Nach flash Video Internet langsam

Gepetto1 · 28.05.2014, 19:18

Hallo,
ich habe folgendes seltsame Problem. Werde versuchen es möglichst genau zu beschreiben.
Also mein PC läuft völlig normal. Auch beim surfen. Speedtest zeigt volle verfügbare Geschwindigkeit.
Aber sobald ich ein z.B. eingebettetes Video (flash) anschaue, lädt das Video nur noch sehr langsam und auch das weitere surfen (egal auf welchen Seiten) geht nur noch sehr langsam. Ein Speedtest zeigt auch, dass plötzlich höchstens nur noch die Hälfte der zu verfügbaren Geschwindigkeit zur Verfügung steht.

Wenn ich einen Router reboot mache, ist alles wieder ok. Biss ich wieder ein Video anschauen möchte. Dann kommt es wieder zu o.g. Problem.

Folgendes hatte ich schon gemacht.
Mailwarebytes laufen lassen. 0 Befunde
spybot laufen lassen. 0 Befunde
Virenscan (komplett) mit AVG. 0 Befunde.
Router auf Werkseinstellung zurück gesetzt.

Problem besteht noch immer.

Also irgendwie glaube ich ja kaum, dass ich mir da was eingefangen habne könnte. Aber man weiß ja nie.
Jedenfalls wäre ich für jegliche Hilfe sehr sehr dankbar.
Habe den Eindruck, dass dieses Problem erst mit der aktuellsten flash player Version Einzug genommen hat.

Vielen Dank im Voraus

Gruß
Gepetto

schrauber · 29.05.2014, 05:30

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Gepetto1 · 29.05.2014, 06:20

Hallo Schrauber,
erst einmal vielen Dank für deine Hilfe!!!

Hier die Logdateien
FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Philipp (administrator) on PHILIPP-PC on 29-05-2014 07:08:30
Running from C:\Users\Philipp\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM-x32\...\Run: [ROC_roc_dec12] => "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-692924467-1411480276-1425026954-1000\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Philipp\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 25244e8280d84c553ffe70ce58603448-eb7676c7afff319c021478f5b3eeeb2ee90e22b2 --CMPID 0913b
HKU\S-1-5-21-692924467-1411480276-1425026954-1000\...\MountPoints2: {a6d391c1-6d94-11de-9e57-806e6f6e6963} - D:\BlueBirds.exe
HKU\S-1-5-21-692924467-1411480276-1425026954-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3FB10447E45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={D125DFB6-F0EC-4A2D-850E-189FB9AB40BB}&mid=25244e8280d84c553ffe70ce58603448-eb7676c7afff319c021478f5b3eeeb2ee90e22b2&lang=de&ds=AVG&pr=fr&d=2012-05-31 18:04:07&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={D125DFB6-F0EC-4A2D-850E-189FB9AB40BB}&mid=25244e8280d84c553ffe70ce58603448-eb7676c7afff319c021478f5b3eeeb2ee90e22b2&lang=de&ds=AVG&pr=fr&d=2012-05-31 18:04:07&v=11.1.0.7&sap=dsp&q={searchTerms}
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [154256 2007-08-10] (Promise Technology, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S4 fttxr5_O; C:\Windows\system32\drivers\fttxr5_o.sys [230408 2007-10-25] (Promise Technology, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [160288 2008-04-07] (NVIDIA Corporation)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-13] (Saitek)
S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-29 07:08 - 2014-05-29 07:10 - 00011999 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-05-29 07:08 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:12 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-05-28 21:02 - 2014-05-28 21:01 - 02066944 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:02 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 21:01 - 2014-05-28 21:01 - 02066944 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-05-28 20:47 - 2014-05-28 20:47 - 00001163 _____ () C:\Users\Philipp\Desktop\mbam.txt.txt
2014-05-28 20:38 - 2014-05-28 20:39 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 20:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 20:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 19:37 - 2014-05-28 21:16 - 00000000 ____D () C:\AdwCleaner
2014-05-28 19:36 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Downloads\adwcleaner_3.211.exe
2014-05-28 16:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:02 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-28 13:48 - 2014-05-28 13:48 - 00000000 ____D () C:\Users\Philipp\Documents\Alte Firefox-Daten
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 21:55 - 2014-05-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 21:55 - 2014-05-27 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 21:51 - 2014-05-27 21:51 - 00961360 _____ (Chip Digital GmbH) C:\Users\Philipp\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-05-27 21:44 - 2014-05-28 23:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 21:44 - 2014-05-27 21:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 21:44 - 2014-05-27 21:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 20:19 - 2014-05-27 20:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-15 19:28 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:28 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:28 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:28 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:01 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:01 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-10 18:23 - 2014-05-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 19:21 - 2014-05-02 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-05-29 07:10 - 2014-05-29 07:08 - 00011999 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-05-29 07:09 - 2009-07-10 14:09 - 01051431 _____ () C:\Windows\WindowsUpdate.log
2014-05-29 07:08 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-05-29 07:05 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-29 07:05 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-29 07:04 - 2011-08-10 16:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-29 07:04 - 2008-01-21 05:26 - 00836488 _____ () C:\Windows\PFRO.log
2014-05-29 07:04 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-28 23:47 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-28 23:27 - 2014-05-27 21:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-28 22:59 - 2011-08-10 16:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-28 21:16 - 2014-05-28 19:37 - 00000000 ____D () C:\AdwCleaner
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:13 - 2014-05-28 21:12 - 01016261 _____ (Thisisu) C:\Users\Philipp\Downloads\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-05-28 21:01 - 2014-05-28 21:02 - 02066944 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:01 - 2014-05-28 21:01 - 02066944 _____ (Farbar) C:\Users\Philipp\Downloads\FRST64.exe
2014-05-28 20:47 - 2014-05-28 20:47 - 00001163 _____ () C:\Users\Philipp\Desktop\mbam.txt.txt
2014-05-28 20:39 - 2014-05-28 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 19:36 - 2014-05-28 21:02 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 19:36 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Downloads\adwcleaner_3.211.exe
2014-05-28 19:14 - 2012-05-31 17:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-28 18:25 - 2008-05-21 15:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-28 18:25 - 2008-05-21 15:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-28 18:25 - 2008-05-21 15:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-28 14:01 - 2014-05-28 16:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:01 - 2014-05-28 14:02 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-28 13:48 - 2014-05-28 13:48 - 00000000 ____D () C:\Users\Philipp\Documents\Alte Firefox-Daten
2014-05-27 23:15 - 2013-10-01 18:40 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg2014
2014-05-27 22:29 - 2014-05-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 22:28 - 2014-05-27 21:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 21:51 - 2014-05-27 21:51 - 00961360 _____ (Chip Digital GmbH) C:\Users\Philipp\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 21:44 - 2014-05-27 21:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-27 20:20 - 2014-05-27 20:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Philipp\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-19 18:56 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-15 19:38 - 2009-07-08 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:34 - 2013-08-14 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:33 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 17:54 - 2012-05-31 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:55 - 2011-08-10 16:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 18:55 - 2011-08-10 16:32 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 18:23 - 2014-05-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 02:46 - 2014-05-15 19:28 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-15 19:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-15 19:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-15 19:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 19:22 - 2014-05-02 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-29 07:11

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Philipp at 2014-05-29 07:10:29
Running from C:\Users\Philipp\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version:  - )
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.20.0000 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
F1 2010 (HKLM-x32\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}) (Version: 1.0.0000.132 - Codemasters)
F1 2010 (x32 Version: 1.0.0000.132 - Codemasters) Hidden
F1 2010 (x32 Version: 1.0.0001.132 - Codemasters) Hidden
F1 2011 (HKLM-x32\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (x32 Version: 1.0.0000.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0001.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0002.129 - Codemasters) Hidden
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software-Treiberpaket (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.4.9 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5854 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

==================== Restore Points  =========================

07-05-2013 16:31:27 Installed AVG 2013
07-05-2013 16:46:15 Removed Adobe Flash Player 9 ActiveX.
16-05-2013 16:11:59 Windows Update
26-05-2013 18:28:23 Geplanter Prüfpunkt
10-06-2013 18:33:24 Geplanter Prüfpunkt
12-06-2013 16:45:29 Windows Update
10-07-2013 16:49:49 Windows Update
14-08-2013 16:46:50 Windows Update
28-08-2013 17:18:27 Windows Update
12-09-2013 16:48:58 Windows Update
21-09-2013 17:03:11 Removed Java(TM) 6 Update 3
21-09-2013 17:04:13 Removed Java(TM) 6 Update 5
21-09-2013 17:05:11 Removed Java(TM) 6 Update 3
21-09-2013 17:14:34 Removed Java(TM) 6 Update 3
21-09-2013 17:47:47 Removed Java(TM) 6 Update 3
21-09-2013 17:48:25 Removed Java(TM) 6 Update 3
21-09-2013 18:03:31 Wiederherstellungspunkt vor Fehlerhafte Patchregistrierungsschlüssel
21-09-2013 18:05:13 Removed Java(TM) 6 Update 37
01-10-2013 16:43:39 Installed AVG 2014
01-10-2013 16:45:01 Installed AVG 2014
10-10-2013 16:42:20 Windows Update
14-10-2013 14:32:24 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
14-10-2013 14:35:51 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
14-10-2013 14:36:40 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
14-10-2013 17:14:25 DirectX wurde installiert
15-10-2013 07:39:00 Installiert Far Cry 3
31-10-2013 17:28:40 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
31-10-2013 17:32:09 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
31-10-2013 17:33:11 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
13-11-2013 17:13:00 Windows Update
20-11-2013 17:38:53 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
20-11-2013 17:43:27 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
20-11-2013 17:44:33 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
20-11-2013 17:45:57 Windows Update
21-11-2013 14:54:28 Windows Update
13-12-2013 17:19:09 Windows Update
15-01-2014 17:18:41 Windows Update
13-02-2014 17:23:08 Windows Update
13-02-2014 17:56:42 Installed AVG 2014
12-03-2014 17:37:07 Windows Update
09-04-2014 16:21:10 Windows Update
18-04-2014 17:23:25 Geplanter Prüfpunkt
30-04-2014 17:12:36 Installed AVG 2014
02-05-2014 17:19:06 Windows Update
03-05-2014 19:08:49 Geplanter Prüfpunkt
08-05-2014 19:03:11 Geplanter Prüfpunkt
14-05-2014 19:39:12 Geplanter Prüfpunkt
15-05-2014 17:27:36 Windows Update
24-05-2014 17:49:47 Geplanter Prüfpunkt
25-05-2014 17:15:51 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {053E07D4-BF57-4777-AB86-2503FFB01905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {72539E3E-11DA-47CA-A173-02739CA95D54} - System32\Tasks\{DC3C511F-86D5-41EF-B546-2B08E434B6EF} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {844584A5-E187-4702-BCCB-906B3C92C738} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {D272EFE4-B9B3-4F54-A2AA-0E2618E38D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10] (Google Inc.)
Task: {DE93CB4F-5D56-4AF7-8001-27E17F8F0803} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E8FC08DE-77B2-4685-AC06-5C48D657C8A2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-27] (Adobe Systems Incorporated)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2013-10-15 09:59 - 2013-10-15 09:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-07-10 15:19 - 2008-12-04 12:57 - 00146432 _____ () C:\Windows\SysWOW64\APOMngr.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 07:05:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 06:20:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 04:12:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 03:35:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:55:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\9> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\8> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\7> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)


System errors:
=============
Error: (05/29/2014 07:07:03 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/29/2014 07:05:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/28/2014 06:21:20 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/28/2014 06:20:10 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/28/2014 04:13:10 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/28/2014 04:12:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/28/2014 03:37:31 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/28/2014 03:35:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt

Error: (05/28/2014 01:56:44 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (05/28/2014 01:55:28 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: i8042prt


Microsoft Office Sessions:
=========================
Error: (05/29/2014 07:05:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 06:20:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 04:12:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 03:35:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:55:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\9

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\9

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\8

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\8

Error: (05/28/2014 01:53:16 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)
C:\USERS\PHILIPP\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\NIZMH0AP.DEFAULT-1401277717052\CACHE\7


CodeIntegrity Errors:
===================================
  Date: 2014-05-29 07:10:25.079
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.923
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.782
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.611
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.455
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.314
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.158
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:24.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:23.753
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-05-29 07:10:23.612
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 32%
Total physical RAM: 6134.17 MB
Available physical RAM: 4151.09 MB
Total Pagefile: 12379.88 MB
Available Pagefile: 10474.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:606.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 61491321)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Mailwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 28.05.2014
Suchlauf-Zeit: 20:39:20
Logdatei: mwb.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.28.06
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Philipp

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 344923
Verstrichene Zeit: 7 Min, 30 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Was bedeuten denn eigentlich diese ganzen "Ein an das System angeschlossenes Gerät funktioniert nicht." Meldungen??
Lässt das eher auf ein Hardware/Treiber Problem schließen??

Gruß
Gepetto

schrauber · 29.05.2014, 21:10

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Gepetto1 · 30.05.2014, 06:52

Guten Morgen

Hier Combofix

Was vielleicht noch wichtig wäre. Schon die ganze letzte Zeit ist mir folgendes aufgefallen. Wenn ich auf "Diagnose und Reperatur" (Netzwerk) klicke, steht dort, Netzwerkkonnektivitätsproblem. Des Weiteren wechselt das Netzwerksymbol häufig zwischen "Nur lokal" und "lokal und Internet" Aber ins Internet komme ich trotzdem. Das hatte ich früher auch nicht. Was könnte das bedeuten??? Was ist da nur Los?

Code:

ATTFilter

ComboFix 14-05-29.01 - Philipp 30.05.2014   7:24.1.8 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.6134.4588 [GMT 2:00]
ausgeführt von:: c:\users\Philipp\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\tmp6670.tmp
c:\windows\SysWow64\tmp6680.tmp
c:\windows\SysWow64\tmp7148.tmp
c:\windows\SysWow64\tmp7159.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-04-28 bis 2014-05-30  ))))))))))))))))))))))))))))))
.
.
2014-05-30 05:32 . 2014-05-30 05:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2014-05-30 05:32 . 2014-05-30 05:32	--------	d-----w-	c:\users\Philipp\AppData\Local\temp
2014-05-30 05:32 . 2014-05-30 05:32	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2014-05-30 05:32 . 2014-05-30 05:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-05-30 05:16 . 2014-05-30 05:17	--------	d-----w-	C:\32788R22FWJFW
2014-05-29 05:08 . 2014-05-29 05:16	--------	d-----w-	C:\FRST
2014-05-28 18:38 . 2014-05-28 18:39	122584	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-28 18:38 . 2014-05-28 18:38	--------	d-----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 18:38 . 2014-05-12 05:26	64216	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-05-28 18:38 . 2014-05-12 05:26	91352	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-05-28 18:38 . 2014-05-12 05:25	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-05-28 17:37 . 2014-05-28 19:16	--------	d-----w-	C:\AdwCleaner
2014-05-27 19:55 . 2014-05-27 20:28	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-05-27 19:55 . 2014-05-27 20:29	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-05-27 19:44 . 2014-05-27 19:44	70832	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-27 19:44 . 2014-05-27 19:44	692400	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-27 18:26 . 2014-05-27 18:26	--------	d-----w-	c:\programdata\Malwarebytes
2014-05-15 17:28 . 2014-05-06 00:21	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-15 17:28 . 2014-05-05 23:14	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-15 17:28 . 2014-05-06 00:46	17847808	----a-w-	c:\windows\system32\mshtml.dll
2014-05-15 17:28 . 2014-05-06 00:21	96768	----a-w-	c:\windows\system32\mshtmled.dll
2014-05-15 17:01 . 2014-03-25 16:30	12900864	----a-w-	c:\windows\system32\shell32.dll
2014-05-13 12:20 . 2014-05-13 12:20	235800	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2014-05-13 12:20 . 2014-05-13 12:20	273176	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2014-05-13 12:06 . 2014-05-13 12:06	323352	----a-w-	c:\windows\system32\drivers\avgloga.sys
2014-05-13 12:05 . 2014-05-13 12:05	191768	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2014-05-13 12:05 . 2014-05-13 12:05	152344	----a-w-	c:\windows\system32\drivers\avgdiska.sys
2014-05-13 12:05 . 2014-05-13 12:05	130328	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
2014-05-13 12:04 . 2014-05-13 12:04	236312	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2014-05-13 12:04 . 2014-05-13 12:04	31512	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2014-05-02 17:21 . 2014-05-02 17:22	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-15 17:33 . 2006-11-02 12:35	93223848	----a-w-	c:\windows\system32\mrt.exe
2014-04-15 00:34 . 2014-04-15 00:34	1070232	----a-w-	c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-08 04:06 . 2014-04-09 16:24	10926592	----a-w-	c:\windows\system32\ieframe.dll
2014-03-08 03:49 . 2014-04-09 16:24	2334720	----a-w-	c:\windows\system32\jscript9.dll
2014-03-08 03:41 . 2014-04-09 16:24	1347072	----a-w-	c:\windows\system32\urlmon.dll
2014-03-08 03:40 . 2014-04-09 16:24	1392128	----a-w-	c:\windows\system32\wininet.dll
2014-03-08 03:39 . 2014-04-09 16:24	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2014-03-08 03:38 . 2014-04-09 16:24	237056	----a-w-	c:\windows\system32\url.dll
2014-03-08 03:37 . 2014-04-09 16:24	85504	----a-w-	c:\windows\system32\jsproxy.dll
2014-03-08 03:34 . 2014-04-09 16:24	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2014-03-08 03:34 . 2014-04-09 16:24	816640	----a-w-	c:\windows\system32\jscript.dll
2014-03-08 03:33 . 2014-04-09 16:24	599040	----a-w-	c:\windows\system32\vbscript.dll
2014-03-08 03:32 . 2014-04-09 16:24	729088	----a-w-	c:\windows\system32\msfeeds.dll
2014-03-08 03:32 . 2014-04-09 16:24	2147840	----a-w-	c:\windows\system32\iertutil.dll
2014-03-08 03:24 . 2014-04-09 16:24	248320	----a-w-	c:\windows\system32\ieui.dll
2014-03-07 23:12 . 2014-04-09 16:24	1806848	----a-w-	c:\windows\SysWow64\jscript9.dll
2014-03-07 23:02 . 2014-04-09 16:24	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2014-03-07 23:02 . 2014-04-09 16:24	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2014-03-07 22:57 . 2014-04-09 16:24	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2014-03-07 22:56 . 2014-04-09 16:24	421376	----a-w-	c:\windows\SysWow64\vbscript.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-05-13 5181456]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-02-19 24576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-27 19:44]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 14:32]
.
2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10 14:32]
.
2013-01-28 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-26 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 123400]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = localhost:8080
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\Philipp\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-692924467-1411480276-1425026954-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:81,49,23,48,13,c8,01,d6,2d,35,d9,5e,16,bb,9f,19,bd,57,69,a0,ec,b3,cb,
   30,98,3a,9b,ed,f1,84,2d,2a,1f,3c,47,ae,8e,e9,e4,43,a4,89,f9,cb,cd,f2,35,bc,\
"??"=hex:65,34,23,f1,ac,3e,ae,99,14,20,f8,2a,53,ca,02,2f
.
[HKEY_USERS\S-1-5-21-692924467-1411480276-1425026954-1000\Software\SecuROM\License information*]
"datasecu"=hex:40,ee,6a,e9,04,e9,b0,e0,df,a8,9f,1c,72,bb,6f,8b,f6,ac,ce,dc,ea,
   e8,dc,e8,66,d9,5c,fd,4b,ad,07,06,68,dc,1d,90,d2,94,df,19,de,51,c0,69,f7,4a,\
"rkeysecu"=hex:45,7b,59,ee,92,af,a7,84,8b,d0,67,1c,80,f5,25,9d
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Zeit der Fertigstellung: 2014-05-30  07:38:11
ComboFix-quarantined-files.txt  2014-05-30 05:38
.
Vor Suchlauf: 35 Verzeichnis(se), 651.485.085.696 Bytes frei
Nach Suchlauf: 41 Verzeichnis(se), 651.523.588.096 Bytes frei
.
- - End Of File - - 32041F7CEA5A5E9028CC200E08FD6F76
5C616939100B85E558DA92B899A0FC36

Gruß
Gepetto

schrauber · 30.05.2014, 22:12

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Gepetto1 · 31.05.2014, 06:41

Hi,
hier ein kurzer Statusbericht. Wenn ich mit firefox ins Netz gehe, habe ich ständig Verbindungsabbrüche!

Bin völlig verzweifelt...

hier die logs.

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 31.05.2014
Suchlauf-Zeit: 07:01:36
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.31.01
Rootkit Datenbank: v2014.05.21.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x64
Dateisystem: NTFS
Benutzer: Philipp

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 355619
Verstrichene Zeit: 12 Min, 53 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 31/05/2014 um 07:17:34
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : Philipp - PHILIPP-PC
# Gestartet von : C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[!] Ordner Gelöscht : C:\Users\Gast\AppData\Local\AVG Security Toolbar
[!] Ordner Gelöscht : C:\Users\Philipp\AppData\LocalLow\AVG Security Toolbar

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Schlüssel Gelöscht : HKCU\Software\AVG Nation toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\AVG Nation toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\sotxyr2c.default\prefs.js ]


[ Datei : C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052\prefs.js ]


*************************

AdwCleaner[R0].txt - [3935 octets] - [28/05/2014 19:37:13]
AdwCleaner[R1].txt - [3995 octets] - [28/05/2014 19:47:44]
AdwCleaner[R2].txt - [4053 octets] - [28/05/2014 21:16:17]
AdwCleaner[R3].txt - [3816 octets] - [31/05/2014 07:16:51]
AdwCleaner[S0].txt - [3052 octets] - [31/05/2014 07:17:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3112 octets] ##########

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by Philipp on 31.05.2014 at  7:23:28,69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2014 at  7:30:12,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Philipp (administrator) on PHILIPP-PC on 31-05-2014 07:34:05
Running from C:\Users\Philipp\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\lpksetup.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3FB10447E45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [154256 2007-08-10] (Promise Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S4 fttxr5_O; C:\Windows\system32\drivers\fttxr5_o.sys [230408 2007-10-25] (Promise Technology, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [160288 2008-04-07] (NVIDIA Corporation)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-13] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 07:34 - 2014-05-31 07:34 - 00010112 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-30 15:25 - 2014-05-30 15:25 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-05-30 07:40 - 2014-05-30 07:38 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:17 - 2014-05-30 07:38 - 00000000 ____D () C:\Qoobox
2014-05-30 07:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 07:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 07:16 - 2014-05-30 07:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:16 - 2014-05-30 07:17 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-29 07:08 - 2014-05-31 07:34 - 00000000 ____D () C:\FRST
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-05-28 21:02 - 2014-05-28 21:01 - 02066944 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:02 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 20:38 - 2014-05-31 07:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 20:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 20:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 19:37 - 2014-05-31 07:17 - 00000000 ____D () C:\AdwCleaner
2014-05-28 16:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:02 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-28 13:48 - 2014-05-28 13:48 - 00000000 ____D () C:\Users\Philipp\Documents\Alte Firefox-Daten
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 21:55 - 2014-05-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 21:55 - 2014-05-27 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 21:44 - 2014-05-31 07:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 21:44 - 2014-05-27 21:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 21:44 - 2014-05-27 21:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 19:28 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:28 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:28 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:28 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:01 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:01 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-10 18:23 - 2014-05-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 19:21 - 2014-05-02 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-05-31 07:35 - 2014-05-31 07:34 - 00010112 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-05-31 07:34 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-05-31 07:33 - 2011-08-10 16:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-31 07:33 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-31 07:33 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 07:33 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 07:32 - 2008-01-21 05:26 - 00840278 _____ () C:\Windows\PFRO.log
2014-05-31 07:31 - 2009-07-10 14:09 - 01146666 _____ () C:\Windows\WindowsUpdate.log
2014-05-31 07:31 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:27 - 2014-05-27 21:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:17 - 2014-05-28 19:37 - 00000000 ____D () C:\AdwCleaner
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-31 07:05 - 2012-05-31 17:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-05-31 07:01 - 2014-05-28 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-31 07:00 - 2011-08-10 16:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 15:25 - 2014-05-30 15:25 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-05-30 07:40 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:17 - 00000000 ____D () C:\Qoobox
2014-05-30 07:37 - 2014-05-30 07:16 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:36 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 07:17 - 2014-05-30 07:16 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:14 - 2008-05-21 15:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 07:14 - 2008-05-21 15:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 07:14 - 2008-05-21 15:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-05-28 21:01 - 2014-05-28 21:02 - 02066944 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 19:36 - 2014-05-28 21:02 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 14:01 - 2014-05-28 16:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:01 - 2014-05-28 14:02 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-28 13:48 - 2014-05-28 13:48 - 00000000 ____D () C:\Users\Philipp\Documents\Alte Firefox-Daten
2014-05-27 23:15 - 2013-10-01 18:40 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg2014
2014-05-27 22:29 - 2014-05-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 22:28 - 2014-05-27 21:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 21:44 - 2014-05-27 21:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 21:44 - 2014-05-27 21:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 18:56 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-15 19:38 - 2009-07-08 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:34 - 2013-08-14 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:33 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 17:54 - 2012-05-31 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:55 - 2011-08-10 16:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 18:55 - 2011-08-10 16:32 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 18:23 - 2014-05-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 02:46 - 2014-05-15 19:28 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-15 19:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-15 19:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-15 19:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 19:22 - 2014-05-02 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-31 07:26

==================== End Of Log ============================

--- --- ---

Gruß
Gepetto

schrauber · 31.05.2014, 15:49

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Gepetto1 · 01.06.2014, 09:57

Hallo Schrauber,
ich habe das Problem eingrenzen können. Sorry, wenn ich das jetzt ein bisschen ausführlicher schreibe, aber vielleicht hilft dir das dann bei der Problembehebung.
Und noch einmal vielen Dank für deine Hilfe!!
Also... wenn ich mir firefox ins Internet gehe und KEINE Seite mit flash Inhalt aufrufe, habe ich wenige Verbindungsabbrüche. Und jetzt kommts. Sobald ich eine Seite mit flash Inhalt aufrufe, öffnen sich im Taskmanager 2mal flash player plugin.exe und 1 mal plug in container.exe. So weit so gut. Ist ja auch normal. ABER... sobald ich anschließend wieder eine Seite ohne flash aufrufe, kann ich folgendes beobachten.
Im Taskmanager schließen sich nach einiger Zeit die 2 flash exe und die plug in container exe. Und einige Sekunden später, wird die Verbindung zum Router getrennt. Dies ist reproduzierbar. Es liegt also irgendwie am firefox. Leider habe ich auch ohne flash Seiten weiter, wenn auch nicht so oft, Verbindungsabbrüche zum Router. Immer wenn der firefox läuft.

Ich werde den scan, wie von dir gewünscht, durchführen. Meinst Du es wäre sinnvoll den firefox komplett mal zu deinstallieren und wenn ja über software/deinstallieren oder mit Revo? Des Weiteren steht unter Netzwerkdiagnose" "auf diesem Computer besteht ein Netzwerkkonnektivitätsproblem". Wenn ich unter "Eigenschaften" des LAN-Adapters auf Diagnose klicke sagt er mir, dass kein Problem besteht. Soll ich eigentlich den firefox in der windows firewall einen Hacken setzen (Ausnahme) oder nicht? Ich kapier bald gar nix mehr...

Das scan Ergebnis folgt demnächst, wenn alles fertig ist.

Gruß
Gepetto

Hallo Schrauber,
hier die logs.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=54a4577ee06dec40ba95c682ab0ff24b
# engine=18495
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-01 08:40:22
# local_time=2014-06-01 10:40:22 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 98 49418 88746006 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 100292362 239135928 0 0
# scanned=227193
# found=3
# cleaned=0
# scan_time=13729
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Downloads\FreeYouTubeToMP3Converter(1).exe"
sh=D20146018CC2327122B2692E355F353DFA6D571A ft=1 fh=641303b82d1a41cf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Downloads\FreeYouTubeToMP3Converter_3.10.17.exe"
sh=6540107955BCE3573D82D4C84F9925D32023474C ft=1 fh=bfad9279c37daeed vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Philipp\Downloads\GPU Z - CHIP-Downloader.exe"

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
AVG AntiVirus Free Edition 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 	13.0.0.214  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (29.0.1) 
 Mozilla Thunderbird (24.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014
Ran by Philipp (administrator) on PHILIPP-PC on 01-06-2014 10:48:33
Running from C:\Users\Philipp\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKU\S-1-5-21-692924467-1411480276-1425026954-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3FB10447E45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\nizmh0ap.default-1401277717052\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [154256 2007-08-10] (Promise Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S4 fttxr5_O; C:\Windows\system32\drivers\fttxr5_o.sys [230408 2007-10-25] (Promise Technology, Inc.)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [160288 2008-04-07] (NVIDIA Corporation)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-13] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-01 10:48 - 2014-06-01 10:48 - 00010183 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-01 10:48 - 2014-06-01 10:48 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-01 10:47 - 2014-06-01 10:47 - 00000822 _____ () C:\Users\Philipp\Desktop\checkup.txt
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:16 - 2014-05-31 21:15 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-30 15:25 - 2014-05-30 15:25 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-05-30 07:40 - 2014-05-30 07:38 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-06-01 10:48 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:17 - 2014-05-30 07:38 - 00000000 ____D () C:\Qoobox
2014-05-30 07:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 07:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 07:16 - 2014-05-30 07:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:16 - 2014-05-30 07:17 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-29 07:08 - 2014-06-01 10:48 - 00000000 ____D () C:\FRST
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-05-28 21:02 - 2014-06-01 10:48 - 02067456 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:02 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 20:38 - 2014-05-31 07:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 20:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 20:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 19:37 - 2014-05-31 07:17 - 00000000 ____D () C:\AdwCleaner
2014-05-28 16:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:02 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-28 13:48 - 2014-05-28 13:48 - 00000000 ____D () C:\Users\Philipp\Documents\Alte Firefox-Daten
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 21:55 - 2014-05-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 21:55 - 2014-05-27 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 21:44 - 2014-06-01 10:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-27 21:44 - 2014-05-27 21:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 21:44 - 2014-05-27 21:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 19:28 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:28 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:28 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:28 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:01 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:01 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-10 18:23 - 2014-05-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-02 19:21 - 2014-05-02 19:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

2014-06-01 10:48 - 2014-06-01 10:48 - 00010183 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-01 10:48 - 2014-06-01 10:48 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-01 10:48 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-06-01 10:48 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-06-01 10:48 - 2014-05-28 21:02 - 02067456 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-06-01 10:47 - 2014-06-01 10:47 - 00000822 _____ () C:\Users\Philipp\Desktop\checkup.txt
2014-06-01 10:36 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 10:36 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 10:27 - 2014-05-27 21:44 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 10:00 - 2011-08-10 16:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-01 07:11 - 2009-07-10 14:09 - 01203915 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-06-01 06:42 - 2012-05-31 17:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-01 06:36 - 2011-08-10 16:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-01 06:36 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 06:35 - 2008-01-21 05:26 - 00841756 _____ () C:\Windows\PFRO.log
2014-05-31 21:21 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:15 - 2014-05-31 21:16 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:17 - 2014-05-28 19:37 - 00000000 ____D () C:\AdwCleaner
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-31 07:01 - 2014-05-28 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 15:25 - 2014-05-30 15:25 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Adobe
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-05-30 07:40 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:17 - 00000000 ____D () C:\Qoobox
2014-05-30 07:37 - 2014-05-30 07:16 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:36 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 07:17 - 2014-05-30 07:16 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:14 - 2008-05-21 15:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 07:14 - 2008-05-21 15:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 07:14 - 2008-05-21 15:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Desktop\revosetup95.exe
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 19:36 - 2014-05-28 21:02 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 14:01 - 2014-05-28 16:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:01 - 2014-05-28 14:02 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-28 13:48 - 2014-05-28 13:48 - 00000000 ____D () C:\Users\Philipp\Documents\Alte Firefox-Daten
2014-05-27 23:15 - 2013-10-01 18:40 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg2014
2014-05-27 22:29 - 2014-05-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 22:28 - 2014-05-27 21:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 21:44 - 2014-05-27 21:44 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-27 21:44 - 2014-05-27 21:44 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-27 21:44 - 2014-05-27 21:44 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 18:56 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-15 19:38 - 2009-07-08 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:34 - 2013-08-14 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:33 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 17:54 - 2012-05-31 18:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-10 18:55 - 2011-08-10 16:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 18:55 - 2011-08-10 16:32 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 18:23 - 2014-05-10 18:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-06 02:46 - 2014-05-15 19:28 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-15 19:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-15 19:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-15 19:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 19:22 - 2014-05-02 19:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-01 06:43

==================== End Of Log ============================

--- --- ---

--- --- ---

Hoffe das hilft dir.

Was sagst du denn zu meiner Beobachtung, die ich im vorherigen post geschrieben habe?

Das Problem besteht nämlich immer noch!! Wenn ich den Rechner starte (LAN) wird die Verbindung zum Netz aufgebaut. Es wird mir dennoch angezeigt, dass ein Netzwerkkonnektivitätsproblem besteht. Leitung steht trotzdem. Wenn ich per thunderbird mails abfrage, bleibt die Leitung bestehen. Keinnerlei Verbindungsabbrüche.

Aber sobald ich firefox starte, beginnen die Verbindungsabbrüche. So wie gerade auch

Soll ich den mal deinstallieren? Wenn ja wie am besten? Habe innerhalb der letzten Minute mindestens 6 Verbindugsabbrüche. Router verbindet sich immer wieder von selbst.

Gruß Gepetto

schrauber · 02.06.2014, 10:03

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Und schau mal in den Eigenschaften der Netzwerkverbindung ob TCPIPv4 UND das TCPIPv6 aktiviert sind.

Gepetto1 · 02.06.2014, 13:57

Hallo Schrauber,
also habe mit Revo den firefox deinstalliert und alle Reste entfernen lassen.
Wenn ich die Netzwerk-Diagnose laufen lasse, heißt es immer noch, dass auf diesem Computer ein Netzwerkkonnektivitätsproblem besteht.
Trotzdem steht die Leitung und im Netzwerkcenter sieht auch alles "normal" aus. Kein rotes Kreuz oder so. Computer---Netzwerk---Internet. Alles ok.

Habe firefox aber noch nicht neu installiert. Soll ich wirklich?
Habe mir Opera installiert und damit habe ich absolut keine Leitungsunterbrechungen mehr.

Folgende Ordner habe ich noch gefunden. Diese wurden durch Revo nicht gelöscht.
Unter AppData-Local- gibt es noch den Ordner Mozilla mit Unterordner firefox. Dieser ist leer.
Unter AppData-Roaming gibt es auch noch einen Ordner Mozilla. In diesem befindet sich eine registry.dat und der Ordner Extensions mit einem Unterordner {3550f703-e582-4d05-9a08-453d09bdfdc6}. Dieser ist auch leer.

Soll ich die beiden Ordner auch noch händisch löschen????

Außerdem gibt es bei Revo noch Mozilla Maintenance Service. Dies könnte ich mit Revo auch noch deinstallieren lassen. Soll ich???

Gruß
Gepetto

Ach ja und den Hacken bei TCPIPv6 hatte ich schon früher rausgenommen. Ändert sich aber auch nix, wenn ich ihn setzte.

schrauber · 03.06.2014, 10:07

die Ordner kannste löschen, den Service mit Revo deinstallieren.

Firefox braucht IPv6.

Gepetto1 · 03.06.2014, 13:22

Hi,
habe die Ordner und den Service gelöscht.
Es wird immer noch, bei Rechtsklick auf die kleinen Monitorsymbole rechts in der Taskleiste, wenn ich dort auf "Diagnose und Reparatur" klicke angezeigt, dass auf diesem Computer ein Netzwerkkonnektivitätsproblem besteht.
Ich versteh echt nicht, wieso. Aber die Leitung steht. Sieht man auch im Netzwerk- und Freigabecenter. Bei IPv6 steht allerdings "Eingeschränkt" Liegt das ectl. am alten Router? Speedport 502V?
Soll mich das denn jetzt weiter beunruhigen???
Wie sieht es denn jetzt aus? Ist mein Rechner denn soweit "clean"?
Und soll ich alles (z.B. Combofix etc.) wieder deinstallieren?
Hänge noch einmal ein frisches log an.

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Philipp (administrator) on PHILIPP-PC on 03-06-2014 14:12:40
Running from C:\Users\Philipp\Desktop
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
() C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\22.0.1471.50\opera.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [123400 2009-01-21] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [CTxfiHlp] => CTXFIHLP.EXE
HKU\S-1-5-21-692924467-1411480276-1425026954-1001\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

ProxyServer: localhost:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA3FB10447E45CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

==================== Services (Whitelisted) =================

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3644432 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-10-15] ()

==================== Drivers (Whitelisted) ====================

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [154256 2007-08-10] (Promise Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [236312 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [191768 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [323352 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130328 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [273176 2014-05-13] (AVG Technologies CZ, s.r.o.)
S1 Beep; No ImagePath
S4 fttxr5_O; C:\Windows\system32\drivers\fttxr5_o.sys [230408 2007-10-25] (Promise Technology, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [160288 2008-04-07] (NVIDIA Corporation)
S3 SaiH0BAC; C:\Windows\System32\DRIVERS\SaiH0BAC.sys [176128 2007-07-13] (Saitek)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz131; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 lvpopf64; system32\DRIVERS\lvpopf64.sys [X]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [X]
S3 LVRS64; system32\DRIVERS\lvrs64.sys [X]
S3 LVUVC64; system32\DRIVERS\lvuvc64.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-03 14:12 - 2014-06-03 14:13 - 00009069 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-03 14:04 - 2014-06-03 14:04 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401625260
2014-06-02 20:59 - 2014-06-02 21:50 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\eM Client
2014-06-02 20:58 - 2014-06-02 20:58 - 00000884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-06-02 20:56 - 2014-06-02 20:57 - 14995456 _____ () C:\Users\Philipp\Downloads\setup.msi
2014-06-02 15:31 - 2014-06-02 21:26 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 15:31 - 2014-06-02 15:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 15:31 - 2014-06-02 15:31 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\Philipp\Documents\Mail
2014-06-02 14:09 - 2014-06-02 14:09 - 00001106 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-06-02 14:09 - 2014-06-02 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 20:30 - 2014-06-01 20:30 - 00000000 ____D () C:\Users\Philipp\Documents\Local Folders
2014-06-01 14:21 - 2014-06-03 14:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-01 14:21 - 2014-06-01 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-06-01 11:16 - 2014-06-01 11:16 - 00000525 _____ () C:\Users\Philipp\Desktop\firewall.txt
2014-06-01 10:48 - 2014-06-03 14:12 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-01 10:47 - 2014-06-01 10:47 - 00000822 _____ () C:\Users\Philipp\Desktop\checkup.txt
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:16 - 2014-05-31 21:15 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-30 07:40 - 2014-05-30 07:38 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-06-03 14:13 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:17 - 2014-05-30 07:38 - 00000000 ____D () C:\Qoobox
2014-05-30 07:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-30 07:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-30 07:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-30 07:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-30 07:16 - 2014-05-30 07:37 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:16 - 2014-05-30 07:17 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-29 07:08 - 2014-06-03 14:12 - 00000000 ____D () C:\FRST
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 21:02 - 2014-06-03 14:12 - 02068992 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-05-28 21:02 - 2014-05-28 19:36 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 20:38 - 2014-06-01 18:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-28 20:38 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-28 20:38 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 19:37 - 2014-06-02 16:16 - 00000000 ____D () C:\AdwCleaner
2014-05-28 16:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:02 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 21:55 - 2014-05-27 22:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 21:55 - 2014-05-27 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-15 19:28 - 2014-05-06 02:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 19:28 - 2014-05-06 02:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 02:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-15 19:28 - 2014-05-06 01:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-15 19:28 - 2014-05-06 01:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-15 19:28 - 2014-05-06 01:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 19:01 - 2014-03-25 18:30 - 12900864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 19:01 - 2014-03-25 15:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys

==================== One Month Modified Files and Folders =======

2014-06-03 14:13 - 2014-06-03 14:12 - 00009069 _____ () C:\Users\Philipp\Desktop\FRST.txt
2014-06-03 14:13 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Philipp\AppData\Local\temp
2014-06-03 14:12 - 2014-06-01 10:48 - 00000000 ____D () C:\Users\Philipp\Desktop\FRST-OlderVersion
2014-06-03 14:12 - 2014-05-29 07:08 - 00000000 ____D () C:\FRST
2014-06-03 14:12 - 2014-05-28 21:02 - 02068992 _____ (Farbar) C:\Users\Philipp\Desktop\FRST64.exe
2014-06-03 14:11 - 2009-07-10 14:09 - 01342541 _____ () C:\Windows\WindowsUpdate.log
2014-06-03 14:04 - 2014-06-03 14:04 - 00003898 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401625260
2014-06-03 14:04 - 2014-06-01 14:21 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-06-03 14:00 - 2011-08-10 16:32 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-03 13:54 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-03 13:54 - 2006-11-02 17:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-03 13:53 - 2011-08-10 16:32 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-03 13:53 - 2006-11-02 17:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-02 21:51 - 2006-11-02 17:42 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-02 21:50 - 2014-06-02 20:59 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\eM Client
2014-06-02 21:26 - 2014-06-02 15:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-02 20:58 - 2014-06-02 20:58 - 00000884 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2014-06-02 20:58 - 2014-06-02 20:58 - 00000000 ____D () C:\Program Files (x86)\eM Client
2014-06-02 20:57 - 2014-06-02 20:56 - 14995456 _____ () C:\Users\Philipp\Downloads\setup.msi
2014-06-02 19:56 - 2008-01-21 05:26 - 00846494 _____ () C:\Windows\PFRO.log
2014-06-02 19:54 - 2010-04-19 15:57 - 00008843 _____ () C:\Windows\system32\lvcoinst.log
2014-06-02 19:53 - 2010-04-19 15:56 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-06-02 19:53 - 2009-07-22 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-06-02 19:20 - 2012-05-31 17:52 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-02 16:16 - 2014-05-28 19:37 - 00000000 ____D () C:\AdwCleaner
2014-06-02 15:32 - 2009-07-10 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Adobe
2014-06-02 15:31 - 2014-06-02 15:31 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-02 15:31 - 2014-06-02 15:31 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-02 15:31 - 2014-06-02 15:31 - 00003736 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-02 15:31 - 2008-05-21 11:53 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-02 14:43 - 2014-06-02 14:43 - 00000000 ____D () C:\Users\Philipp\Documents\Mail
2014-06-02 14:19 - 2009-07-10 20:41 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Mozilla
2014-06-02 14:09 - 2014-06-02 14:09 - 00001106 _____ () C:\Users\Philipp\Desktop\Revo Uninstaller.lnk
2014-06-02 14:09 - 2014-06-02 14:09 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-01 20:30 - 2014-06-01 20:30 - 00000000 ____D () C:\Users\Philipp\Documents\Local Folders
2014-06-01 18:40 - 2014-05-28 20:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 14:21 - 2014-06-01 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Roaming\Opera Software
2014-06-01 14:21 - 2014-06-01 14:21 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Opera Software
2014-06-01 11:16 - 2014-06-01 11:16 - 00000525 _____ () C:\Users\Philipp\Desktop\firewall.txt
2014-06-01 10:47 - 2014-06-01 10:47 - 00000822 _____ () C:\Users\Philipp\Desktop\checkup.txt
2014-06-01 06:46 - 2014-06-01 06:46 - 00003072 _____ () C:\Windows\System32\Tasks\{A86BF584-E974-4761-B199-EFC4BDE010C0}
2014-05-31 21:17 - 2014-05-31 21:17 - 02347384 _____ (ESET) C:\Users\Philipp\Downloads\esetsmartinstaller_deu.exe
2014-05-31 21:15 - 2014-05-31 21:16 - 00854367 _____ () C:\Users\Philipp\Desktop\SecurityCheck.exe
2014-05-31 15:44 - 2014-05-31 15:44 - 28041256 _____ (Opera Software ASA) C:\Users\Philipp\Downloads\Opera_21.0.1432.67_Setup.exe
2014-05-31 07:30 - 2014-05-31 07:30 - 00000636 _____ () C:\Users\Philipp\Desktop\JRT.txt
2014-05-31 07:23 - 2014-05-31 07:23 - 00000000 ____D () C:\Windows\ERUNT
2014-05-31 07:20 - 2014-05-31 07:20 - 00003200 _____ () C:\Users\Philipp\Desktop\AdwCleaner[S0].txt
2014-05-31 07:16 - 2014-05-31 07:16 - 00001165 _____ () C:\Users\Philipp\Desktop\mbam.txt
2014-05-30 07:39 - 2014-05-30 07:39 - 00010180 _____ () C:\cmb.txt
2014-05-30 07:38 - 2014-05-30 07:40 - 00010180 _____ () C:\Users\Philipp\Desktop\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00010180 _____ () C:\ComboFix.txt
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:38 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-30 07:38 - 2014-05-30 07:17 - 00000000 ____D () C:\Qoobox
2014-05-30 07:37 - 2014-05-30 07:16 - 00000000 ____D () C:\Windows\erdnt
2014-05-30 07:36 - 2006-11-02 14:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-30 07:17 - 2014-05-30 07:16 - 00000000 ____D () C:\32788R22FWJFW
2014-05-30 07:14 - 2008-05-21 15:10 - 01567488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-30 07:14 - 2008-05-21 15:09 - 00674024 _____ () C:\Windows\system32\perfh007.dat
2014-05-30 07:14 - 2008-05-21 15:09 - 00146036 _____ () C:\Windows\system32\perfc007.dat
2014-05-30 07:13 - 2014-05-30 07:13 - 05203398 ____R (Swearware) C:\Users\Philipp\Desktop\ComboFix.exe
2014-05-28 21:13 - 2014-05-28 21:13 - 01016261 _____ (Thisisu) C:\Users\Philipp\Desktop\JRT.exe
2014-05-28 21:06 - 2014-05-28 21:06 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Philipp\Downloads\revosetup95.exe
2014-05-28 20:38 - 2014-05-28 20:38 - 00000948 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-28 20:38 - 2014-05-28 20:38 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-28 19:36 - 2014-05-28 21:02 - 01327971 _____ () C:\Users\Philipp\Desktop\adwcleaner_3.211.exe
2014-05-28 14:01 - 2014-05-28 16:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000 (2).bin
2014-05-28 14:01 - 2014-05-28 14:02 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(2).bin
2014-05-28 14:01 - 2014-05-28 14:01 - 02031626 _____ () C:\Users\Philipp\Downloads\FW_Speedportw502v_v1.24.000(1).bin
2014-05-27 23:15 - 2013-10-01 18:40 - 00000000 ____D () C:\Users\Philipp\AppData\Local\Avg2014
2014-05-27 22:29 - 2014-05-27 21:55 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-05-27 22:28 - 2014-05-27 22:28 - 00000085 _____ () C:\Windows\wininit.ini
2014-05-27 22:28 - 2014-05-27 21:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-27 20:26 - 2014-05-27 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-19 18:56 - 2014-03-31 18:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-05-15 19:38 - 2009-07-08 21:25 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 19:34 - 2013-08-14 18:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-15 19:33 - 2006-11-02 14:35 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-05-13 14:20 - 2014-05-13 14:20 - 00273176 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdia.sys
2014-05-13 14:20 - 2014-05-13 14:20 - 00235800 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2014-05-13 14:06 - 2014-05-13 14:06 - 00323352 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00191768 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00152344 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiska.sys
2014-05-13 14:05 - 2014-05-13 14:05 - 00130328 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx64.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00236312 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2014-05-13 14:04 - 2014-05-13 14:04 - 00031512 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx64.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-28 20:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-28 20:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-10 18:55 - 2011-08-10 16:32 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 18:55 - 2011-08-10 16:32 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-06 02:46 - 2014-05-15 19:28 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 02:21 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 02:21 - 2014-05-15 19:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 01:32 - 2014-05-15 19:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 01:14 - 2014-05-15 19:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 01:14 - 2014-05-15 19:28 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Philipp\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-06-03 14:00

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Philipp at 2014-06-03 14:13:42
Running from C:\Users\Philipp\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
CPUID CPU-Z 1.69 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version:  - )
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Crysis(R) (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.20.0000 - Electronic Arts)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version:  - Microsoft)
Dishonored (HKLM-x32\...\Steam App 205100) (Version: 1.0 - Bethesda Softworks)
eM Client (HKLM-x32\...\{356ECCC7-5485-44F4-B141-AA83DFE02E47}) (Version: 6.0.20320.0 - eM Client Inc.)
F1 2010 (HKLM-x32\...\GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}) (Version: 1.0.0000.132 - Codemasters)
F1 2010 (x32 Version: 1.0.0000.132 - Codemasters) Hidden
F1 2010 (x32 Version: 1.0.0001.132 - Codemasters) Hidden
F1 2011 (HKLM-x32\...\GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}) (Version: 1.0.0000.129 - Codemasters)
F1 2011 (x32 Version: 1.0.0000.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0001.129 - Codemasters) Hidden
F1 2011 (x32 Version: 1.0.0002.129 - Codemasters) Hidden
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 5.04 (HKLM\...\{8753DF4D-64B0-474E-9A97-0AB5585D9A53}) (Version: 5.04.110 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.12.12 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 22.0.1471.50 (HKLM-x32\...\Opera 22.0.1471.50) (Version: 22.0.1471.50 - Opera Software ASA)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Rapture3D 2.4.9 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5854 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Restore Points  =========================

10-06-2013 18:33:24 Geplanter Prüfpunkt
12-06-2013 16:45:29 Windows Update
10-07-2013 16:49:49 Windows Update
14-08-2013 16:46:50 Windows Update
28-08-2013 17:18:27 Windows Update
12-09-2013 16:48:58 Windows Update
21-09-2013 17:03:11 Removed Java(TM) 6 Update 3
21-09-2013 17:04:13 Removed Java(TM) 6 Update 5
21-09-2013 17:05:11 Removed Java(TM) 6 Update 3
21-09-2013 17:14:34 Removed Java(TM) 6 Update 3
21-09-2013 17:47:47 Removed Java(TM) 6 Update 3
21-09-2013 17:48:25 Removed Java(TM) 6 Update 3
21-09-2013 18:03:31 Wiederherstellungspunkt vor Fehlerhafte Patchregistrierungsschlüssel
21-09-2013 18:05:13 Removed Java(TM) 6 Update 37
01-10-2013 16:43:39 Installed AVG 2014
01-10-2013 16:45:01 Installed AVG 2014
10-10-2013 16:42:20 Windows Update
14-10-2013 14:32:24 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
14-10-2013 14:35:51 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
14-10-2013 14:36:40 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
14-10-2013 17:14:25 DirectX wurde installiert
15-10-2013 07:39:00 Installiert Far Cry 3
31-10-2013 17:28:40 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
31-10-2013 17:32:09 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
31-10-2013 17:33:11 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
13-11-2013 17:13:00 Windows Update
20-11-2013 17:38:53 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
20-11-2013 17:43:27 Gerätetreiber-Paketinstallation: NVIDIA Corporation Audio-, Video- und Gamecontroller
20-11-2013 17:44:33 Gerätetreiber-Paketinstallation: NVIDIA USB-Controller
20-11-2013 17:45:57 Windows Update
21-11-2013 14:54:28 Windows Update
13-12-2013 17:19:09 Windows Update
15-01-2014 17:18:41 Windows Update
13-02-2014 17:23:08 Windows Update
13-02-2014 17:56:42 Installed AVG 2014
12-03-2014 17:37:07 Windows Update
09-04-2014 16:21:10 Windows Update
18-04-2014 17:23:25 Geplanter Prüfpunkt
30-04-2014 17:12:36 Installed AVG 2014
02-05-2014 17:19:06 Windows Update
03-05-2014 19:08:49 Geplanter Prüfpunkt
08-05-2014 19:03:11 Geplanter Prüfpunkt
14-05-2014 19:39:12 Geplanter Prüfpunkt
15-05-2014 17:27:36 Windows Update
24-05-2014 17:49:47 Geplanter Prüfpunkt
25-05-2014 17:15:51 Geplanter Prüfpunkt
02-06-2014 12:14:11 Revo Uninstaller's restore point - Mozilla Firefox 29.0.1 (x86 de)
02-06-2014 12:18:19 Revo Uninstaller's restore point - Mozilla Firefox 29.0.1 (x86 de)
02-06-2014 13:02:30 Revo Uninstaller's restore point - Windows Media Player Firefox Plugin
02-06-2014 13:08:30 Revo Uninstaller's restore point - Adobe Shockwave Player
02-06-2014 13:25:31 Revo Uninstaller's restore point - Adobe Flash Player 13 Plugin
02-06-2014 17:52:33 Removed Logitech Webcam Software.
02-06-2014 17:54:13 Logitech Webcam Software v12.10.1110
02-06-2014 18:57:40 Installed eM Client
03-06-2014 12:05:28 Revo Uninstaller's restore point - Mozilla Maintenance Service

==================== Hosts content: ==========================

2006-11-02 14:34 - 2014-05-30 07:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {053E07D4-BF57-4777-AB86-2503FFB01905} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10] (Google Inc.)
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55BE9422-28E2-4700-A01E-1FCF1D40A620} - System32\Tasks\Opera scheduled Autoupdate 1401625260 => C:\Program Files (x86)\Opera\launcher.exe [2014-05-27] (Opera Software)
Task: {72539E3E-11DA-47CA-A173-02739CA95D54} - System32\Tasks\{DC3C511F-86D5-41EF-B546-2B08E434B6EF} => C:\Program Files (x86)\Skype\Phone\Skype.exe
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {844584A5-E187-4702-BCCB-906B3C92C738} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {94810335-FB9F-4177-9D98-0DBBE92CD2F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-02] (Adobe Systems Incorporated)
Task: {D272EFE4-B9B3-4F54-A2AA-0E2618E38D88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-10] (Google Inc.)
Task: {DE93CB4F-5D56-4AF7-8001-27E17F8F0803} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2013-10-15 09:59 - 2013-10-15 09:59 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-03 14:04 - 2014-06-03 14:04 - 01396344 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\opera_crashreporter.exe
2009-07-10 15:19 - 2008-12-04 12:57 - 00146432 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2014-06-03 14:04 - 2014-06-03 14:03 - 00957048 _____ () C:\Program Files (x86)\Opera\22.0.1471.50\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Programme\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

==================== Faulty Device Manager Devices =============

Name: NVIDIA High Definition Audio
Description: NVIDIA High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: NVHDA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2014 01:54:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 09:01:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\eM Client\MailClient.exe . Error code = 0x80131f07

Error: (06/02/2014 09:01:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\eM Client\MailClient.exe . Error code = 0x80131f07

Error: (06/02/2014 07:57:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 06:57:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 06:37:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 04:19:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 03:36:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 03:11:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 02:26:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2014 01:55:51 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/03/2014 01:54:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/02/2014 07:59:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/02/2014 07:57:15 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/02/2014 06:58:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/02/2014 06:57:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/02/2014 06:38:20 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/02/2014 06:37:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt

Error: (06/02/2014 04:21:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/02/2014 04:19:55 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep
i8042prt


Microsoft Office Sessions:
=========================
Error: (06/03/2014 01:54:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 09:01:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\eM Client\MailClient.exe . Error code = 0x80131f07 
C:\Program Files (x86)\eM Client\MailClient.exe

Error: (06/02/2014 09:01:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\eM Client\MailClient.exe . Error code = 0x80131f07 
C:\Program Files (x86)\eM Client\MailClient.exe

Error: (06/02/2014 07:57:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 06:57:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 06:37:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 04:19:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 03:36:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 03:11:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2014 02:26:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-06-03 14:13:38.055
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:37.886
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:37.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:37.549
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:37.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:37.209
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:37.039
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:36.870
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:36.599
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-03 14:13:36.430
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 6134.17 MB
Available physical RAM: 4025 MB
Total Pagefile: 12451.88 MB
Available Pagefile: 10322.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:931.51 GB) (Free:610.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 61491321)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Was bedeuten denn die vielen Errormeldungen? Schlimm?

Gruß
Gepetto

schrauber · 04.06.2014, 08:27

Das sind EInträge aus dem Eventviewer, da steht immer ne Menge drin.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

ProxyServer: localhost:8080

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Windows-taste +R drücken, schreibe

CMD und drücke Enter. Nun tippst Du

sfc /scannow und drückst wieder Enter.

Gepetto1 · 04.06.2014, 13:29

Hallo Schrauber,

ich hatte heute ein evtl. aufschlussreiches Gespräch mit der lieben Telek***.
Nach mehrmaligem Bitten habe sie nun doch mal mein Problem an die Diagnose-Abteilung weitergeleitet und einen Langzeittest gemacht.
Also hatte ich heute den Mitarbeiter am Telefon. Erst sagte er mir, dass alles ganz ok aussehen würde. Dann sagte er plötzlich:" Oh je, ach du lieber Himmel! Das sind ja 10stellige (leider konnte ich mir den Namen nicht merken) irgendwas Fehler. Einstellige Fehler wären schon nicht gut, aber zehnstellige Fehler?!? Da muss ein Techniker kommen. Da stimmt definitiv was mit ihrer Leitung nicht."

Ich habe ihn dann auch direkt gefragt, ob das mit meinem Rechner zu tun haben könnte. Er sagte dann:"Nein. Definitiv nicht." Soweit könne er gar nicht "gucken" und diese Fehler würden schon vorher auftreten. Es liege nicht am Rechner.

Sollte das vielleicht die Lösung meines Problems sein???

Nun hätte ich noch 2 Fragen an dich (hoffe es nervt nicht schon)

1. Soll ich mit deinem "fix" und dem Ausführen von sfc /scannow noch mal bis Freitag Nachmittag warten? (Da kommt der Techniker)

2. Was genau macht dein vorgeschlagener "fix" (ProxyServer: localhost:8080)? Siehst du aufgrund der logs noch Fehler auf meinem Rechner?

Vielen Dank nochmal

Gruß
Gepetto

P.S. Soll ich denn nun Combofix etc. wieder deinstallieren??

03.06.2014, 10:07	#12
schrauber /// the machine /// TB-Ausbilder	Nach flash Video Internet langsam die Ordner kannste löschen, den Service mit Revo deinstallieren. Firefox braucht IPv6. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Nach flash Video Internet langsam

Plagegeister aller Art und deren Bekämpfung: Nach flash Video Internet langsam