Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich

emmestee · 11.03.2014, 10:18

Guten Morgen!

Kurz um: ich habe mir einen Interpoltrojaner eingefangen. Bisher war ich bei der Entfernung von solchen Trojanern (GVU...) immer mit Kaspersky Rescue Disc 10 erfolgreich, diesmal nicht. Bin im Forum auf das Programm FRST64. exe gestoßen und habe das schon mal nach SCHRAUBERS Anleitung laufen lassen.
Hier ist die FRST.txt dazu:
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by SYSTEM on MININT-RQ41VB2 on 11-03-2014 09:52:59
Running from F:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.



==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3942728 2011-01-12] (O&O Software GmbH)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NWEReboot] - [X]
HKU\Default\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\strassburgererfurth\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\strassburgererfurth\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\UpdatusUser\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj7mqv.lnk
ShortcutTarget: ebj7mqv.lnk -> C:\ProgramData\vqm7jbe.cpp ()

==================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3049800 2011-01-12] (O&O Software GmbH)
S2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
S2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
S2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
S2 Winmgmt; C:\ProgramData\ebj7mqv.zvv [333044 2014-03-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-13] (DT Soft Ltd)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-13] (Duplex Secure Ltd.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
S0 KL1; 
S4 SR; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 09:52 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-10 09:37 - 2014-03-11 09:46 - 95027928 ____T () C:\ProgramData\ebj7mqv.fee
2014-03-10 09:37 - 2014-03-10 09:37 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\ebj7mqv.zvv
2014-03-10 09:37 - 2014-03-10 09:37 - 00227840 _____ () C:\ProgramData\vqm7jbe.cpp
2014-03-09 15:44 - 2014-03-09 15:46 - 95027928 ____T () C:\ProgramData\3olwl1bn.fee
2014-03-09 15:44 - 2014-03-09 15:44 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\3olwl1bn.zvv
2014-03-04 12:24 - 2014-03-11 09:45 - 00001400 _____ () C:\Windows\setupact.log
2014-03-04 12:24 - 2014-03-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:20 - 2012-01-20 09:01 - 00000000 ____D () C:\Users\strassburgererfurth\Downloads\Firmware-Updater Software
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:10 - 2014-02-26 13:11 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:01 - 2014-02-26 13:04 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:35 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-02-24 12:35 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-02-24 12:35 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:33 - 2014-02-24 12:34 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 12:32 - 2014-02-24 12:33 - 00535072 _____ () C:\Users\strassburgererfurth\Downloads\smac setup.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-24 07:22 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-24 07:22 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-24 07:22 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-24 07:22 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-24 07:22 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-24 07:22 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-24 07:22 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-24 07:22 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-24 07:22 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-24 07:22 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-24 07:22 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-24 07:22 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-24 07:22 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-24 07:22 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-24 07:22 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-24 07:22 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-24 07:22 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-24 07:22 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-24 07:22 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-24 07:22 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-02-24 07:22 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 07:22 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-24 07:22 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-24 07:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-24 07:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-24 07:21 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-24 07:21 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-24 07:21 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-24 07:21 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-24 07:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-24 07:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 07:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-24 07:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 14:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2014-02-17 14:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-17 14:27 - 2014-02-17 14:38 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:23 - 2014-02-17 14:29 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

==================== One Month Modified Files and Folders =======

2014-03-11 10:42 - 2013-10-23 15:58 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-11 09:52 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-11 09:46 - 2014-03-10 09:37 - 95027928 ____T () C:\ProgramData\ebj7mqv.fee
2014-03-11 09:45 - 2014-03-04 12:24 - 00001400 _____ () C:\Windows\setupact.log
2014-03-11 09:45 - 2013-11-15 10:39 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 09:45 - 2013-04-10 11:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 09:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-10 17:39 - 2013-04-15 08:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 17:34 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-10 17:34 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-10 17:32 - 2013-11-15 10:39 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 17:27 - 2013-04-10 13:39 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\CrashDumps
2014-03-10 09:39 - 2013-04-10 11:41 - 01387111 _____ () C:\Windows\WindowsUpdate.log
2014-03-10 09:37 - 2014-03-10 09:37 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\ebj7mqv.zvv
2014-03-10 09:37 - 2014-03-10 09:37 - 00227840 _____ () C:\ProgramData\vqm7jbe.cpp
2014-03-09 15:57 - 2013-04-13 16:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-03-09 15:52 - 2013-04-10 12:00 - 00000000 ____D () C:\users\strassburgererfurth
2014-03-09 15:51 - 2013-04-10 13:24 - 00000000 ____D () C:\ProgramData\Protexis
2014-03-09 15:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-09 15:46 - 2014-03-09 15:44 - 95027928 ____T () C:\ProgramData\3olwl1bn.fee
2014-03-09 15:44 - 2014-03-09 15:44 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\3olwl1bn.zvv
2014-03-04 12:24 - 2014-03-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 11:24 - 2013-04-10 13:17 - 00000000 ___RD () C:\Users\strassburgererfurth\Desktop\Micha SPIELE
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:17 - 2010-11-21 07:50 - 03845120 _____ () C:\Windows\System32\perfh007.dat
2014-03-04 11:17 - 2010-11-21 07:50 - 01127774 _____ () C:\Windows\System32\perfc007.dat
2014-03-04 11:17 - 2009-07-14 06:13 - 00006248 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-03-04 09:10 - 2013-04-13 15:13 - 00079529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-03-04 09:01 - 2013-06-13 07:04 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\Kobo
2014-03-04 09:01 - 2013-06-13 07:02 - 00000000 ____D () C:\Windows\tmp
2014-03-04 08:57 - 2013-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:11 - 2014-02-26 13:10 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:04 - 2014-02-26 13:01 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 17:00 - 2013-05-12 14:30 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Musik Videobearbeitung
2014-02-24 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-24 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:34 - 2014-02-24 12:33 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 12:33 - 2014-02-24 12:32 - 00535072 _____ () C:\Users\strassburgererfurth\Downloads\smac setup.exe
2014-02-24 07:32 - 2013-07-11 06:09 - 00000000 ____D () C:\Windows\System32\MRT
2014-02-24 07:30 - 2013-04-13 15:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-21 22:39 - 2013-09-13 14:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 22:39 - 2013-04-15 08:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 22:39 - 2013-04-15 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2013-06-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 15:43 - 2013-04-20 14:07 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-17 14:38 - 2014-02-17 14:27 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:38 - 2013-10-03 14:11 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Fotobearbeitung
2014-02-17 14:34 - 2013-04-10 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 14:29 - 2014-02-17 14:23 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-16 10:27 - 2013-11-15 10:39 - 00004132 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 10:27 - 2013-11-15 10:39 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

Files to move or delete:
====================
C:\ProgramData\3olwl1bn.fee
C:\ProgramData\3olwl1bn.zvv
C:\ProgramData\ebj7mqv.fee
C:\ProgramData\ebj7mqv.zvv


Some content of TEMP:
====================
C:\Users\strassburgererfurth\AppData\Local\Temp\0976.dll
C:\Users\strassburgererfurth\AppData\Local\Temp\avgnt.exe
C:\Users\strassburgererfurth\AppData\Local\Temp\drm_dyndata_7330014.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2014-03-04 12:59:47
Restore point made on: 2014-03-04 13:52:04
Restore point made on: 2014-03-04 14:33:36
Restore point made on: 2014-03-10 09:23:13

==================== Memory info =========================== 

Percentage of memory in use: 9%
Total physical RAM: 8191.3 MB
Available physical RAM: 7382.73 MB
Total Pagefile: 8189.5 MB
Available Pagefile: 7369.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (Win7 System) (Fixed) (Total:146.48 GB) (Free:65.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (XP System) (Fixed) (Total:73.24 GB) (Free:26.03 GB) NTFS
Drive f: (ÖFFNER) (Removable) (Total:7.52 GB) (Free:2.28 GB) FAT32
Drive g: (CHRISTIN) (Fixed) (Total:170.89 GB) (Free:138.98 GB) NTFS
Drive h: (MICHA) (Fixed) (Total:170.9 GB) (Free:112.92 GB) NTFS
Drive i: (EXTRAS) (Fixed) (Total:50.72 GB) (Free:43.51 GB) NTFS
Drive j: (Programme) (Fixed) (Total:86.4 GB) (Free:70.09 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Volume) (Fixed) (Total:149.05 GB) (Free:22.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CFA2CFA2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 89D789D7)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=393 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 24893053)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=86 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 8 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.


LastRegBack: 2014-03-04 12:52

==================== End Of Log ============================

--- --- ---

Wäre nett, wenn mir jemand die FIX.txt dazu basteln könnte, ich glaube, dann sollte das Problem fürs erste behoben sein!

danke, Micha

schrauber · 11.03.2014, 10:45

hi,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Startup: C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj7mqv.lnk
ShortcutTarget: ebj7mqv.lnk -> C:\ProgramData\vqm7jbe.cpp ()
S2 Winmgmt; C:\ProgramData\ebj7mqv.zvv [333044 2014-03-10] (Microsoft Corporation)
2014-03-10 09:37 - 2014-03-11 09:46 - 95027928 ____T () C:\ProgramData\ebj7mqv.fee
2014-03-10 09:37 - 2014-03-10 09:37 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\ebj7mqv.zvv
2014-03-10 09:37 - 2014-03-10 09:37 - 00227840 _____ () C:\ProgramData\vqm7jbe.cpp
2014-03-09 15:44 - 2014-03-09 15:46 - 95027928 ____T () C:\ProgramData\3olwl1bn.fee
2014-03-09 15:44 - 2014-03-09 15:44 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\3olwl1bn.zvv

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Entfernen Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Rechner normal starten.

emmestee · 11.03.2014, 11:13

Hallo schrauber,
hier der fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2014
Ran by SYSTEM at 2014-03-11 11:02:52 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Startup: C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj7mqv.lnk
ShortcutTarget: ebj7mqv.lnk -> C:\ProgramData\vqm7jbe.cpp ()
S2 Winmgmt; C:\ProgramData\ebj7mqv.zvv [333044 2014-03-10] (Microsoft Corporation)
2014-03-10 09:37 - 2014-03-11 09:46 - 95027928 ____T () C:\ProgramData\ebj7mqv.fee
2014-03-10 09:37 - 2014-03-10 09:37 - 00333044 ____T (Microsoft Corporation) C:\ProgramData\ebj7mqv.zvv
2014-03-10 09:37 - 2014-03-10 09:37 - 00227840 _____ () C:\ProgramData\vqm7jbe.cpp
2014-03-09 15:44 - 2014-03-09 15:46 - 95027928 ____T () C:\ProgramData\3olwl1bn.fee
2014-03-09 15:44 - 2014-03-09 15:44 - 00332540 ____T (Microsoft Corporation) C:\ProgramData\3olwl1bn.zvv
*****************

C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ebj7mqv.lnk => Moved successfully.
C:\ProgramData\vqm7jbe.cpp => Moved successfully.
Winmgmt => Service restored successfully.
C:\ProgramData\ebj7mqv.fee => Moved successfully.
C:\ProgramData\ebj7mqv.zvv => Moved successfully.
"C:\ProgramData\vqm7jbe.cpp" => File/Directory not found.
C:\ProgramData\3olwl1bn.fee => Moved successfully.
C:\ProgramData\3olwl1bn.zvv => Moved successfully.

==== End of Fixlog ====

Danke dir schonmal im vorraus!

hab schonmal weiter gemacht: rechner startet normal, frst64 auf Desktop kopiert, ist gerade fertig mit scan,
hier die frst. text:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by strassburgererfurth (administrator) on STRASSBURGERERF on 11-03-2014 11:07:47
Running from C:\Users\strassburgererfurth\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3942728 2011-01-12] (O&O Software GmbH)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NWEReboot] - [X]
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\MountPoints2: {7ed67334-72cc-11e3-ba58-00252263ac94} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\MountPoints2: {b87769ab-92f8-11e3-a5e0-00252263ac94} - K:\LaunchU3.exe -a

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8000EFB5E535CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = Delta Search
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=121562&tt=gc_&babsrc=SP_ss&mntrId=86DE00252263AC94
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
SearchScopes: HKCU - {B5116D24-8C1C-4B36-8E44-25A0E97DDAC5} URL = hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&q={searchTerms}&gu=89af397268f64885a4df4bf73a95a347&tu=10GX0007x1B0008&sku=&tstsId=&ver=&&r=968
SearchScopes: HKCU - {C52C87CB-1CB7-4F02-8BD7-E1F5C91D8A47} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=5acfe9fe-3405-463e-bfe1-5de8b83caff3&apn_sauid=DC74C1D1-344E-409C-8E42-02372E92113B
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: No Name - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} -  No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - No Name - {82E1477C-B154-48D3-9891-33D83C26BCD3} -  No File
Toolbar: HKLM-x32 - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 83.169.186.33 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default
FF user.js: detected! => C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\user.js
FF DefaultSearchEngine: Search Results
FF SearchEngineOrder.1: Search Results
FF SelectedSearchEngine: Search Results
FF Homepage: hxxp://www.searchnu.com/410
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\Extensions\ffxtlbr@babylon.com [2013-04-30]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-04-10]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-15]
CHR Extension: (Google Drive) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-15]
CHR Extension: (YouTube) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-15]
CHR Extension: (Google-Suche) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-15]
CHR Extension: (Delta Toolbar) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-11-15]
CHR Extension: (Google Wallet) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-15]
CHR Extension: (Google Mail) - C:\Users\strassburgererfurth\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-15]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\strassburgererfurth\AppData\Roaming\BabSolution\CR\delta2.crx [2013-04-30]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3049800 2011-01-12] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-13] (DT Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-13] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
U0 KL1; 
U4 SR; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 11:07 - 2014-03-11 11:08 - 00020540 _____ () C:\Users\strassburgererfurth\Desktop\FRST.txt
2014-03-11 11:07 - 2014-03-11 09:40 - 02157056 _____ (Farbar) C:\Users\strassburgererfurth\Desktop\FRST64.exe
2014-03-11 09:52 - 2014-03-11 11:07 - 00000000 ____D () C:\FRST
2014-03-04 12:24 - 2014-03-11 11:04 - 00001736 _____ () C:\Windows\setupact.log
2014-03-04 12:24 - 2014-03-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:20 - 2012-01-20 09:01 - 00000000 ____D () C:\Users\strassburgererfurth\Downloads\Firmware-Updater Software
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:10 - 2014-02-26 13:11 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:01 - 2014-02-26 13:04 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:35 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-02-24 12:35 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-02-24 12:35 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:33 - 2014-02-24 12:34 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 12:32 - 2014-02-24 12:33 - 00535072 _____ () C:\Users\strassburgererfurth\Downloads\smac setup.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-24 07:22 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-24 07:22 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-24 07:22 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-24 07:22 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-24 07:22 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-24 07:22 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-24 07:22 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-24 07:22 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-24 07:22 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-24 07:22 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-24 07:22 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-24 07:22 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-24 07:22 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-24 07:22 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-24 07:22 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-24 07:22 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-24 07:22 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-24 07:22 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-24 07:22 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-24 07:22 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-24 07:22 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 07:22 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-24 07:22 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-24 07:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-24 07:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-24 07:21 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-24 07:21 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-24 07:21 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-24 07:21 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-24 07:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-24 07:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 07:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-24 07:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 14:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-17 14:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-17 14:27 - 2014-02-17 14:38 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:23 - 2014-02-17 14:29 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

==================== One Month Modified Files and Folders =======

2014-03-11 11:08 - 2014-03-11 11:07 - 00020540 _____ () C:\Users\strassburgererfurth\Desktop\FRST.txt
2014-03-11 11:07 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-11 11:05 - 2013-11-15 10:39 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-11 11:05 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 11:04 - 2014-03-04 12:24 - 00001736 _____ () C:\Windows\setupact.log
2014-03-11 11:04 - 2013-04-10 11:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-11 11:02 - 2013-04-10 12:58 - 00000000 ___RD () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-11 10:42 - 2013-10-23 15:58 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-11 10:34 - 2013-04-10 11:41 - 01396549 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 10:33 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 10:33 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 10:32 - 2013-11-15 10:39 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-11 09:40 - 2014-03-11 11:07 - 02157056 _____ (Farbar) C:\Users\strassburgererfurth\Desktop\FRST64.exe
2014-03-10 17:39 - 2013-04-15 08:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-10 17:27 - 2013-04-10 13:39 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\CrashDumps
2014-03-09 15:57 - 2013-04-13 16:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-03-09 15:52 - 2013-04-10 12:00 - 00000000 ____D () C:\Users\strassburgererfurth
2014-03-09 15:51 - 2013-04-10 13:24 - 00000000 ____D () C:\ProgramData\Protexis
2014-03-09 15:51 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-09 15:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-04 12:24 - 2014-03-04 12:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-04 11:24 - 2013-04-10 13:17 - 00000000 ___RD () C:\Users\strassburgererfurth\Desktop\Micha SPIELE
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:17 - 2010-11-21 07:50 - 03845120 _____ () C:\Windows\system32\perfh007.dat
2014-03-04 11:17 - 2010-11-21 07:50 - 01127774 _____ () C:\Windows\system32\perfc007.dat
2014-03-04 11:17 - 2009-07-14 06:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-03-04 09:10 - 2013-04-13 15:13 - 00079529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-03-04 09:01 - 2013-06-13 07:04 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\Kobo
2014-03-04 09:01 - 2013-06-13 07:02 - 00000000 ____D () C:\Windows\tmp
2014-03-04 08:57 - 2013-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:11 - 2014-02-26 13:10 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:04 - 2014-02-26 13:01 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 17:00 - 2013-05-12 14:30 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Musik Videobearbeitung
2014-02-24 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-24 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:34 - 2014-02-24 12:33 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 12:33 - 2014-02-24 12:32 - 00535072 _____ () C:\Users\strassburgererfurth\Downloads\smac setup.exe
2014-02-24 07:32 - 2013-07-11 06:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-24 07:30 - 2013-04-13 15:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-21 22:39 - 2013-09-13 14:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 22:39 - 2013-04-15 08:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 22:39 - 2013-04-15 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2013-06-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 15:43 - 2013-04-20 14:07 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-17 14:38 - 2014-02-17 14:27 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:38 - 2013-10-03 14:11 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Fotobearbeitung
2014-02-17 14:34 - 2013-04-10 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 14:29 - 2014-02-17 14:23 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-16 10:27 - 2013-11-15 10:39 - 00004132 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 10:27 - 2013-11-15 10:39 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

Some content of TEMP:
====================
C:\Users\strassburgererfurth\AppData\Local\Temp\0976.dll
C:\Users\strassburgererfurth\AppData\Local\Temp\avgnt.exe
C:\Users\strassburgererfurth\AppData\Local\Temp\drm_dyndata_7330014.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-04 12:52

==================== End Of Log ============================

--- --- ---

--- --- ---

und hier die additional.txt:FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
Ran by strassburgererfurth at 2014-03-11 11:09:08
Running from C:\Users\strassburgererfurth\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: ZoneAlarm Free Firewall Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Free Firewall Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AGEIA PhysX v7.07.09 (HKLM-x32\...\{65F1CF63-31E0-450B-96F3-4A88BE7361A6}) (Version: 7.07.09 - AGEIA Technologies, Inc.)
Any Video Converter 5.0.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2014 v.12.0.5 (HKLM-x32\...\{91B33C97-280F-B76D-E27B-E712D7041B76}_is1) (Version: 12.0.5 - Ashampoo GmbH & Co. KG)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.338 - Avira)
Brother MFL-Pro Suite DCP-135C (HKLM-x32\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
BrowserProtect (HKLM-x32\...\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}) (Version:  - ) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 3.04 - Piriform)
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DeepSkyStacker (HKLM-x32\...\{350E3960-DE20-4FE6-9E6B-26B464AD27FD}) (Version: 3.2.0 -  )
Delta Chrome Toolbar (HKLM-x32\...\Delta Chrome Toolbar) (Version:  - Delta) <==== ATTENTION
DigiJay 1.414 (HKLM-x32\...\DigiJay_is1) (Version:  - MB Audio)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 14.0.0.10960 - Landesfinanzdirektion Thüringen)
eMule Razorback 3 (HKLM-x32\...\eMule Razorback 3) (Version:  - )
Exif-Viewer 2.51  (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
Free Video to MP3 Converter version 5.0.24.430 (HKLM-x32\...\Free Video to MP3 Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HashCheck Shell Extension (x86-32) (HKLM-x32\...\HashCheck Shell Extension) (Version: 2.1.11.1 - Kai Liu)
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Index.dat Suite (HKLM-x32\...\{B8971880-0060-11D8-87CB-C2A1A3E71907}_is1) (Version: 2.11.0 - Ur I.T. Mate Group)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
JDownloader 2 (HKLM-x32\...\0630-0716-3135-7887) (Version: 2 - AppWork GmbH)
Kobo (HKLM-x32\...\Kobo) (Version: 3.6.0 - Kobo Inc.)
LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Luminance HDR 2.3.1 (HKLM\...\{7020FC34-6E04-4858-924D-354B28CB2402}_is1) (Version:  - Luminance HDR Dev Team)
Medal of Honor Airborne (HKLM-x32\...\{25F28E39-FDBB-11DB-8314-0800200C9A66}) (Version: 1.0.1.0 - Electronic Arts)
Medal of Honor™ Warfighter (HKLM-x32\...\{48379835-BF2E-4487-9CB1-D5E654502B53}) (Version: 1.0.0.0 - Electronic Arts)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox (3.6.15) (HKLM-x32\...\Mozilla Firefox (3.6.15)) (Version: 3.6.15 (de) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Need for Speed™ SHIFT (HKLM-x32\...\{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}) (Version: 1.0.0.0 - Electronic Arts)
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.115.743 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1422 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 314.22 (Version: 314.22 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
O&O Defrag Free Edition (HKLM\...\{FD686BCC-33E0-4990-BB88-3DAA8C29511E}) (Version: 14.1.425 - O&O Software GmbH)
Origin (HKLM-x32\...\Origin) (Version: 9.0.13.2135 - Electronic Arts, Inc.)
PDF Architect (HKLM-x32\...\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}) (Version: 1.0.52.8917 - pdfforge)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.6.2 - pdfforge)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PSPPContent (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RawTherapee Version 4.0.11 (HKLM-x32\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.0.11 - rawtherapee.com)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Runtime (x32 Version: 1.00.0000 - Your Company Name) Hidden
Setup (x32 Version: 15.0.0.183 - Ihr Firmenname) Hidden
SMAC 2.0 (HKLM-x32\...\SMAC 2.0) (Version:  - )
Sony Image Data Suite (HKLM-x32\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.1.03.06030 - Sony Corporation)
Sony Picture Utility (HKLM-x32\...\{D5068583-D569-468B-9755-5FBF5848F46F}) (Version: 4.3.01.06180 - Sony Corporation)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version: 4.53 - NCH Software)
Thrustmaster FFB Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 2.FFD.2009 - Thrustmaster)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Vista Game Explorer Editor (HKLM-x32\...\VGEE) (Version: Beta 2.14a - Ryan Richter)
VLC media player 1.1.7 (HKLM-x32\...\VLC media player) (Version: 1.1.7 - VideoLAN)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 11.0.000.057 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden

==================== Restore Points  =========================

04-03-2014 11:59:25 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {210F5FE7-E6ED-4DCF-8F76-70EAE6E8A474} - System32\Tasks\BrowserProtect => Sc.exe start BrowserProtect <==== ATTENTION
Task: {474E1A1E-F80D-4512-A9D0-B06894F49D33} - \AdobeFlashPlayerUpdate 2 No Task File
Task: {72C71BF1-4453-4F41-AABD-96F479E4CF20} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {AF689DDD-ED27-4738-9DF9-EE53EC61AB96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-15] (Google Inc.)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {E64C4670-0D62-4936-A3CA-BE305A466D49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {E9B93895-7449-45D1-A38D-9B7E77A08FA0} - \AdobeFlashPlayerUpdate No Task File
Task: {F605B283-E2AD-4E03-B807-D639DE5362EE} - System32\Tasks\EPUpdater => C:\Users\strassburgererfurth\AppData\Roaming\BabSolution\Shared\BabMaint.exe [2013-06-06] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-10 15:24 - 2013-03-15 05:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-10 11:55 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2013-04-10 13:43 - 2009-05-07 09:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-04-10 13:43 - 2009-05-07 09:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-04-10 13:43 - 2008-01-18 07:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-04-10 13:43 - 2009-11-03 04:12 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2007-08-15 09:49 - 2007-08-15 09:49 - 00063040 _____ () C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
2013-04-10 13:35 - 2013-04-10 13:52 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2014 11:06:37 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 05:26:02 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: rundll32.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc637
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0x0eedfade
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x9c0
Startzeit der fehlerhaften Anwendung: 0xrundll32.exe0
Pfad der fehlerhaften Anwendung: rundll32.exe1
Pfad des fehlerhaften Moduls: rundll32.exe2
Berichtskennung: rundll32.exe3

Error: (03/10/2014 08:48:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2014 03:54:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2014 02:42:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (03/09/2014 02:42:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/09/2014 02:42:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/09/2014 01:32:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.

Error: (03/09/2014 01:32:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.

Error: (03/09/2014 01:32:41 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.


System errors:
=============
Error: (03/11/2014 10:34:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.

Error: (03/11/2014 10:33:53 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:33:36 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/11/2014 10:33:23 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:32:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:32:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:31:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:31:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:30:52 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127

Error: (03/11/2014 10:30:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: 
%%127


Microsoft Office Sessions:
=========================
Error: (03/11/2014 11:06:37 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 05:26:02 PM) (Source: Application Error)(User: )
Description: rundll32.exe6.1.7600.163854a5bc637KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41f9c001cf3c7d6b0e68deC:\Windows\SysWOW64\rundll32.exeC:\Windows\syswow64\KERNELBASE.dllab4a9b66-a870-11e3-8805-0c0c0c0c0c01

Error: (03/10/2014 08:48:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2014 03:54:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2014 02:42:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/09/2014 02:42:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/09/2014 02:42:14 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/09/2014 01:32:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (03/09/2014 01:32:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000

Error: (03/09/2014 01:32:41 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000


CodeIntegrity Errors:
===================================
  Date: 2013-10-14 18:02:16.909
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 18:02:16.284
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 18:02:15.682
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 18:02:15.065
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 18:02:14.400
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 17:53:09.121
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 17:50:44.540
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 17:41:34.327
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 17:41:33.717
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-10-14 17:41:33.108
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 20%
Total physical RAM: 8191.3 MB
Available physical RAM: 6478.29 MB
Total Pagefile: 16380.79 MB
Available Pagefile: 14612.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Win7 System) (Fixed) (Total:146.48 GB) (Free:65.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (XP System) (Fixed) (Total:73.24 GB) (Free:26.03 GB) NTFS
Drive e: (CHRISTIN) (Fixed) (Total:170.89 GB) (Free:138.98 GB) NTFS
Drive f: (MICHA) (Fixed) (Total:170.9 GB) (Free:112.92 GB) NTFS
Drive g: (EXTRAS) (Fixed) (Total:50.72 GB) (Free:43.51 GB) NTFS
Drive h: (Programme) (Fixed) (Total:86.4 GB) (Free:70.09 GB) NTFS
Drive j: (Volume) (Fixed) (Total:149.05 GB) (Free:22.81 GB) NTFS
Drive n: (KRD10) (CDROM) (Total:0.32 GB) (Free:0 GB) CDFS
Drive s: (ÖFFNER) (Removable) (Total:7.52 GB) (Free:2.28 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: CFA2CFA2)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 466 GB) (Disk ID: 89D789D7)
Partition 1: (Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=393 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 24893053)
Partition 1: (Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=86 GB) - (Type=07 NTFS)

========================================================
Disk: 7 (Size: 8 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

==================== End Of Log ============================

--- --- ---

schrauber · 12.03.2014, 09:30

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

emmestee · 12.03.2014, 18:52

So hier die malewarebites lofile:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.11.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
strassburgererfurth :: STRASSBURGERERF [Administrator]

12.03.2014 17:49:25
mbam-log-2014-03-12 (17-49-25).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 238999
Laufzeit: 4 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Danke für die nette Betreuung bei meinem Problem!

micha

# AdwCleaner v3.021 - Bericht erstellt am 12/03/2014 um 18:13:55
# Aktualisiert 10/03/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : strassburgererfurth - STRASSBURGERERF
# Gestartet von : C:\Users\strassburgererfurth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GDCJLOXJ\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Iminent
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Users\strassburgererfurth\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\Extensions\ffxtlbr@babylon.com
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\invalidprefs.js
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\BrowserProtect
Datei Gelöscht : C:\Windows\System32\Tasks\NCH Software

***** [ Verknüpfungen ] *****

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKCU\Software\5308a8cbd6fee14
Schlüssel Gelöscht : HKLM\SOFTWARE\5308a8cbd6fee14
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\NCH Software
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\WEDLMNGR
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\NCH Software
Schlüssel Gelöscht : HKLM\Software\Solvusoft
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

und zu guter letzt:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by strassburgererfurth on 12.03.2014 at 18:19:33,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2413854253-146326500-755775067-1001\Software\sweetim

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\strassburgererfurth\appdata\locallow\datamngr"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2014 at 18:43:38,01

Danke für die hilfe!

fast vergessen, das gewünschte aktuelle:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by strassburgererfurth (administrator) on STRASSBURGERERF on 12-03-2014 18:50:56
Running from S:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Thisisu) C:\Users\strassburgererfurth\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FWH55LN5\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3942728 2011-01-12] (O&O Software GmbH)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NWEReboot] - [X]
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\MountPoints2: {7ed67334-72cc-11e3-ba58-00252263ac94} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\MountPoints2: {b87769ab-92f8-11e3-a5e0-00252263ac94} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2413854253-146326500-755775067-1004\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2413854253-146326500-755775067-1004\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1004\...\MountPoints2: {9e801fae-a1ca-11e2-89a8-806e6f6e6963} - I:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8000EFB5E535CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 83.169.186.33 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-04-10]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-10]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3049800 2011-01-12] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-13] (DT Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-13] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
U0 KL1; 
U4 SR; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-12 18:43 - 2014-03-12 18:43 - 00000914 _____ () C:\Users\strassburgererfurth\Desktop\JRT.txt
2014-03-12 18:19 - 2014-03-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 17:48 - 2014-03-12 18:13 - 00000000 ____D () C:\AdwCleaner
2014-03-12 17:41 - 2014-03-12 18:50 - 00001176 _____ () C:\Windows\setupact.log
2014-03-12 17:41 - 2014-03-12 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 11:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-11 09:52 - 2014-03-12 18:50 - 00000000 ____D () C:\FRST
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:20 - 2012-01-20 09:01 - 00000000 ____D () C:\Users\strassburgererfurth\Downloads\Firmware-Updater Software
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:10 - 2014-02-26 13:11 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:01 - 2014-02-26 13:04 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:35 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-02-24 12:35 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-02-24 12:35 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:33 - 2014-02-24 12:34 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-24 07:22 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-24 07:22 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-24 07:22 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-24 07:22 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-24 07:22 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-24 07:22 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-24 07:22 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-24 07:22 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-24 07:22 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-24 07:22 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-24 07:22 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-24 07:22 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-24 07:22 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-24 07:22 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-24 07:22 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-24 07:22 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-24 07:22 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-24 07:22 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-24 07:22 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-24 07:22 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-24 07:22 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 07:22 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-24 07:22 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-24 07:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-24 07:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-24 07:21 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-24 07:21 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-24 07:21 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-24 07:21 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-24 07:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-24 07:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 07:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-24 07:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 14:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-17 14:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-17 14:27 - 2014-02-17 14:38 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:23 - 2014-02-17 14:29 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

==================== One Month Modified Files and Folders =======

2014-03-12 18:50 - 2014-03-12 17:41 - 00001176 _____ () C:\Windows\setupact.log
2014-03-12 18:50 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-12 18:43 - 2014-03-12 18:43 - 00000914 _____ () C:\Users\strassburgererfurth\Desktop\JRT.txt
2014-03-12 18:39 - 2013-04-15 08:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-12 18:32 - 2013-11-15 10:39 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-12 18:24 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-12 18:24 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-12 18:19 - 2014-03-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 18:15 - 2013-11-15 10:39 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-12 18:15 - 2013-04-10 13:25 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\CheckPoint
2014-03-12 18:15 - 2013-04-10 11:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-12 18:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 18:14 - 2013-04-10 11:41 - 01490489 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 18:13 - 2014-03-12 17:48 - 00000000 ____D () C:\AdwCleaner
2014-03-12 17:41 - 2014-03-12 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-12 17:41 - 2013-05-11 14:47 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\DVDVideoSoft
2014-03-12 17:35 - 2013-04-13 15:13 - 00080649 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-03-12 17:01 - 2013-04-10 13:39 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\CrashDumps
2014-03-12 16:39 - 2013-09-13 14:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 16:39 - 2013-04-15 08:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 16:39 - 2013-04-15 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:47 - 2010-11-21 07:50 - 03859662 _____ () C:\Windows\system32\perfh007.dat
2014-03-12 15:47 - 2010-11-21 07:50 - 01132292 _____ () C:\Windows\system32\perfc007.dat
2014-03-12 15:47 - 2009-07-14 06:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-12 12:51 - 2013-10-23 15:58 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 11:21 - 2013-04-10 11:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-11 11:02 - 2013-04-10 12:58 - 00000000 ___RD () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-09 15:57 - 2013-04-13 16:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-03-09 15:52 - 2013-04-10 12:00 - 00000000 ____D () C:\Users\strassburgererfurth
2014-03-09 15:51 - 2013-04-10 13:24 - 00000000 ____D () C:\ProgramData\Protexis
2014-03-09 15:51 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-09 15:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-04 11:24 - 2013-04-10 13:17 - 00000000 ___RD () C:\Users\strassburgererfurth\Desktop\Micha SPIELE
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-03-04 09:01 - 2013-06-13 07:04 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\Kobo
2014-03-04 09:01 - 2013-06-13 07:02 - 00000000 ____D () C:\Windows\tmp
2014-03-04 08:57 - 2013-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:11 - 2014-02-26 13:10 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:04 - 2014-02-26 13:01 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 17:00 - 2013-05-12 14:30 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Musik Videobearbeitung
2014-02-24 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-24 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:34 - 2014-02-24 12:33 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 07:32 - 2013-07-11 06:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-24 07:30 - 2013-04-13 15:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2013-06-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 15:43 - 2013-04-20 14:07 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-17 14:38 - 2014-02-17 14:27 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:38 - 2013-10-03 14:11 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Fotobearbeitung
2014-02-17 14:34 - 2013-04-10 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 14:29 - 2014-02-17 14:23 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-16 10:27 - 2013-11-15 10:39 - 00004132 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 10:27 - 2013-11-15 10:39 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 10:29 - 2014-02-12 10:29 - 00000218 _____ () C:\Users\strassburgererfurth\.recently-used.xbel
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\RawTherapee4.0.11
2014-02-12 10:19 - 2014-02-12 10:19 - 00000000 ____D () C:\Program Files (x86)\RawTherapee-4.0.11.203

Some content of TEMP:
====================
C:\Users\strassburgererfurth\AppData\Local\Temp\avgnt.exe
C:\Users\strassburgererfurth\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-12 17:27

==================== End Of Log ============================

--- --- ---

--- --- ---

schrauber · 13.03.2014, 11:00

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

emmestee · 16.03.2014, 16:39

ESET LOG:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=2a0ca4aed0c71b4abf6494049852b528
# engine=17468
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-16 03:23:05
# local_time=2014-03-16 04:23:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 351576 29385172 344339 0
# compatibility_mode=5893 16776574 100 94 21538932 146613235 0 0
# compatibility_mode=9217 16776893 100 13 26986763 35502453 0 0
# scanned=187463
# found=4
# cleaned=0
# scan_time=14573
sh=330B27335672B5912F9F765F8723D58F09A4259B ft=1 fh=4dbc0280fb516f8f vn="Win64/Reveton.A trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\3olwl1bn.zvv.xBAD"
sh=62D7DB230302BC869EEF473A959A9F0B738B478F ft=1 fh=a17ca3c88a1019d0 vn="Win64/Reveton.A trojan" ac=I fn="C:\FRST\Quarantine\C\ProgramData\ebj7mqv.zvv.xBAD"
sh=31670AF4C4213B1F7BD42C7E79BE5BCE89D7D60B ft=0 fh=0000000000000000 vn="a variant of Generik.ISEMREO trojan" ac=I fn="R:\SOFTWARE\Musikbearbeitung\Magicbit.3GP.Video.Converter.v1.2.23.216.WinALL.Incl.Keygen.rar"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/Hooker.NAF trojan" ac=I fn="R:\SPIELE\Shooter\Call of Duty 5 World at War (PC Game) DVDR Multi 5 (CentralDVDR.com).iso"

Security Check LOg:

Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
ZoneAlarm Free Firewall Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Flash Player 12.0.0.77
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (3.6.15) Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Das Frischeste FRST:
FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
Ran by strassburgererfurth (administrator) on STRASSBURGERERF on 16-03-2014 16:37:10
Running from S:\
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files (x86)\PDF Architect\ConversionService.exe
() C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [3942728 2011-01-12] (O&O Software GmbH)
HKLM\...\Run: [ISW] - [X]
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2792448 2009-12-04] (VIA)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [NWEReboot] - [X]
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\MountPoints2: {7ed67334-72cc-11e3-ba58-00252263ac94} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2413854253-146326500-755775067-1001\...\MountPoints2: {b87769ab-92f8-11e3-a5e0-00252263ac94} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2413854253-146326500-755775067-1004\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2413854253-146326500-755775067-1004\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2413854253-146326500-755775067-1004\...\MountPoints2: {9e801fae-a1ca-11e2-89a8-806e6f6e6963} - I:\setup.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8000EFB5E535CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = 
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 83.169.186.33 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\strassburgererfurth\AppData\Roaming\Mozilla\Firefox\Profiles\004pms7x.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-04-10]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-04-10]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3049800 2011-01-12] (O&O Software GmbH)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104 2013-01-09] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208 2013-01-09] (pdfforge GbR)
R2 PnkBstrA; C:\Program Files (x86)\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [63040 2007-08-15] ()
S2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-04-13] (DT Soft Ltd)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-11-15] (Kaspersky Lab)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-04-13] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)
U0 KL1; 
U4 SR; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-12 18:43 - 2014-03-12 18:43 - 00000914 _____ () C:\Users\strassburgererfurth\Desktop\JRT.txt
2014-03-12 18:19 - 2014-03-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 17:48 - 2014-03-12 18:13 - 00000000 ____D () C:\AdwCleaner
2014-03-12 17:41 - 2014-03-16 16:36 - 00002352 _____ () C:\Windows\setupact.log
2014-03-12 17:41 - 2014-03-12 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 11:36 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-11 09:52 - 2014-03-16 16:37 - 00000000 ____D () C:\FRST
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 11:20 - 2012-01-20 09:01 - 00000000 ____D () C:\Users\strassburgererfurth\Downloads\Firmware-Updater Software
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:10 - 2014-02-26 13:11 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:01 - 2014-02-26 13:04 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:35 - 2004-08-04 03:56 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2014-02-24 12:35 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-02-24 12:35 - 1999-12-07 07:00 - 00061491 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemdisp.TLB
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:33 - 2014-02-24 12:34 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-24 07:22 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-24 07:22 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-24 07:22 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-24 07:22 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-24 07:22 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-24 07:22 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-24 07:22 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-24 07:22 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-24 07:22 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-24 07:22 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-24 07:22 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-24 07:22 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-24 07:22 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-24 07:22 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-24 07:22 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-24 07:22 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-24 07:22 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-24 07:22 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-24 07:22 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-24 07:22 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-24 07:22 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-24 07:22 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-24 07:22 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-24 07:22 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-24 07:22 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-24 07:22 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-24 07:22 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-24 07:22 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-24 07:22 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-24 07:22 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-24 07:22 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-24 07:21 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-24 07:21 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-24 07:21 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-24 07:21 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-24 07:21 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-24 07:21 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-24 07:21 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-24 07:21 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-24 07:21 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-24 07:20 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-24 07:20 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-24 07:20 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-24 07:20 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-24 07:20 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 14:34 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-17 14:34 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-17 14:27 - 2014-02-17 14:38 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:23 - 2014-02-17 14:29 - 00000000 ____D () C:\Program Files (x86)\Sony

==================== One Month Modified Files and Folders =======

2014-03-16 16:37 - 2014-03-11 09:52 - 00000000 ____D () C:\FRST
2014-03-16 16:36 - 2014-03-12 17:41 - 00002352 _____ () C:\Windows\setupact.log
2014-03-16 16:32 - 2013-11-15 10:39 - 00001136 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 15:39 - 2013-04-15 08:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-16 12:23 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 12:23 - 2009-07-14 05:45 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 12:20 - 2010-11-21 07:50 - 03903288 _____ () C:\Windows\system32\perfh007.dat
2014-03-16 12:20 - 2010-11-21 07:50 - 01145846 _____ () C:\Windows\system32\perfc007.dat
2014-03-16 12:20 - 2009-07-14 06:13 - 00006248 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 12:13 - 2013-11-15 10:39 - 00001132 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 12:13 - 2013-04-10 11:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-16 12:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-12 18:54 - 2013-04-10 11:41 - 01508229 _____ () C:\Windows\WindowsUpdate.log
2014-03-12 18:43 - 2014-03-12 18:43 - 00000914 _____ () C:\Users\strassburgererfurth\Desktop\JRT.txt
2014-03-12 18:19 - 2014-03-12 18:19 - 00000000 ____D () C:\Windows\ERUNT
2014-03-12 18:15 - 2013-04-10 13:25 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\CheckPoint
2014-03-12 18:13 - 2014-03-12 17:48 - 00000000 ____D () C:\AdwCleaner
2014-03-12 17:41 - 2014-03-12 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-12 17:41 - 2013-05-11 14:47 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\DVDVideoSoft
2014-03-12 17:35 - 2013-04-13 15:13 - 00080649 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-03-12 17:01 - 2013-04-10 13:39 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\CrashDumps
2014-03-12 16:39 - 2013-09-13 14:53 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 16:39 - 2013-04-15 08:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 16:39 - 2013-04-15 08:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 12:51 - 2013-10-23 15:58 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-11 11:36 - 2014-03-11 11:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-11 11:21 - 2013-04-10 11:55 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-11 11:02 - 2013-04-10 12:58 - 00000000 ___RD () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-09 15:57 - 2013-04-13 16:22 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-03-09 15:52 - 2013-04-10 12:00 - 00000000 ____D () C:\Users\strassburgererfurth
2014-03-09 15:51 - 2013-04-10 13:24 - 00000000 ____D () C:\ProgramData\Protexis
2014-03-09 15:51 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-09 15:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-03-04 11:24 - 2013-04-10 13:17 - 00000000 ___RD () C:\Users\strassburgererfurth\Desktop\Micha SPIELE
2014-03-04 11:20 - 2014-03-04 11:20 - 02913357 _____ (Igor Pavlov) C:\Users\strassburgererfurth\Downloads\MB_44_AF_1_Sony_V2.0_D_Win.exe
2014-03-04 09:12 - 2014-03-04 09:12 - 00511362 _____ () C:\Users\strassburgererfurth\Downloads\Blutige_Rache.epub
2014-03-04 09:01 - 2013-06-13 07:04 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\Kobo
2014-03-04 09:01 - 2013-06-13 07:02 - 00000000 ____D () C:\Windows\tmp
2014-03-04 08:57 - 2013-06-13 07:02 - 00000000 ____D () C:\Program Files (x86)\Kobo
2014-02-26 13:13 - 2014-02-26 13:13 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\Ashampoo Burning Studio 2014
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Ashampoo
2014-02-26 13:11 - 2014-02-26 13:11 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Local\ashampoo
2014-02-26 13:11 - 2014-02-26 13:10 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-02-26 13:10 - 2014-02-26 13:10 - 00000000 ____D () C:\Program Files (x86)\Ashampoo
2014-02-26 13:04 - 2014-02-26 13:01 - 340465664 _____ () C:\Users\strassburgererfurth\Downloads\kav_rescue_1032.iso
2014-02-24 17:00 - 2013-05-12 14:30 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Musik Videobearbeitung
2014-02-24 13:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-24 12:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KLC
2014-02-24 12:35 - 2014-02-24 12:35 - 00000000 ____D () C:\Program Files (x86)\KLC
2014-02-24 12:34 - 2014-02-24 12:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-24 12:34 - 2014-02-24 12:33 - 04630617 _____ () C:\Users\strassburgererfurth\Downloads\smac20_setup.exe
2014-02-24 07:32 - 2013-07-11 06:09 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-24 07:30 - 2013-04-13 15:15 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-24 07:26 - 2014-02-24 07:26 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-02-17 16:28 - 2014-02-17 16:28 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 __RHD () C:\Users\strassburgererfurth\AppData\Roaming\SecuROM
2014-02-17 16:28 - 2014-02-17 16:28 - 00000000 ____D () C:\Users\strassburgererfurth\Documents\EA Games
2014-02-17 16:01 - 2013-06-26 17:11 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Windows\SysWOW64\AGEIA
2014-02-17 15:58 - 2014-02-17 15:58 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-17 15:43 - 2013-04-20 14:07 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2014-02-17 14:38 - 2014-02-17 14:27 - 00000000 ____D () C:\Users\strassburgererfurth\AppData\Roaming\Sony Corporation
2014-02-17 14:38 - 2013-10-03 14:11 - 00000000 ____D () C:\Users\strassburgererfurth\Desktop\Fotobearbeitung
2014-02-17 14:34 - 2013-04-10 13:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-17 14:29 - 2014-02-17 14:23 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-02-16 10:27 - 2013-11-15 10:39 - 00004132 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 10:27 - 2013-11-15 10:39 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\strassburgererfurth\AppData\Local\Temp\avgnt.exe
C:\Users\strassburgererfurth\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-12 17:27

==================== End Of Log ============================

--- --- ---

--- --- ---

Nu Bin ich ja mal gespannt!
Nochmals danke für die Hilfe!

schrauber · 17.03.2014, 10:12

Adobe und Firefox updaten. Die Funde von ESET, welche nicht schon in der Quarantäne von FRST sind, löschen. Wenn ich noch irgend nen geklauten oder gecrackten Scheiss sehe wars das mit Support

.

Noch Probleme?

emmestee · 17.03.2014, 10:59

Hallo Schrauber!

Keine weiteren Probleme, Danke für die Unterstützung. Geklauter und Gecrackter Scheiss

! Aber so ein paar Leichen hat doch Jeder in den unergründlichen Tiefen des Systems!

!

Danke nochmals, spende geht dann gleich raus!

MFG Micha

schrauber · 18.03.2014, 10:31

Zitat:

Aber so ein paar Leichen hat doch Jeder in den unergründlichen Tiefen des Systems!

Deswegen hab ich ja den Support nicht direkt eingestellt. Das mach ich nur wenn ich ein geklautes Windows sehe oder so.

Adobe und Firefox updaten.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

emmestee · 19.03.2014, 10:47

Hallo Schrauber!

Habe mir die vin dir empfohlenen Progs und addons installiert. Werde jetzt nochmal nen scan und eine deinstallationssession( alles unnütze weg!) starten. Also Finger weg vom CCleaner??!! anschliessend setz ich mir nen wiederherstellungspunkt, damit sollte das System dann besser sein, als nach der Neuinstallation. Ich Danke nochmals für die Hilfe und Unterstützung.
Läuft alles prima.

Vielen Dank,
Micha

schrauber · 20.03.2014, 09:28

Ccleaner kannste behalten für die Temps

20.03.2014, 09:28	#12
schrauber /// the machine /// TB-Ausbilder	Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich Ccleaner kannste behalten für die Temps __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich

Log-Analyse und Auswertung: Interpol Trojaner eingefangen, bereinigung mit Kaspersky Rescue Disc nicht erfolgreich