explorer / firefox antwortet nicht ... gehäuft

schrauber · 20.11.2014, 13:00

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

elagtric · 20.11.2014, 13:31

Zitat:

Zitat von schrauber

hi,
FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-11-2014
Ran by chef (administrator) on WOPR on 20-11-2014 13:22:03
Running from C:\Users\chef\Downloads
Loaded Profile: chef (Available profiles: chef & alle anderen & Sven)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Nitro PDF Software) C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe
(Realtek) C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor Corp.) C:\Program Files\oem\11n USB Wireless LAN Utility\RtWLan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Ruiware LLC) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\mama\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\chef\Downloads\FRST(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-08] (AVAST Software)
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner.exe [4324120 2013-11-22] (Piriform Ltd)
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1154112 2014-07-21] (Ruiware LLC)
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\...\Policies\Explorer: [DisallowRun] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-1461220110-1976370169-1414792120-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.giga.de/androidnews/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494538535243&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {2C93367C-BA9A-4CA2-B582-4B61404C765D} URL = http://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {411EA882-929B-449F-9C65-7CEDED8DEDFE} URL = http://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D26464F524D3D494538535243&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {6BF147B5-7A30-4782-B5B9-8C0AA3632EC8} URL = http://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {80E424A2-185B-4FAE-BA5E-37FBF8B2D48B} URL = http://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {97132A2A-367E-4E5A-9D73-CB11EA3ECCD8} URL = http://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&mode=bounce&k=0
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1461220110-1976370169-1414792120-1000 -> {CC2AE24D-3E94-4B16-8A85-7B52A831737B} URL = http://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=0f8a6cfe-902a-4c11-8265-9538cb8a19a4&pid=proxtubede&mode=bounce&k=0
BHO: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\chef\AppData\LocalLow\IE-BHO\bho.dll ()
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default
FF Homepage: metager.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\user.js
FF Extension: Ghostery - C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\Extensions\firefox@ghostery.com.xpi [2014-03-21]
FF Extension: TrackMeNot - C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\Extensions\trackmenot@mrl.nyu.edu.xpi [2014-03-21]
FF Extension: Walnut for Firefox - C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\Extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}.xpi [2014-05-11]
FF Extension: NoScript - C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-21]
FF Extension: Adblock Plus - C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-21]
FF Extension: BetterPrivacy - C:\Users\chef\AppData\Roaming\Mozilla\Firefox\Profiles\hu9w8ya7.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-03-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-19]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\mama\Mozilla Firefox\firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\chef\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM\...\Chrome\Extension: [aelagkdenjbofboohaniobdlpgiefdcd] - C:\Users\chef\ChromeExtensions\aelagkdenjbofboohaniobdlpgiefdcd\amazon-icon-swde.crx [2014-10-26]
CHR HKLM\...\Chrome\Extension: [cfigonhgidedenkkhlilmefgodjpefna] - C:\Users\chef\AppData\Local\CRE\cfigonhgidedenkkhlilmefgodjpefna.crx [2014-10-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [291840 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-26] (AVAST Software)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2014-09-03] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Nitro\Reader 3\NitroPDFReaderDriverService3.exe [196624 2013-03-26] (Nitro PDF Software)
R2 RealtekCU; C:\Program Files\oem\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [48256 2012-04-09] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-04-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-05-15] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [777488 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411680 2014-05-15] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180632 2014-04-26] ()
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-11-05] (Disc Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [864360 2011-09-06] (Realtek Semiconductor Corporation                           )
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [320120 2014-11-05] (Duplex Secure Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-18] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\Users\chef\AppData\Local\Temp\catchme.sys [X]
S1 gfjnxobt; \??\C:\Windows\system32\drivers\gfjnxobt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NANMp50; System32\Drivers\NANMp50.sys [X]
S3 NANSp50; System32\Drivers\NANSp50.sys [X]
S3 netr28u; system32\DRIVERS\netr28u.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 RTL8192su; system32\DRIVERS\RTL8192su.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP3\WNt500x86\Sandra.sys [X]
S1 vdrv1000; system32\DRIVERS\vdrv1000.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 13:21 - 2014-11-20 13:21 - 01108992 _____ (Farbar) C:\Users\chef\Downloads\FRST(1).exe
2014-11-20 12:33 - 2014-11-20 12:34 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-20 12:33 - 2014-11-20 12:33 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-11-20 12:33 - 2014-11-20 12:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-11-20 12:33 - 2014-11-20 12:33 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-11-20 12:33 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-20 12:30 - 2014-11-20 12:32 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\chef\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-20 10:40 - 2014-11-20 10:40 - 00000022 _____ () C:\Windows\S.dirmngr
2014-11-20 07:50 - 2014-11-20 12:06 - 00054183 ____N () C:\Windows\WindowsUpdate.log
2014-11-16 11:36 - 2014-11-19 07:42 - 00002429 _____ () C:\Users\chef\Desktop\Corel Painter IX.lnk
2014-11-16 11:35 - 2014-11-16 11:35 - 00000000 ____D () C:\Users\chef\AppData\Roaming\Corel
2014-11-16 11:34 - 2014-11-16 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Painter IX
2014-11-16 11:33 - 2014-11-16 11:33 - 00000000 ____D () C:\Program Files\Corel
2014-11-16 11:19 - 2014-11-16 11:30 - 111959992 _____ (Corel Corporation ) C:\Users\chef\Downloads\CorelPainterIX.5TBYBEN.exe
2014-11-15 06:55 - 2014-11-15 06:56 - 01826500 _____ () C:\Users\chef\Downloads\heroquest-2-08i-en-win.zip
2014-11-15 06:42 - 2014-11-15 06:50 - 00000000 ____D () C:\Users\chef\Downloads\hqo092
2014-11-15 06:41 - 2014-11-15 06:41 - 00000000 ____D () C:\Program Files\hq
2014-11-15 06:36 - 2014-11-15 06:37 - 11482171 _____ () C:\Users\chef\Downloads\hqo092.zip
2014-11-12 13:20 - 2014-10-10 02:01 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 13:20 - 2014-10-10 02:00 - 01259008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 13:20 - 2014-10-10 02:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 13:20 - 2014-10-10 00:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 13:19 - 2014-09-19 01:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:19 - 2014-08-27 01:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 13:19 - 2014-08-27 01:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 13:18 - 2014-10-24 02:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 13:18 - 2014-08-12 03:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 13:17 - 2014-10-18 02:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 13:17 - 2014-10-03 02:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 13:17 - 2014-10-03 02:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 13:17 - 2014-10-03 02:17 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 13:17 - 2014-10-03 02:17 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 13:10 - 2014-10-13 00:34 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 11:23 - 2014-10-27 20:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 11:23 - 2014-10-27 20:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 11:23 - 2014-10-27 20:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 11:23 - 2014-10-27 19:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 11:23 - 2014-10-27 19:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 11:23 - 2014-10-27 19:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 11:23 - 2014-10-27 19:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 11:23 - 2014-10-27 19:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 11:23 - 2014-10-27 19:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 11:23 - 2014-10-27 19:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 11:23 - 2014-10-27 19:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 11:23 - 2014-10-27 19:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 11:23 - 2014-10-27 19:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 11:23 - 2014-10-27 19:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 11:23 - 2014-10-27 19:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 11:23 - 2014-10-27 19:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 11:23 - 2014-10-27 19:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 11:23 - 2014-10-27 19:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 11:23 - 2014-10-27 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 11:23 - 2014-10-27 19:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 11:23 - 2014-10-27 19:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-09 15:37 - 2014-11-09 15:37 - 00000000 ____D () C:\Users\Sven\AppData\Roaming\OpenOffice
2014-11-07 06:22 - 2014-11-07 06:22 - 00031552 _____ () C:\Users\chef\Documents\MiDiMoD.rbs
2014-11-06 09:37 - 2014-11-08 20:37 - 00032768 _____ () C:\Windows\ReBirth RB-338 2.prf
2014-11-06 09:23 - 2014-11-06 09:23 - 00000000 ____D () C:\Users\chef\Downloads\hero
2014-11-06 09:22 - 2014-11-06 09:22 - 00584537 _____ () C:\Users\chef\Downloads\HeroQuest-PC.rar
2014-11-06 07:12 - 2014-11-06 07:12 - 00000000 ____D () C:\Users\chef\AppData\Roaming\Help
2014-11-06 07:12 - 2014-11-06 07:12 - 00000000 ____D () C:\Users\chef\AppData\Local\Help
2014-11-06 07:08 - 2007-02-18 22:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\winhlp32.exe
2014-11-06 07:08 - 2007-02-18 22:11 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\ftsrch.dll
2014-11-06 07:08 - 2007-02-18 22:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\ftlx041e.dll
2014-11-06 07:08 - 2007-02-18 22:11 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\ftlx0411.dll
2014-11-06 07:07 - 2014-11-06 07:08 - 00614819 _____ () C:\Users\chef\Downloads\Windows6.0-KB917607-x86.msu
2014-11-06 06:50 - 2014-11-06 06:50 - 00000931 _____ () C:\Users\chef\Desktop\Rebirth RB-338 2.0.lnk
2014-11-06 06:50 - 2014-11-06 06:50 - 00000000 ____D () C:\Users\chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Propellerhead
2014-11-06 06:50 - 2014-11-06 06:50 - 00000000 ____D () C:\Program Files\Propellerhead
2014-11-06 06:50 - 1998-10-14 20:27 - 00025088 _____ (Propellerhead Software) C:\Windows\ReWire.dll
2014-11-06 06:50 - 1997-11-03 22:10 - 00277776 _____ (Microsoft Corporation) C:\Windows\system\Msvcrt.dll
2014-11-06 06:47 - 2014-11-06 06:47 - 00000000 ____D () C:\Users\chef\Downloads\rebirth_iso_installation
2014-11-06 06:25 - 2014-11-06 06:46 - 224655804 _____ () C:\Users\chef\Downloads\rebirth_iso_installation.zip
2014-11-05 20:48 - 2014-11-05 20:48 - 00000184 _____ () C:\Users\chef\Desktop\Amazon.de.url
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\chef\AppData\Local\Temp401a5942c46c74cee15224829bb906c4_
2014-11-05 20:48 - 2014-11-05 20:48 - 00000000 ____D () C:\Users\chef\AppData\Local\Temp0c4af09e2295b9104f04948d15d12ae6_
2014-11-05 20:47 - 2014-11-05 20:47 - 00000000 ____D () C:\Users\chef\AppData\Local\Tempd1de761ff1a0c79b6dd5525d6282fb41_
2014-11-05 20:27 - 2014-11-05 20:27 - 00243128 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-11-05 20:19 - 2014-11-05 20:19 - 00001735 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-11-05 20:18 - 2014-11-05 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-11-05 20:18 - 2014-11-05 20:18 - 00320120 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2014-11-05 20:17 - 2014-11-06 18:16 - 00000000 ____D () C:\Users\chef\AppData\Roaming\DAEMON Tools Lite
2014-11-05 20:17 - 2014-11-05 20:27 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-11-05 20:16 - 2014-11-05 20:31 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-11-05 20:08 - 2014-11-05 20:09 - 13429504 _____ (Disc Soft Ltd) C:\Users\chef\Downloads\DTLite4491-0356.exe
2014-11-05 19:37 - 2014-11-05 20:11 - 00000000 ___SD () C:\Users\Public\Virtual CDs
2014-10-26 20:20 - 2014-10-26 20:20 - 00000637 _____ () C:\Users\chef\Desktop\ReBirth RB-338.lnk
2014-10-26 20:20 - 2014-10-26 20:20 - 00000000 ____D () C:\Users\chef\ChromeExtensions
2014-10-26 20:20 - 2014-10-26 20:20 - 00000000 ____D () C:\Users\chef\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ReBirth RB-338
2014-10-26 20:20 - 2014-10-26 20:20 - 00000000 ____D () C:\Users\chef\AppData\Local\Temp401a5942c46c74cee15224829bb906c4
2014-10-26 20:20 - 2014-10-26 20:20 - 00000000 ____D () C:\Users\chef\AppData\Local\Temp0c4af09e2295b9104f04948d15d12ae6
2014-10-26 20:19 - 2014-11-06 07:12 - 00000000 ____D () C:\ReBirth RB-338
2014-10-26 20:19 - 2014-11-02 11:59 - 00000000 ____D () C:\Users\chef\AppData\Roaming\WHService
2014-10-26 20:19 - 2014-10-26 20:19 - 00000000 ____D () C:\Users\chef\AppData\Roaming\Security Systems
2014-10-26 20:19 - 2014-10-26 20:19 - 00000000 ____D () C:\Users\chef\AppData\Local\Tempd1de761ff1a0c79b6dd5525d6282fb41
2014-10-26 20:16 - 2014-10-26 20:16 - 01048928 _____ () C:\Users\chef\Downloads\ReBirth-lnstall.exe
2014-10-23 13:49 - 2014-10-23 13:49 - 00000000 ____D () C:\Users\chef\AppData\Local\Adobe
2014-10-22 20:33 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-22 20:32 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-22 20:32 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-22 20:26 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-22 14:45 - 2014-10-22 16:10 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-20 13:22 - 2014-03-24 15:03 - 00016198 _____ () C:\Users\chef\Downloads\FRST.txt
2014-11-20 13:22 - 2014-03-24 15:03 - 00000000 ____D () C:\FRST
2014-11-20 12:40 - 2006-11-02 13:45 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-20 12:40 - 2006-11-02 13:45 - 00003648 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-20 12:33 - 2013-04-08 09:18 - 00000000 ____D () C:\Users\chef\AppData\Roaming\Malwarebytes
2014-11-20 12:33 - 2013-04-08 09:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-20 12:28 - 2006-11-02 11:33 - 01567222 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-20 12:06 - 2013-05-13 21:31 - 00000620 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-20 10:40 - 2006-11-02 13:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-20 09:56 - 2006-11-02 13:58 - 00032510 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-17 22:31 - 2012-11-11 15:06 - 00000000 ____D () C:\Users\chef\AppData\Roaming\vlc
2014-11-16 12:35 - 2013-12-11 17:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 06:29 - 2012-03-31 16:39 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-16 06:29 - 2012-03-31 16:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-14 14:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-12 22:36 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-11-12 22:20 - 2006-11-02 13:44 - 00254728 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 22:17 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-11-12 13:16 - 2013-10-18 12:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 13:11 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-09 16:41 - 2013-12-22 18:38 - 00000000 ____D () C:\ProgramData\TEMP
2014-11-09 14:00 - 2012-08-05 15:51 - 00000996 _____ () C:\Users\Sven\Desktop\Turtle Odyssey 2.lnk
2014-11-06 07:09 - 2006-11-02 16:36 - 00000000 ____D () C:\Windows\de-DE
2014-11-06 06:50 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system
2014-11-05 20:28 - 2012-03-29 12:40 - 00000000 ____D () C:\Users\chef
2014-11-05 20:12 - 2012-04-19 14:44 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-11-05 20:11 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-11-03 13:52 - 2012-04-17 22:37 - 00004630 _____ () C:\Users\chef\Desktop\Neues Textdokument.txt
2014-10-30 12:24 - 2012-03-30 07:39 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-26 16:14 - 2014-10-02 12:16 - 00000000 ____D () C:\Users\chef\AppData\Roaming\gnupg
2014-10-25 19:10 - 2012-04-12 17:01 - 00000000 ____D () C:\Users\chef\AppData\Local\IceChat
2014-10-22 16:10 - 2014-03-20 19:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-22 16:01 - 2012-11-11 14:54 - 00000000 ____D () C:\Users\chef\AppData\Local\Runic Games

Some content of TEMP:
====================
C:\Users\alle anderen\AppData\Local\temp\avgnt.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-20 10:45

==================== End Of Log ============================

--- --- ---
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

die additions.txt ist nicht neu, schon bissl her, aber trotzdem :

---
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01
Ran by chef at 2014-03-24 15:03:34
Running from C:\Users\chef\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3825F8BD-F784-6FBB-A5CD-857559148007}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
AMD VISION Engine Control Center (Version: 2012.1219.1521.27485 - Ihr Firmenname) Hidden
ATI AVIVO Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.1.0 - Auslogics Labs Pty Ltd)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.1219.1520.27485 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Commander (HKLM\...\Commander) (Version: - )
Daum PotPlayer 1.5.40688 (HKLM\...\PotPlayer) (Version: - )
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
File Commander/W (HKLM\...\{4F6B70B1-EFFA-469F-A7B8-94A565C1B31F}) (Version: 2.40 - Brian Havard)
Fizzball (HKLM\...\BFG-Fizzball) (Version: - )
FreeCommander 2009.02b (HKLM\...\FreeCommander_is1) (Version: 2009.02 - Marek Jasinski)
HydraVision (Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
IceChat 7.70 (Build 20101031) (HKLM\...\IceChat_is1) (Version: 7.70 - IceChat Networks)
inSSIDer (HKLM\...\{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}) (Version: 2.1.1 - MetaGeek)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Nitro Reader 3 (HKLM\...\{36A1AA90-FB87-4B29-82F3-B116B0023167}) (Version: 3.5.2.10 - Nitro)
NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Pizza Dude (HKLM\...\Pizza Dude_is1) (Version: 1.0 - MyPlayCity, Inc.)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Revo Uninstaller 1.93 (HKLM\...\Revo Uninstaller) (Version: 1.93 - VS Revo Group)
RK-WLAN-Keygen (HKLM\...\RK-WLAN-Keygen_is1) (Version: 1.4 - Robert Knapp Software)
Security Task Manager 1.8g (HKLM\...\Security Task Manager) (Version: 1.8g - Neuber Software)
SiSoftware Sandra Lite 2012.SP3 (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 18.40.2012.5 - SiSoftware)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
Subsea Relic (HKLM\...\Subsea Relic_is1) (Version: 1.0 - MyPlayCity, Inc.)
Torchlight II (HKLM\...\{55F7D521-17CA-454D-9D4D-975EF2E10708}_is1) (Version: - White Rabbit Interactive)
Turtle Odyssey 2 (HKLM\...\Turtle Odyssey 2) (Version: - )
Ultra Defragmenter (HKLM\...\UltraDefrag) (Version: 6.0.2 - UltraDefrag Development Team)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.1.2014 - BillP Studios)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wireless LAN Driver and Utility (HKLM\...\{9C049499-055C-4A0C-A916-1D12314F45EB}) (Version: 1.00.0183 - Co.,Ltd.)

==================== Restore Points =========================

13-03-2014 22:00:46 Windows Update
13-03-2014 22:55:43 Windows Update
15-03-2014 09:53:15 Geplanter Prüfpunkt
15-03-2014 18:59:32 Windows Update
18-03-2014 21:41:32 Windows Update
19-03-2014 16:27:34 Geplanter Prüfpunkt
19-03-2014 18:35:41 Revo Uninstaller's restore point - Avira Free Antivirus
19-03-2014 18:53:51 avast! antivirus system restore point
20-03-2014 14:46:18 Geplanter Prüfpunkt
20-03-2014 16:27:24 Revo Uninstaller's restore point - Mozilla Firefox 28.0 (x86 de)
20-03-2014 16:28:58 Revo Uninstaller's restore point - Google Chrome
20-03-2014 16:30:25 Revo Uninstaller's restore point - Free YouTube to MP3 Converter version 3.11.34.1015
20-03-2014 16:31:25 Revo Uninstaller's restore point - Microsoft Silverlight
20-03-2014 16:31:38 Removed Microsoft Silverlight
20-03-2014 16:33:22 Revo Uninstaller's restore point - Tiny Youtube Converter 1.6
20-03-2014 16:33:43 Removed Tiny Youtube Converter 1.6
23-03-2014 10:00:00 Windows Update
24-03-2014 13:20:34 Revo Uninstaller's restore point - MyDefrag v4.3.1

==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-03-13 23:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2D2DEC4F-74BB-4FB5-9626-21B3A60365F1} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {2F2205D4-5436-49A0-892C-2A7E06D950E4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {48532C1B-0A33-468A-9FD0-7FBD32011A98} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {5BFA86C4-2A30-44DC-8B26-0CEFD049D8BC} - \WPD\SqmUpload_S-1-5-21-1461220110-1976370169-1414792120-1000 No Task File
Task: {6D8C4D6D-8246-4F4F-90BC-FF9EA222D078} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {747A4083-D19A-46A2-A99D-A3236076DF27} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {82EE28F0-4EEC-4C5D-98B0-62841C6EFAE5} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {84356A22-A76A-4E94-8A8A-4C9AECCC57EC} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8E3B76BD-F61C-4784-8077-206C06DE4E8F} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {9348E16E-26B4-4BA3-BA03-5CBA4919B7B5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-23] (Adobe Systems Incorporated)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-18] (Microsoft Corporation)
Task: {C8B3025B-D21E-4527-BBC6-CDFBFEB026E1} - \Microsoft\Windows\Bluetooth\UninstallDeviceTask No Task File
Task: {F34CA2D1-473C-4E6B-B64D-93031B716607} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-19] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job.bak => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-03-24 14:14 - 2014-03-24 08:41 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032400\algo.dll
2012-12-19 15:31 - 2012-12-19 15:31 - 00065024 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-04-06 02:09 - 2012-04-06 02:09 - 00037376 _____ () C:\Windows\system32\atitmpxx.dll
2013-05-13 21:31 - 2012-11-13 13:06 - 00528288 _____ () C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-05-13 21:31 - 2012-11-13 13:06 - 00108960 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-05-13 21:31 - 2012-11-13 13:06 - 00416160 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-05-13 21:31 - 2012-11-13 13:06 - 00158624 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-05-13 21:31 - 2012-11-13 13:06 - 00554400 _____ () C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2013-05-13 21:31 - 2012-08-23 08:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-03-19 19:54 - 2014-03-19 19:54 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-12-27 18:24 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files\oem\11n USB Wireless LAN Utility\EnumDevLib.dll
2014-03-12 17:54 - 2014-02-18 04:46 - 00643948 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2014-03-21 09:41 - 2014-03-15 09:40 - 03642480 _____ () C:\Program Files\mama\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\chef:gs5sys
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:3BE7E50E
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\chef\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\chef\Cookies:gs5sys
AlternateDataStreams: C:\Users\chef\Lokale Einstellungen:gs5sys
AlternateDataStreams: C:\Users\chef\Vorlagen:gs5sys
AlternateDataStreams: C:\Users\chef\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\chef\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\chef\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\chef\AppData\Local\Anwendungsdaten:gs5sys
AlternateDataStreams: C:\Users\chef\AppData\Local\Verlauf:gs5sys
AlternateDataStreams: C:\Users\chef\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intellinet Wireless Utility.lnk => C:\Windows\pss\Intellinet Wireless Utility.lnk.CommonStartup
MSCONFIG\startupreg: HydraVisionDesktopManager => "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8168/8111-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.0)
Description: Realtek RTL8168/8111-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.0)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8169
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-03-13 11:51:30.607
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:30.421
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:30.228
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:30.043
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:29.855
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:29.664
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:29.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:29.146
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:28.957
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

Date: 2014-03-13 11:51:28.769
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 3325.17 MB
Available physical RAM: 1978.54 MB
Total Pagefile: 6884.35 MB
Available Pagefile: 5408.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:153.38 GB) (Free:103.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 153 GB) (Disk ID: 3FA8567C)
Partition 1: (Active) - (Size=153 GB) - (Type=07 NTFS)

==================== End Of Log ============================

hoffe, alles halbwegs hinbekommen zu haben.

explorer / firefox antwortet nicht ... gehäuft

Plagegeister aller Art und deren Bekämpfung: explorer / firefox antwortet nicht ... gehäuft

explorer / firefox antwortet nicht ... gehäuft

explorer / firefox antwortet nicht ... gehäuft

Ähnliche Themen: explorer / firefox antwortet nicht ... gehäuft