2014-02-04 15:23 - 2014-02-04 15:23 - 00000000 _____ () C:\END
2014-02-04 15:22 - 2014-02-26 19:46 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\DownloadGuide
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24
2014-01-30 19:04 - 2014-02-04 15:49 - 00000000 ____D () C:\Program Files\PDF24
2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-30 19:00 - 2014-01-30 19:01 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe
2014-01-30 18:59 - 2014-01-30 19:00 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-30 18:40 - 2014-01-30 18:42 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe
2014-01-30 17:05 - 2014-01-05 16:51 - 00013673 _____ () C:\Users\Gabriele\Ebay-text.odt
2014-01-30 17:05 - 2011-06-09 13:50 - 00027136 _____ () C:\Users\Gabriele\Vertragsrücksendung.wps
2014-01-30 17:05 - 2011-03-06 20:13 - 00027648 _____ () C:\Users\Gabriele\Anschreiben_Ulrike.txt.wps

==================== One Month Modified Files and Folders =======

2014-02-26 20:54 - 2014-02-26 20:54 - 00022821 _____ () C:\Users\Gabriele\Desktop\FRST.txt
2014-02-26 20:54 - 2014-02-26 20:54 - 00000000 ____D () C:\FRST
2014-02-26 20:54 - 2012-10-26 10:18 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\FRITZ!
2014-02-26 20:52 - 2014-02-26 20:52 - 00000478 _____ () C:\Users\Gabriele\Desktop\defogger_disable.log
2014-02-26 20:52 - 2014-02-26 20:52 - 00000000 _____ () C:\Users\Gabriele\defogger_reenable
2014-02-26 20:52 - 2008-11-07 15:35 - 00000000 ____D () C:\Users\Gabriele
2014-02-26 20:50 - 2014-02-26 20:50 - 00380416 _____ () C:\Users\Gabriele\Desktop\Gmer-19357.exe
2014-02-26 20:49 - 2014-02-26 20:49 - 01143808 _____ (Farbar) C:\Users\Gabriele\Desktop\FRST.exe
2014-02-26 20:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-26 20:48 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 20:47 - 2014-02-26 20:47 - 00050477 _____ () C:\Users\Gabriele\Desktop\Defogger.exe
2014-02-26 20:26 - 2014-02-26 20:26 - 00000848 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-02-26 20:26 - 2014-02-26 20:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-26 20:26 - 2013-12-22 18:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-26 20:26 - 2008-11-05 08:28 - 01083212 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 20:25 - 2014-02-26 20:25 - 00283256 _____ (Mozilla) C:\Users\Gabriele\Downloads\FirefoxSetupStub27.0.1.exe
2014-02-26 20:23 - 2012-11-16 17:04 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 20:21 - 2011-04-06 18:53 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SoftThinks
2014-02-26 20:20 - 2009-07-01 20:39 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 20:20 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-26 20:17 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\IePluginService
2014-02-26 20:08 - 2014-02-26 19:26 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-02-26 20:06 - 2006-11-02 14:01 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-26 20:00 - 2009-07-01 20:39 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 19:46 - 2014-02-04 15:23 - 00000000 ____D () C:\Program Files\SearchProtect
2014-02-26 19:46 - 2014-02-04 15:22 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\DownloadGuide
2014-02-26 19:26 - 2014-02-26 19:26 - 00000908 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-26 19:26 - 2014-02-26 19:26 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-26 19:24 - 2014-02-26 19:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Gabriele\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-26 17:35 - 2014-02-26 17:35 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (3).zip
2014-02-26 16:14 - 2014-02-26 16:14 - 00028882 _____ () C:\Users\Gabriele\Desktop\AVSCAN-20140226-140405-53E40ED5.LOG
2014-02-26 11:21 - 2014-02-26 11:21 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (2).zip
2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder.zip
2014-02-26 11:21 - 2014-02-26 11:20 - 06933767 _____ () C:\Users\Gabriele\Downloads\Bewerbungsbilder (1).zip
2014-02-25 19:25 - 2008-01-21 08:16 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-25 19:23 - 2008-11-08 15:23 - 00032530 _____ () C:\Users\Gabriele\AppData\Roaming\wklnhst.dat
2014-02-25 19:19 - 2008-11-17 20:48 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Neues
2014-02-25 19:10 - 2011-04-19 13:40 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Sonstiges
2014-02-25 19:08 - 2011-04-06 18:50 - 00000000 ____D () C:\Program Files\Dell DataSafe Local Backup
2014-02-25 18:44 - 2014-01-17 17:05 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-02-24 22:23 - 2014-02-24 22:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Dell
2014-02-24 22:14 - 2008-11-10 13:29 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-02-24 22:14 - 2008-11-10 13:29 - 00000034 _____ () C:\Windows\system32\BD2030.DAT
2014-02-24 13:31 - 2010-06-03 16:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\CrashDumps
2014-02-24 12:54 - 2008-01-21 03:47 - 00713982 _____ () C:\Windows\PFRO.log
2014-02-23 22:32 - 2011-03-04 18:14 - 00000000 ____D () C:\ProgramData\EPSON
2014-02-23 22:25 - 2014-02-12 10:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Nico Mak Computing
2014-02-23 22:25 - 2012-12-14 19:43 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-02-23 22:25 - 2008-11-21 20:14 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Apple Computer
2014-02-23 22:16 - 2014-02-10 14:01 - 00000000 ____D () C:\Program Files\Amazon
2014-02-23 17:27 - 2012-11-16 17:04 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-23 17:27 - 2011-08-18 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-23 17:20 - 2008-12-04 13:27 - 00007052 _____ () C:\Users\Gabriele\AppData\Local\d3d9caps.dat
2014-02-23 17:14 - 2013-07-07 11:54 - 00001965 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-23 14:17 - 2008-11-07 15:40 - 00000951 _____ () C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-19 22:39 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-02-19 22:39 - 2006-11-02 11:22 - 43778048 _____ () C:\Windows\system32\config\software_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 42467328 _____ () C:\Windows\system32\config\components_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 26738688 _____ () C:\Windows\system32\config\system_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-02-19 22:39 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-02-19 22:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-02-17 20:37 - 2014-02-17 20:37 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\Uniblue
2014-02-17 20:36 - 2014-02-17 20:36 - 00000000 ____D () C:\ProgramData\WPM
2014-02-13 17:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 10:59 - 2014-02-13 10:59 - 00000000 ____D () C:\Windows\system32\SearchProtect
2014-02-12 11:24 - 2013-08-16 19:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 11:21 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-11 16:03 - 2014-02-04 15:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\FERTIGE BEWERBUNG
2014-02-10 18:36 - 2014-02-10 18:36 - 00001666 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-10 18:36 - 2014-02-10 18:36 - 00000000 ____D () C:\Program Files\iPod
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-02-10 18:36 - 2014-02-10 18:35 - 00000000 ____D () C:\Program Files\iTunes
2014-02-10 18:29 - 2009-05-29 18:48 - 00000000 ____D () C:\ProgramData\Apple
2014-02-10 17:06 - 2014-02-10 13:58 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\systweak
2014-02-10 16:22 - 2014-02-10 16:22 - 00283120 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox Setup Stub 27.0.exe
2014-02-10 14:00 - 2014-02-10 14:00 - 00129536 _____ () C:\Users\Public\AlexaNSISPlugin.6872.dll
2014-02-10 14:00 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-10 13:58 - 2014-02-10 13:58 - 22240760 _____ (Mozilla) C:\Users\Gabriele\Downloads\Firefox.exe
2014-02-10 13:20 - 2008-11-10 15:35 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\Adobe
2014-02-04 18:14 - 2014-02-04 18:13 - 00000000 ____D () C:\Users\Gabriele\Desktop\Handbücher
2014-02-04 15:49 - 2014-02-04 15:49 - 00001660 _____ () C:\Users\Public\Desktop\PDF24 Creator.lnk
2014-02-04 15:49 - 2014-01-30 19:04 - 00000000 ____D () C:\Program Files\PDF24
2014-02-04 15:48 - 2014-02-04 15:48 - 16217288 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.3.0.exe
2014-02-04 15:38 - 2014-02-04 15:38 - 00773664 _____ (NCH Software) C:\Users\Gabriele\Downloads\doxpsetup.exe
2014-02-04 15:24 - 2014-02-04 15:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\SearchProtect
2014-02-04 15:23 - 2014-02-04 15:23 - 00000000 _____ () C:\END
2014-02-04 15:21 - 2014-02-04 15:21 - 00687456 _____ () C:\Users\Gabriele\Downloads\PDFCompressor-Downloader.exe
2014-02-04 15:12 - 2014-02-04 15:12 - 01376768 _____ () C:\Users\Gabriele\Downloads\7z920-x64.msi
2014-02-02 21:10 - 2014-02-12 09:57 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 06019584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-02 21:10 - 2014-02-12 09:57 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-02 21:10 - 2014-02-12 09:57 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-02-02 12:20 - 2014-01-17 17:04 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\HpUpdate
2014-02-02 11:23 - 2014-02-02 11:23 - 00000000 ____D () C:\Users\Gabriele\AppData\Roaming\OpenOffice
2014-02-02 11:12 - 2006-11-02 13:47 - 00306232 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-02-01 23:54 - 2014-02-12 09:57 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-01 23:47 - 2014-02-12 09:57 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 23:47 - 2014-02-12 09:57 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-01 23:46 - 2014-02-12 09:57 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 23:46 - 2014-02-12 09:57 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-31 16:53 - 2008-11-07 15:35 - 00074200 _____ () C:\Users\Gabriele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-30 19:05 - 2014-01-30 19:05 - 00000000 ____D () C:\Users\Gabriele\AppData\Local\PDF24
2014-01-30 19:01 - 2014-01-30 19:01 - 00000981 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-01-30 19:01 - 2014-01-30 19:00 - 16189768 _____ (Geek Software GmbH ) C:\Users\Gabriele\Downloads\pdf24-creator-6.2.0(1).exe
2014-01-30 19:00 - 2014-01-30 18:59 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-01-30 18:59 - 2011-04-06 18:01 - 00000000 ____D () C:\Program Files\OpenOffice.org 3
2014-01-30 18:54 - 2014-01-30 18:54 - 00000000 ____D () C:\Users\Gabriele\Desktop\OpenOffice 4.0.1 (de) Installation Files
2014-01-30 18:42 - 2014-01-30 18:40 - 163606685 _____ () C:\Users\Gabriele\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de(1).exe
2014-01-28 18:28 - 2011-03-13 12:12 - 00000000 ____D () C:\Users\Gabriele\Pictures\Documents\Spiritualität

Files to move or delete:
====================
C:\Users\Gabriele\AppData\Roaming\desktop.ini
C:\Users\Public\AlexaNSISPlugin.6872.dll


Some content of TEMP:
====================
C:\Users\Gabriele\AppData\Local\Temp\APNStub.exe
C:\Users\Gabriele\AppData\Local\Temp\avgnt.exe
C:\Users\Gabriele\AppData\Local\Temp\BackupSetup.exe
C:\Users\Gabriele\AppData\Local\Temp\contentDATs.exe
C:\Users\Gabriele\AppData\Local\Temp\FileSystemView.dll
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate02.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate03.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate04.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate05.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate06.exe
C:\Users\Gabriele\AppData\Local\Temp\FlashPlayerUpdate07.exe
C:\Users\Gabriele\AppData\Local\Temp\install_flashplayer11x32ax_gtba_chra_dy_aih[1].exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u25-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u10-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Gabriele\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Gabriele\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Gabriele\AppData\Local\Temp\setup.exe
C:\Users\Gabriele\AppData\Local\Temp\{D39E6783-6B9A-4ADA-8DE0-83C86F0080B8}.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 20:26

==================== End Of Log ============================
         
Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-02-2014 01
Ran by Gabriele at 2014-02-26 20:55:13
Running from C:\Users\Gabriele\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe® Photoshop® Album Starter Edition 3.0 (HKLM\...\{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}) (Version: 3.00.000 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.260 - ArcSoft)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0407.2138 - )
AuthenTec Fingerprint System (HKLM\...\{140BF0D0-E848-405C-9A01-D3256B918B6D}) (Version: 8.0.26.22 - AuthenTec, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
AVM FRITZ!Box Dokumentation (HKLM\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
AVM FRITZ!DSL (HKLM\...\{2457326B-C110-40C3-89B0-889CC913871A}) (Version: 2.04.02 - AVM Berlin)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2030 (HKLM\...\{671FE013-B628-4624-B5EF-1B4E9F35423C}) (Version: 1.00 - Brother)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0407.2139.36897 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0407.2139.36897 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Danish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Dutch (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help English (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Finnish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help French (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help German (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Italian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Japanese (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Korean (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Russian (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Spanish (Version: 2008.0407.2138.36897 - ATI) Hidden
CCC Help Swedish (Version: 2008.0407.2138.36897 - ATI) Hidden
ccc-core-static (Version: 2008.0407.2139.36897 - ATI) Hidden
ccc-utility (Version: 2008.0407.2139.36897 - ATI) Hidden
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dell DataSafe Local Backup - Support Software (HKLM\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)
Dell DataSafe Local Backup (HKLM\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Handbuch zum Einstieg (HKLM\...\{FD023F61-65E9-465C-B558-7C64EB2B97E6}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.104 - Alps Electric)
Dell Video Chat (remove only) (HKLM\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version:  - )
Dell-eBay (HKLM\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.13 - Dell Inc.)
DigitalPersona Personal 4.01 (HKLM\...\{3D8AE086-030F-4EF4-B705-63F8130B043E}) (Version: 4.02.3769 - DigitalPersona, Inc.)
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version:  - )
FreePDF (Remove only) (HKLM\...\FreePDF_XP) (Version:  - )
Garmin City Navigator Europe (Unicode) NT 2012.30 Update (HKLM\...\{402754E1-22AD-42D9-86C5-B0AC52C7D70D}) (Version: 15.30.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: - - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{DB1F11B1-A35C-45C1-904C-68A6D1481D80}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
HP Deskjet 2540 series Hilfe (HKLM\...\{B3E5B153-CC4B-40F2-9802-288B0AF2A966}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Smart Print 2.6 (HKLM\...\{602847AC-F50C-41B0-B080-EC190B195FAF}) (Version: 2.6.0.238 - Hewlett-Packard)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Integrated Webcam Driver (1.06.03.0309)   (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
Intel(R) Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
ITECIR Driver (Version: 1.00.000 - ITE) Hidden
iTunes (HKLM\...\{C4780F70-8F21-4F0C-95FE-32FF3E2F9247}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
Live! Cam Avatar Creator (HKLM\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.1419.1 - Creative Technology Ltd)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF24 Creator 6.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.0.12 - Dell Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
REALTEK DTV USB DEVICE (HKLM\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: 1.90 - Ghostgum Software Pty Ltd)
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SA32xx Device Manager (HKLM\...\{7CDC26F7-D6BF-442A-B599-0075A48310F7}) (Version: 01.01.00.1022 - Philips)
SA32xx Media Converter (HKLM\...\{D57ACD92-6A27-43BB-B3AE-894930940D41}) (Version: 1.0.6.1013 - Philips)
SA32xx Media Converter (Version: 1.0.6.1013 - Philips) Hidden
Skins (Version: 2008.0407.2139.36897 - ATI) Hidden
Studie zur Verbesserung von HP Deskjet 2540 series (HKLM\...\{A8F97B7C-7D31-4D52-B7DD-BF3C20DFE5F9}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
SupTab (HKLM\...\SupTab) (Version: 1.1.1.0 - ) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

==================== Restore Points  =========================

13-01-2014 17:31:15 Geplanter Prüfpunkt
17-01-2014 15:59:21 Gerätetreiber-Paketinstallation: HP Drucker
17-01-2014 15:59:28 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
17-01-2014 16:01:02 Gerätetreiber-Paketinstallation: Hewlett-Packard Bildverarbeitungsgeräte
17-01-2014 16:02:53 Gerätetreiber-Paketinstallation: Hewlett-Packard USB-Controller
17-01-2014 19:08:19 Installed Java 7 Update 51
18-01-2014 09:16:59 Windows Update
19-01-2014 11:59:22 Geplanter Prüfpunkt
21-01-2014 17:10:44 Installed PDF Split And Merge Basic
30-01-2014 06:04:45 Windows Update
30-01-2014 17:55:29 OpenOffice 4.0.1 wird installiert
31-01-2014 08:20:01 Geplanter Prüfpunkt
03-02-2014 18:37:40 Geplanter Prüfpunkt
04-02-2014 13:41:09 Geplanter Prüfpunkt
12-02-2014 10:16:14 Windows Update
17-02-2014 19:36:13 Uniblue SpeedUpMyPC installation
19-02-2014 21:35:07 Wiederherstellungsvorgang
20-02-2014 18:15:55 Windows Update
23-02-2014 21:02:03 Removed Ask Toolbar.
23-02-2014 21:37:33 Windows Update
25-02-2014 17:43:41 Installed HP Smart Print 2.6

==================== Hosts content: ==========================

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2C114D4C-2842-47DB-AB5A-A1FE75B98C18} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3855BA1A-918D-423C-80DF-4D0829E58744} - System32\Tasks\HP AR Program Upload - 13dbbf79990d408bb0e6d5332c5cf5f455671535982341cbb5f496956aafcb96 => C:\Program Files\HP\HP Deskjet 2540 series\bin\HPRewards.exe [2013-02-08] (TODO: <Company name>)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3E9BB38D-A227-4E12-A466-C50EDFAC788B} - System32\Tasks\RegClean Pro => C:\Program Files\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {59BE70FD-4732-4A83-BF8B-0558099C9FFD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Gabriele => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {5CD57C23-1E5F-40A3-BF10-A7086825B64A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)
Task: {7A935A20-97AB-4373-ADB0-C22A5F21CDE9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {DE3478E4-EFEF-444B-AC83-152C0F273667} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F56DFD22-4840-45F1-8963-EE5FC754210C} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-02-08] (Hewlett-Packard Co.)
Task: {FA21E3B3-DF6C-4807-9459-CF1487BA7117} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-30] (Google Inc.)
Task: {FC335229-B4D4-4F24-8E91-7C1FAD265B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-05-30] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-11-05 07:47 - 2008-08-05 13:17 - 00024064 _____ () C:\Windows\System32\WLTRYSVC.EXE
2008-11-05 07:47 - 2008-08-05 13:16 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2008-02-04 13:29 - 2008-02-04 13:29 - 00688128 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-11-05 16:21 - 2008-05-04 09:42 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-12-17 10:10 - 2012-09-19 18:17 - 00397088 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-06 18:50 - 2011-01-13 19:39 - 00783680 _____ () C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2011-04-06 18:50 - 2011-01-13 19:37 - 00128320 _____ () C:\Program Files\Dell DataSafe Local Backup\STLog.dll
2011-04-06 18:50 - 2011-01-13 19:36 - 01123648 _____ () C:\Program Files\Dell DataSafe Local Backup\LibXml2.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00079168 _____ () C:\Program Files\Dell DataSafe Local Backup\zlib1.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00234816 _____ () C:\Program Files\Dell DataSafe Local Backup\STFiles.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00075072 _____ () C:\Program Files\Dell DataSafe Local Backup\STRegistry.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00111936 _____ () C:\Program Files\Dell DataSafe Local Backup\STPE.dll
2011-04-06 18:50 - 2011-01-13 19:37 - 00121152 _____ () C:\Program Files\Dell DataSafe Local Backup\STNLS.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 01657168 _____ () C:\Program Files\Dell Video Chat\QtCore4.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 06510416 _____ () C:\Program Files\Dell Video Chat\QtGui4.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 00026960 _____ () C:\Program Files\Dell Video Chat\SDL.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 00366928 _____ () C:\Program Files\Dell Video Chat\QtNetwork4.dll
2008-08-15 22:00 - 2008-08-15 22:00 - 00396112 _____ () C:\Program Files\Dell Video Chat\QtOpenGL4.dll
2009-11-02 19:57 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-09-19 18:38 - 2009-04-11 07:28 - 00368640 _____ () C:\Windows\system32\msjetoledb40.dll
2009-11-02 19:57 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2009-11-02 19:57 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2014-02-26 20:26 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/26/2014 08:21:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 08:09:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 08:08:01 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/26/2014 08:06:12 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/26/2014 08:05:31 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1694
Anfangszeit: 01cf33238c4c8915
Zeitpunkt der Beendigung: 12

Error: (02/26/2014 07:49:39 PM) (Source: Application Hang) (User: )
Description: Programm mbam.exe, Version 1.75.0.1 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 11fc
Anfangszeit: 01cf33205068fda5
Zeitpunkt der Beendigung: 49

Error: (02/26/2014 07:00:03 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 05:39:32 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/26/2014 05:27:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 05:06:22 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: AFD
avipbb
avkmgr
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
ssmdrv
Tcpip
tdx
Wanarpv6
ws2ifsl

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NetzwerklistendienstNLA (Network Location Awareness)%%1068

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: TCP/IP Registry CompatibilityTCP/IP-Protokolltreiber%%31

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: NLA (Network Location Awareness)TCP/IP-Protokolltreiber%%31

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: IP-HilfsdienstNetzwerkspeicher-Schnittstellendienst%%1068

Error: (02/26/2014 08:09:10 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bonjour"TCP/IP-Protokolltreiber%%31


Microsoft Office Sessions:
=========================
Error: (02/26/2014 08:21:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 08:09:10 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 08:08:01 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (02/26/2014 08:06:12 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/26/2014 08:05:31 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.1169401cf33238c4c891512

Error: (02/26/2014 07:49:39 PM) (Source: Application Hang)(User: )
Description: mbam.exe1.75.0.111fc01cf33205068fda549

Error: (02/26/2014 07:00:03 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 05:39:32 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (02/26/2014 05:27:01 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/26/2014 05:06:22 PM) (Source: EventSystem)(User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


CodeIntegrity Errors:
===================================
  Date: 2010-11-01 10:14:19.702
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:19.560
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:19.415
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:19.216
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:06.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:06.271
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:06.130
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-11-01 10:14:05.960
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\System32\drivers\SYMEVENT.SYS" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-10-08 17:59:50.724
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2010-10-08 17:59:50.601
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 3069.24 MB
Available physical RAM: 1630.52 MB
Total Pagefile: 6358.76 MB
Available Pagefile: 4677.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:287.92 GB) (Free:172.57 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 08000000)
Partition 1: (Not Active) - (Size=173 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gmer.txt

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-26 21:13:15
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Gabriele\AppData\Local\Temp\pwlyrkob.sys


---- System - GMER 2.1 ----

SSDT            8CEB199E                                                                                ZwCreateSection
SSDT            8CEB19A8                                                                                ZwRequestWaitReplyPort
SSDT            8CEB19A3                                                                                ZwSetContextThread
SSDT            8CEB19AD                                                                                ZwSetSecurityObject
SSDT            8CEB19B2                                                                                ZwSystemDebugControl
SSDT            8CEB193F                                                                                ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                           826E4860 4 Bytes  [9E, 19, EB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                           826E4B84 4 Bytes  [A8, 19, EB, 8C] {TEST AL, 0x19; JMP 0xffffff90}
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                           826E4BB8 4 Bytes  [A3, 19, EB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                           826E4C1C 4 Bytes  [AD, 19, EB, 8C]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                           826E4C64 4 Bytes  [B2, 19, EB, 8C] {MOV DL, 0x19; JMP 0xffffff90}
.text           ...                                                                                     
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                section is writeable [0x8E00D000, 0x1FB0FA, 0xE8000020]

---- User code sections - GMER 2.1 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[176] ntdll.dll!LdrLoadDll                  77589378 5 Bytes  JMP 748C1FFD C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!HeapSetInformation + 26  7600A8B0 7 Bytes  JMP 5C095A06 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!LockResource + C         76026ACB 7 Bytes  JMP 5C48049D C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[176] kernel32.dll!VirtualAllocEx + 54      7602AF50 7 Bytes  JMP 5C480455 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[176] GDI32.dll!SetStretchBltMode + 256     76F3745C 2 Bytes  JMP 5C4804C4 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[176] GDI32.dll!SetStretchBltMode + 259     76F3745F 4 Bytes  [54, E5, EB, F9] {PUSH ESP; IN EAX, 0xeb; STC }

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                fltmgr.sys

---- EOF - GMER 2.1 ----
         
Vielen Dank schon einmal für eure Mühe.

Gruß
Hasenfuß

 

Themen zu Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam
antivir, awesomehp, awesomehp entfernen, bonjour, branding, error, google, hängen, ip-hilfsdienst, lightning, ntdll.dll, programm, pup.optional.iepluginservice.a, pup.optional.regcleanerpro.a, pup.optional.searchprotect.a, pup.optional.wpmanager.a, security, svchost.exe, win32/webprefix.b, windows




Ähnliche Themen: Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam


  1. Super langsamer Win8-PC durch lauter Adware etc... ~400 MBAM-Funde!
    Log-Analyse und Auswertung - 04.03.2016 (23)
  2. Viele Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 12.11.2015 (10)
  3. Firefox durch Werbung unbrauchbar, viele Internet Explorer Prozesse
    Plagegeister aller Art und deren Bekämpfung - 23.04.2015 (19)
  4. Viele Funde via MBAM Windows 8, kein log file gespeichert?
    Log-Analyse und Auswertung - 12.11.2014 (7)
  5. Laptop langsam, mbam zeigt Funde-log bleibt leer?
    Log-Analyse und Auswertung - 08.09.2014 (14)
  6. Windows 7: 30 Funde mbam, 2 Funde avira
    Log-Analyse und Auswertung - 30.08.2014 (12)
  7. Vista - viele iexplore.exe-Prozesse, Rechner wird langsam
    Log-Analyse und Auswertung - 27.08.2014 (26)
  8. Windows 7 auf einmal langsam, Festplatte umformatiert, viele Malwarebytes Funde
    Log-Analyse und Auswertung - 11.08.2014 (9)
  9. Hohe CPU-Auslastung, Rechner langsam, viele Prozesse (u.a. svchost.exe): Win Vista, Service Pack 2
    Log-Analyse und Auswertung - 28.04.2014 (13)
  10. ASUS UL50AG, langsam, mbam Funde, IE11 wird nun nicht upgedated
    Plagegeister aller Art und deren Bekämpfung - 18.04.2014 (7)
  11. Windows 7: Wiederholte Funde bösartiger Software durch MBAM
    Log-Analyse und Auswertung - 09.02.2014 (7)
  12. Windows 8.1: evtl. BKA-Virus und Funde durch MBAM
    Log-Analyse und Auswertung - 20.12.2013 (13)
  13. Windows 7, PC langsam und diverse Funde durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 07.12.2013 (27)
  14. Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg
    Log-Analyse und Auswertung - 24.10.2013 (9)
  15. MBAM findet ct3297265\ism.exe (PUP.Optional.Conduit.A), Antivir nicht, Windows Vista, Computer scheint phasenweise sehr langsam
    Log-Analyse und Auswertung - 03.10.2013 (9)
  16. Laptop plötzlich total langsam..Funde durch adwCleaner
    Plagegeister aller Art und deren Bekämpfung - 27.07.2013 (9)
  17. [doppelt] Sound Total Verzerrt, MBAM 25 Funde, Pc total Langsam
    Mülltonne - 02.01.2012 (0)

Zum Thema Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam - Hallo, bei meinem Vista-Rechner habe ich seit einigen Wochen Probleme mit dem Internetzugang gehabt. Zugang über Firefox und IE war kaum möglich. Einzig über Chrome war der Zugang teilweise möglich. - Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam...
Archiv
Du betrachtest: Vista: Viele Funde durch MBAM, Zugangsprobleme Internet, PC langsam auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.