Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 x64: Internetverbindung schlagartig runter auf 100kbps. (https://www.trojaner-board.de/150190-windows-7-x64-internetverbindung-schlagartig-runter-100kbps.html)

DrFux 23.02.2014 17:08
Windows 7 x64: Internetverbindung schlagartig runter auf 100kbps.
 
Hallo,
der Rechner meiner Freundin ist seit heute morgen sehr langsam im Internet unterwegs. Leitung kann es nicht sein, da Tablet und mein Rechner super laufen im Netz.

Vielleicht könnt Ihr mir ja helfen das Problem zu lösen. Hier ein paar Log-Dateien

(Musste sie als Archiv anhängen weil Sie zu lang waren laut Forum.)

Danke euch schonmal.

cosinus 23.02.2014 23:36
Hi,

Logs bitte NICHT in den Anhang stecken, immer direkt posten in CODE-Tags

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

DrFux 24.02.2014 09:26
Hey,
wollte ich ja machen, als ich das Thema dann posten wollte, stand da eine Fehlermeldung in Form:

"Der Text, den Sie eingegeben haben, besteht aus 410112 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.
Logs bitte als Archiv an den Beitrag anhängen!"

Ich versuchs dann hier nochmal aufzuteilen:

defogger
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:37 on 23/02/2014 (Kathrin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 01
Ran by Kathrin (administrator) on KATHRIN-PC on 23-02-2014 16:40:24
Running from D:\Desktop\fehler
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Dropbox, Inc.) C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-23] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [ISW] - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1127592 2012-11-22] (Check Point Software Technologies)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2010-11-29] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-03-27] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\RunOnce: [SpybotSnD] - "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /autocheck [5365592 2009-01-26] (Safer Networking Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation)
HKU\S-1-5-21-438941080-4136186514-2544079810-1000\...\Run: [GizmoDriveDelegate] - RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
HKU\S-1-5-21-438941080-4136186514-2544079810-1000\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6563608 2014-01-06] (SUPERAntiSpyware)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2010-11-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2010-11-29] (NVIDIA Corporation)
Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=3bfe87bf2256452cb43a6600a169006c&tu=10G9000811B0008&sku=&tstsId=&ver=&
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30876F6D184FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default
FF SelectedSearchEngine: Google
FF NetworkProxy: "http", "contentdl"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\moveplayer@movenetworks.com [2013-05-12]
FF Extension: SeoQuake - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-20]
FF Extension: DownloadHelper - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-04]
FF Extension: YouTube to MP3 - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-05-12]
FF Extension: Web Developer - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-05-12]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.xpi [2013-05-12]
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: No Name - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-06-04]
CHR Extension: (Google Docs) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-12]
CHR Extension: (Google Drive) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-12]
CHR Extension: (YouTube) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-12]
CHR Extension: (Google-Suche) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-12]
CHR Extension: (AdBlock) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15]
CHR Extension: (PageRank Status) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-09-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-22]
CHR Extension: (Google Wallet) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-05-21]
CHR Extension: (Google Mail) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2013-05-12] (Arainia Solutions)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [828072 2012-11-22] (Check Point Software Technologies)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] ()
R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [331512 2010-06-25] (QUALCOMM, Inc.)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2447888 2013-03-27] (Check Point Software Technologies LTD)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [463912 2010-06-09] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2013-05-12] (Arainia Solutions LLC)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33712 2012-11-22] (Check Point Software Technologies)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450136 2012-12-13] (Check Point Software Technologies LTD)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-23 16:38 - 2014-02-23 16:40 - 00000000 ____D () C:\FRST
2014-02-23 16:37 - 2014-02-23 16:37 - 00000000 _____ () C:\Users\Kathrin\defogger_reenable
2014-02-23 16:03 - 2014-02-23 16:03 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\SUPERAntiSpyware.com
2014-02-23 15:59 - 2014-02-23 16:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-23 15:59 - 2014-02-23 15:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-23 15:26 - 2014-02-23 15:38 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 15:26 - 2014-02-23 15:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-23 13:56 - 2014-02-23 13:57 - 00000000 ____D () C:\AdwCleaner
2014-02-16 19:25 - 2014-02-16 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:23 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 21:23 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 21:23 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 21:23 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 21:23 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 21:23 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 21:23 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 21:23 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 21:23 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 21:23 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 21:23 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 21:23 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 21:23 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 21:23 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 21:23 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 21:23 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 21:23 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 21:23 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 21:23 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 21:23 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 21:23 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 21:23 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 21:23 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 21:23 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 21:23 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 21:23 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 21:23 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 21:23 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 21:23 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 21:23 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 21:23 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 21:23 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 21:23 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 21:23 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 21:23 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 21:23 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 21:23 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 21:23 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 21:23 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 21:23 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 21:23 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 06:41 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 06:41 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 06:41 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 06:41 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 06:41 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 06:41 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 06:41 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 06:41 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 06:41 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 06:41 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 06:41 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 06:41 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 06:41 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 06:41 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 06:41 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 06:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 06:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 06:41 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 06:41 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 06:41 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 06:41 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 06:41 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 06:41 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 06:41 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-06 11:26 - 2014-02-06 18:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-01-29 19:03 - 2013-02-08 17:00 - 00755744 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMC211.dll
2014-01-29 19:02 - 2014-01-29 19:02 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-01-29 19:02 - 2014-01-29 19:02 - 00000000 ____D () C:\ProgramData\HP
2014-01-29 19:02 - 2014-01-29 19:02 - 00000000 ____D () C:\Program Files\HP
2014-01-29 19:02 - 2014-01-29 19:02 - 00000000 ____D () C:\Program Files (x86)\HP
2014-01-29 19:01 - 2014-01-29 19:08 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\HP

==================== One Month Modified Files and Folders =======

2014-02-23 16:40 - 2014-02-23 16:38 - 00000000 ____D () C:\FRST
2014-02-23 16:37 - 2014-02-23 16:37 - 00000000 _____ () C:\Users\Kathrin\defogger_reenable
2014-02-23 16:37 - 2013-05-12 14:11 - 00000000 ____D () C:\Users\Kathrin
2014-02-23 16:36 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-23 16:36 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-23 16:15 - 2013-05-12 14:42 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-23 16:03 - 2014-02-23 16:03 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\SUPERAntiSpyware.com
2014-02-23 16:03 - 2014-02-23 15:59 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-23 15:59 - 2014-02-23 15:59 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-02-23 15:44 - 2013-05-12 14:11 - 01436161 _____ () C:\Windows\WindowsUpdate.log
2014-02-23 15:40 - 2013-05-28 17:31 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Dropbox
2014-02-23 15:40 - 2013-05-13 10:12 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\FreePDF_XP
2014-02-23 15:39 - 2013-05-20 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-23 15:39 - 2013-05-12 14:42 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 15:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-23 15:39 - 2009-07-14 05:51 - 00084856 _____ () C:\Windows\setupact.log
2014-02-23 15:38 - 2014-02-23 15:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 15:26 - 2014-02-23 15:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-23 15:11 - 2013-05-12 15:23 - 00018280 _____ () C:\Windows\PFRO.log
2014-02-23 14:01 - 2013-05-12 15:41 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\CheckPoint
2014-02-23 14:00 - 2009-07-14 18:58 - 00654400 _____ () C:\Windows\system32\perfh007.dat
2014-02-23 14:00 - 2009-07-14 18:58 - 00130240 _____ () C:\Windows\system32\perfc007.dat
2014-02-23 14:00 - 2009-07-14 06:13 - 01498742 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-23 13:57 - 2014-02-23 13:56 - 00000000 ____D () C:\AdwCleaner
2014-02-23 13:51 - 2013-05-12 17:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 09:17 - 2013-05-12 15:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-22 09:16 - 2013-05-14 22:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-20 17:10 - 2013-05-12 17:26 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Skype
2014-02-16 22:10 - 2013-05-12 14:42 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 22:10 - 2013-05-12 14:42 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 19:25 - 2014-02-16 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-09 10:25 - 2013-05-12 15:48 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Adobe
2014-02-06 18:28 - 2014-02-06 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-06 13:16 - 2014-02-13 21:23 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 21:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 21:23 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 21:23 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 21:23 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 21:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 21:23 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 21:23 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 21:23 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 21:23 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 21:23 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 21:23 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 21:23 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 21:23 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 21:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 21:23 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 21:23 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 21:23 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 21:23 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 21:23 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 21:23 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 21:23 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 21:23 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 21:23 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 21:23 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 21:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 21:23 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 21:23 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 21:23 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 21:23 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 21:23 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 21:23 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 21:23 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 21:23 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 21:23 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 21:23 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 21:23 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 21:23 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 21:23 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-01-29 19:09 - 2013-05-12 14:11 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\VirtualStore
2014-01-29 19:08 - 2014-01-29 19:01 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\HP
2014-01-29 19:02 - 2014-01-29 19:02 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-01-29 19:02 - 2014-01-29 19:02 - 00000000 ____D () C:\ProgramData\HP
2014-01-29 19:02 - 2014-01-29 19:02 - 00000000 ____D () C:\Program Files\HP
2014-01-29 19:02 - 2014-01-29 19:02 - 00000000 ____D () C:\Program Files (x86)\HP

Some content of TEMP:
====================
C:\Users\Kathrin\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-18 19:50

==================== End Of Log ============================
--- --- ---

--- --- ---


FRST Addition.txt
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2014 01
Ran by Kathrin at 2014-02-23 16:40:41
Running from D:\Desktop\fehler
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.174 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 8.0.1489.0 - AVAST Software)
AVerISDBMail 1.0.1.1 (HKLM-x32\...\AVerISDBMail) (Version: 1.0.1.1 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia A319 MiniCard Pure ISDBT 1.4.64.45 (HKLM-x32\...\AVerMedia A319 MiniCard Pure ISDBT) (Version: 1.4.64.45 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia H339 Hybrid TV Tuner 2.2.64.69 (HKLM-x32\...\AVerMedia H339 Hybrid TV Tuner) (Version: 2.2.64.69 - AVerMedia TECHNOLOGIES, Inc.)
Brackets (HKLM-x32\...\{6F819C73-49DB-4AC5-8B6A-993354E34819}) (Version: 0.34.1 - brackets.io)
Dell Mobile Broadband Utility (HKLM-x32\...\Dell Mobile Broadband Utility) (Version: 3.00.23.003 - Novatel Wireless)
Dell Mobile Broadband Utility (x32 Version: 3.00.23.003 - Novatel Wireless Inc.) Hidden
Dell Wireless HSPA Mini-Card Drivers (HKLM-x32\...\{9D583F01-A973-4B04-90BD-FB7886779090}) (Version: 6.1.24.4 - Dell)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
FreePDF (Remove only) (HKLM-x32\...\FreePDF_XP) (Version:  - )
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HP Deskjet 2540 series - Grundlegende Software für das Gerät (HKLM\...\{E1F12296-09D5-4B82-9D2C-E54CC9FF1D15}) (Version: 30.0.1093.41190 - Hewlett-Packard Co.)
InstallVC90Support (x32 Version: 1.01.0000 - Novatel Wireless) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}) (Version: 6.01.0000 - Intel Corporation)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.52.4 - JMicron Technology Corp.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.3.0 (x86 de)) (Version: 24.3.0 - Mozilla)
Nero 7 Premium (HKLM-x32\...\{F14B8ECC-BDA0-4987-9201-D7B7DBE11031}) (Version: 7.02.0936 - Nero AG)
NVIDIA 3D Vision Treiber 265.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 265.94 - NVIDIA Corporation)
NVIDIA Grafiktreiber 265.94 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 265.94 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.9 (Version: 1.0.9 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6594 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 265.94 (Version: 265.94 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.9 - NVIDIA Corporation) Hidden
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Qualcomm Gobi 2000 Package for Dell (HKLM-x32\...\{55958FAE-1862-4EE5-96BB-B9309CACE1C0}) (Version: 1.1.170 - QUALCOMM)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.34.1130.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6263 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated)
TweetDeck (HKLM-x32\...\{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}) (Version: 2.7.1 - Twitter, Inc.)
UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.64  - Nullsoft, Inc)
WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
ZoneAlarm Firewall (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 11.0.000.504 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.000.504 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar  (x32 Version: 1.8.11.11 - Check Point Software Technologies LTD) Hidden

==================== Restore Points  =========================

07-02-2014 08:46:27 Windows Update
11-02-2014 08:49:14 Windows Update
13-02-2014 20:22:45 Windows Update
18-02-2014 05:40:39 Windows Update
22-02-2014 08:21:21 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0AAE4E10-7A2C-4D2C-A673-F9582D69C639} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
Task: {927A1AAC-82A8-489B-A539-B1C87CFC5B90} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2013-05-12] (Arainia Solutions)
Task: {AAB18B38-CD17-4E52-BD5C-7C2A2C6AC16A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {E3A74F8C-67ED-458D-B142-A5482F070BD6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-12] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-12-17 12:53 - 2010-12-17 12:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-05-13 10:12 - 2010-06-17 19:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2009-12-29 15:35 - 2009-12-29 15:35 - 00083456 _____ () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
2013-05-12 15:19 - 2006-12-11 01:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-05-12 15:20 - 2013-05-12 15:20 - 00367728 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2010-12-17 12:53 - 2010-12-17 12:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-05-12 14:51 - 2010-11-29 03:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-20 19:44 - 2010-12-17 09:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-02-13 03:37 - 2013-02-13 03:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-02-23 14:01 - 2014-02-23 08:48 - 02272768 _____ () C:\Program Files\AVAST Software\Avast\defs\14022300\algo.dll
2013-05-12 14:19 - 2010-02-17 11:20 - 00065576 ____R () C:\Program Files (x86)\Dell\Dell WWAN\WMCore\MBMDebug.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2014 09:16:24 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017e40
ID des fehlerhaften Prozesses: 0x1b6c
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_168.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe2
Berichtskennung: FlashPlayerPlugin_11_8_800_168.exe3

Error: (02/21/2014 08:54:56 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe, Version: 11.8.800.168, Zeitstempel: 0x52223bb7
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017e40
ID des fehlerhaften Prozesses: 0x650
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_8_800_168.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe2
Berichtskennung: FlashPlayerPlugin_11_8_800_168.exe3

Error: (02/13/2014 09:19:34 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.88, Zeitstempel: 0x511afc59
Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version: 0.0.0.0, Zeitstempel: 0x4a5bda75
Ausnahmecode: 0xc0000005
Fehleroffset: 0x73ab2505
ID des fehlerhaften Prozesses: 0x15ac
Startzeit der fehlerhaften Anwendung: 0xDivXUpdate.exe0
Pfad der fehlerhaften Anwendung: DivXUpdate.exe1
Pfad des fehlerhaften Moduls: DivXUpdate.exe2
Berichtskennung: DivXUpdate.exe3

Error: (02/13/2014 06:47:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FF_Protection.exe, Version: 2.0.0.3, Zeitstempel: 0x4d026f18
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x131c
Startzeit der fehlerhaften Anwendung: 0xFF_Protection.exe0
Pfad der fehlerhaften Anwendung: FF_Protection.exe1
Pfad des fehlerhaften Moduls: FF_Protection.exe2
Berichtskennung: FF_Protection.exe3

Error: (02/09/2014 10:25:38 AM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Error: (02/09/2014 10:25:38 AM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Error: (02/09/2014 10:25:38 AM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Error: (02/09/2014 10:25:38 AM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Error: (02/09/2014 10:25:38 AM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)

Error: (02/09/2014 10:25:38 AM) (Source: Adobe Version Cue CS3) (User: )
Description: AssetServicesCS3class vcfoundation::base::VCIllegalState: IVCPipeServer already closed
Trace: (null)


System errors:
=============
Error: (02/23/2014 03:45:38 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/23/2014 02:24:26 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/23/2014 02:04:50 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/23/2014 10:19:23 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/22/2014 09:38:12 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/20/2014 07:57:54 AM) (Source: DCOM) (User: )
Description: {B77C4C36-0154-4C52-AB49-FAA03837E47F}

Error: (02/19/2014 06:53:37 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/18/2014 06:50:59 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/17/2014 07:22:51 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.

Error: (02/17/2014 03:16:28 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (10/26/2013 01:17:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3732 seconds with 3480 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-23 16:32:05.255
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 16:26:32.378
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 15:59:42.800
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 15:38:56.249
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 15:21:24.991
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 15:10:36.485
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 14:37:29.150
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 14:28:38.086
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 13:57:35.691
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 13:50:19.394
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 8086.17 MB
Available physical RAM: 5607.67 MB
Total Pagefile: 16170.52 MB
Available Pagefile: 13622.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:283.34 GB) (Free:220.79 GB) NTFS
Drive d: (Eigene Dateien) (Fixed) (Total:298.09 GB) (Free:64.59 GB) NTFS
Drive f: () (Removable) (Total:1.88 GB) (Free:0.23 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8DECCE77)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2 GB) (Disk ID: 00D7EB54)

Partition: GPT Partition Type.

==================== End Of Log ============================

DrFux 24.02.2014 09:29
Hier der Rest:
GMER kann ich nicht in einem Post innerhalb einer Codezeile posten, da es zu viele Zeichen sind.

MalwareByte
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.23.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Kathrin :: KATHRIN-PC [Administrator]

23.02.2014 14:30:53
mbam-log-2014-02-23 (14-30-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 407821
Laufzeit: 39 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.InstalleRex) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
OTL
Code:
OTL logfile created on: 23.02.2014 16:51:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Desktop\fehler
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,30% Memory free
15,79 Gb Paging File | 13,38 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,34 Gb Total Space | 220,57 Gb Free Space | 77,85% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 64,59 Gb Free Space | 21,67% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 0,23 Gb Free Space | 12,25% Space Free | Partition Type: FAT32
 
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Desktop\fehler\OTL.exe (OldTimer Tools)
PRC - C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe (QUALCOMM, Inc.)
PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Gizmo Central) -- C:\Program Files (x86)\Gizmo\gservice.exe (Arainia Solutions)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (DMAgent) -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV - (WiMAXAppSrv) -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (QDLService2kDell) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe (QUALCOMM, Inc.)
SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (GizmoDrv) -- C:\Windows\SysNative\drivers\gizmodrv.sys (Arainia Solutions LLC)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (Acceler) -- C:\Windows\SysNative\drivers\Accelern.sys (ST Microelectronics)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (stdcfltn) -- C:\Windows\SysNative\drivers\stdcfltn.sys (ST Microelectronics)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.zonealarm.com/?src=hp&tbid=base2013&Lan=de&gu=3bfe87bf2256452cb43a6600a169006c&tu=10G9000811B0008&sku=&tstsId=&ver=&
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 87 6F 6D 18 4F CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledAddons: youtube2mp3%40mondayx.de:1.2.3
FF - prefs.js..extensions.enabledAddons: %7B317B5128-0B0B-49b2-B2DB-1E7560E16C74%7D:2.8.13
FF - prefs.js..extensions.enabledAddons: %7Bc45c406e-ab73-11d8-be73-000a95be3b12%7D:1.2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.4.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.7.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..network.proxy.http: "contentdl"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.05.12 15:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.05.12 15:35:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.05.12 15:41:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.08.25 09:48:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.02.16 19:25:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.02.06 11:26:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.02.06 11:26:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.02.16 19:25:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2014.02.06 11:26:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2014.02.06 11:26:35 | 000,000,000 | ---D | M]
 
[2013.05.12 15:02:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Extensions
[2014.02.23 13:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\75q1k79o.default\extensions
[2013.10.20 12:25:03 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\75q1k79o.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2013.09.04 19:30:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\75q1k79o.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.12 15:10:49 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Kathrin\AppData\Roaming\mozilla\Firefox\Profiles\75q1k79o.default\extensions\moveplayer@movenetworks.com
[2011.11.08 18:51:24 | 000,011,510 | ---- | M] () (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\75q1k79o.default\extensions\youtube2mp3@mondayx.de.xpi
[2013.05.24 09:35:20 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\75q1k79o.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2011.06.18 18:19:04 | 000,465,778 | ---- | M] () (No name found) -- C:\Users\Kathrin\AppData\Roaming\mozilla\firefox\profiles\75q1k79o.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.xpi
[2014.02.16 19:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.02.16 19:25:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.6_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.7_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.8_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.1_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.10_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.2_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.3_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.7_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.8_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.6.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.6_0\
CHR - Extension: Google Docs = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.13_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: AdBlock = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: PageRank Status = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.5.3.0_0\
CHR - Extension: PageRank Status = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.5.5.2_0\
CHR - Extension: PageRank Status = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.6.0.0_0\
CHR - Extension: PageRank Status = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\8.6.1.0_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.0_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.10_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.12_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.14_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.16_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.2_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.20_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.4_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.6_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.0_0\
CHR - Extension: LastPass: Free Password Manager = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.1.1_0\
CHR - Extension: Google Wallet = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Google Wallet = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: 20-20 3D Viewer for IKEA = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp\5.0.94.1_1\
CHR - Extension: Google Mail = C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\bh\zonealarm.dll (Check Point Software Technologies LTD)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.11.11\zonealarmTlbr.dll (Check Point Software Technologies LTD)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKLM..\RunOnce: [SpybotSnD] C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E0EF194-C574-4771-A050-4BD0DF840B79}: DhcpNameServer = 10.20.17.3 10.20.17.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{752D725E-A7C4-4D54-8F8F-C32DADC9D1E0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.02.23 16:38:09 | 000,000,000 | ---D | C] -- C:\FRST
[2014.02.23 16:34:52 | 000,000,000 | ---D | C] -- D:\Desktop\fehler
[2014.02.23 16:03:48 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Roaming\SUPERAntiSpyware.com
[2014.02.23 16:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014.02.23 15:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014.02.23 15:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014.02.23 15:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014.02.23 15:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.02.23 15:26:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2014.02.23 14:39:12 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- D:\Desktop\spybotsd162.exe
[2014.02.23 14:39:10 | 029,393,568 | ---- | C] (SUPERAntiSpyware) -- D:\Desktop\SUPERAntiSpyware.exe
[2014.02.23 13:56:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.02.16 19:25:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.02.13 21:23:50 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.02.13 21:23:14 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.13 21:23:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.13 21:23:13 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.13 21:23:13 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.13 21:23:12 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.13 21:23:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.13 21:23:12 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.13 21:23:11 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.13 21:23:11 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.13 21:23:11 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.13 21:23:11 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.13 21:23:11 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.13 21:23:11 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.13 21:23:11 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.13 21:23:10 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.13 21:23:10 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.13 21:23:10 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.13 21:23:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.13 21:23:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.13 21:23:09 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.13 21:23:08 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.13 21:23:08 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.13 21:23:04 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.13 19:46:16 | 000,000,000 | ---D | C] -- D:\Desktop\kristina
[2014.02.13 06:41:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.02.13 06:41:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.02.13 06:41:12 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014.02.13 06:41:12 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014.02.13 06:41:12 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014.02.13 06:41:12 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014.02.13 06:41:12 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014.02.13 06:41:11 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014.02.13 06:41:11 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014.02.13 06:41:11 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014.02.13 06:41:11 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014.02.13 06:41:11 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014.02.13 06:41:11 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014.02.13 06:41:11 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014.02.13 06:41:11 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014.02.13 06:41:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014.02.13 06:41:11 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014.02.13 06:41:11 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014.02.13 06:41:11 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014.02.13 06:41:08 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014.02.13 06:41:08 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014.02.09 10:01:31 | 000,000,000 | ---D | C] -- D:\Desktop\Original
[2014.02.06 11:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014.01.29 19:03:24 | 000,755,744 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\HPDiscoPMC211.dll
[2014.01.29 19:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2014.01.29 19:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2014.01.29 19:02:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2014.01.29 19:02:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2014.01.29 19:01:19 | 000,000,000 | ---D | C] -- C:\Users\Kathrin\AppData\Local\HP
 
========== Files - Modified Within 30 Days ==========
 
[2014.02.23 16:37:05 | 000,000,000 | ---- | M] () -- C:\Users\Kathrin\defogger_reenable
[2014.02.23 16:36:06 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.02.23 16:36:06 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.02.23 16:15:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.02.23 16:00:02 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014.02.23 15:39:52 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.23 15:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.23 15:39:26 | 2064,252,927 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.23 14:36:40 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- D:\Desktop\spybotsd162.exe
[2014.02.23 14:33:46 | 029,393,568 | ---- | M] (SUPERAntiSpyware) -- D:\Desktop\SUPERAntiSpyware.exe
[2014.02.23 14:00:58 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.02.23 14:00:58 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.02.23 14:00:58 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.02.23 14:00:58 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.02.23 14:00:58 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.02.23 13:51:44 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.23 13:43:18 | 001,232,565 | ---- | M] () -- D:\Desktop\Hausarbeit WI final.pdf
[2014.02.22 10:17:27 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.02.17 19:28:02 | 000,019,692 | ---- | M] () -- D:\Desktop\Immatrikulationsbescheinigung_HAW_Hamburg_2049268_20141_825_17.02.2014.pdf
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.02.06 11:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.02.06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.02.06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.02.06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.02.06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.02.06 10:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.02.06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.02.04 09:37:14 | 000,459,947 | ---- | M] () -- D:\Desktop\2013-12-Reporting_neu.pdf
[2014.01.29 19:03:23 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
[2014.01.29 19:02:25 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
 
========== Files Created - No Company Name ==========
 
[2014.02.23 16:37:05 | 000,000,000 | ---- | C] () -- C:\Users\Kathrin\defogger_reenable
[2014.02.23 16:00:02 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014.02.23 13:51:44 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014.02.23 10:15:16 | 001,232,565 | ---- | C] () -- D:\Desktop\Hausarbeit WI final.pdf
[2014.02.17 19:28:02 | 000,019,692 | ---- | C] () -- D:\Desktop\Immatrikulationsbescheinigung_HAW_Hamburg_2049268_20141_825_17.02.2014.pdf
[2014.02.04 09:37:13 | 000,459,947 | ---- | C] () -- D:\Desktop\2013-12-Reporting_neu.pdf
[2014.01.29 19:03:23 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk
[2014.01.29 19:02:25 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.05.12 14:52:03 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2013.05.12 14:52:02 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2013.05.12 14:51:59 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
OTL Extra.txt
Code:
OTL Extras logfile created on: 23.02.2014 16:51:53 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Desktop\fehler
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,90 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,30% Memory free
15,79 Gb Paging File | 13,38 Gb Available in Paging File | 84,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,34 Gb Total Space | 220,57 Gb Free Space | 77,85% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 64,59 Gb Free Space | 21,67% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 0,23 Gb Free Space | 12,25% Space Free | Partition Type: FAT32
 
Computer Name: KATHRIN-PC | User Name: Kathrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0093A993-F15E-45F0-8215-3F0B624C49E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{115D49E4-5FD0-4434-8499-21ED599E340E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1874D37D-330D-463E-9E32-A2417398592B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2099692A-9B9B-43EB-B012-06395D1F1D78}" = lport=2869 | protocol=6 | dir=in | app=system |
"{239CC401-96B0-4BEB-B2C6-7741DDF2DBEF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31B73BD7-122F-48D1-8F10-F5978644FE6C}" = lport=137 | protocol=17 | dir=in | app=system |
"{3E34040F-8ABD-4133-936C-48E6ADEC8102}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
"{417C9F67-C9B7-47B1-8ED2-EEC1A8805002}" = rport=138 | protocol=17 | dir=out | app=system |
"{514B42CA-D85D-4843-911E-906C1FCA307B}" = rport=445 | protocol=6 | dir=out | app=system |
"{576BC7AB-3AAC-4B4E-B788-EACA1570A785}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{631ED17A-6FD2-4EF0-99CE-7AC9B9599C33}" = lport=139 | protocol=6 | dir=in | app=system |
"{63489CAE-DCDA-42C7-85C3-9D661EF25A67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{639C4DF3-72B1-480C-AB00-505A987B5076}" = lport=138 | protocol=17 | dir=in | app=system |
"{730513F5-CA2E-43CC-A251-B08884F5489E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79397C93-18F7-4D51-875B-0CDD771B4DED}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{825F33CD-F0AD-4FB8-ABBE-D00117DA414D}" = rport=137 | protocol=17 | dir=out | app=system |
"{85EE7A2F-64FE-4655-9457-BA417DEBA339}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9BFB9D56-6092-4E7A-8B20-E3EF3795299B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B6A32DE0-6D50-4BE3-9694-F00C249109CC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E43BA88A-DBB2-4C11-B763-21892C8EDCA0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA1F429B-C140-415E-9C4A-6B6746E7A1BF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FE037114-A432-4919-B68B-8469E7C0B5A0}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10985DE0-C523-4D45-AAA7-6716D445D781}" = protocol=17 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe |
"{176BE05D-252B-463A-B2F7-02F63CEEA336}" = dir=in | app=c:\program files\hp\hp deskjet 2540 series\bin\devicesetup.exe |
"{21DDE514-88CD-4D5F-B867-497E2F5EB78C}" = dir=in | app=c:\program files\hp\hp deskjet 2540 series\bin\hpnetworkcommunicatorcom.exe |
"{3CFF3E86-E35A-4CAA-975B-F87FE8D0B2B4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{42DDDE56-2B06-4929-B5F4-59152F97F025}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4805CC89-5E6F-480E-AACF-C5018171FD3A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4F43DB86-CBA6-4580-AF8D-BEB1F8D255F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51CA5A55-BA1E-4EA5-BD39-4E50F56E0009}" = protocol=6 | dir=in | app=c:\users\kathrin\appdata\roaming\dropbox\bin\dropbox.exe |
"{52D586C3-ED70-49C8-A94A-EB062FD4A37E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5B2A158E-7F81-4624-B505-4F66DBA561A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BB3AA95-CC67-41DB-847B-C24F11ED2F94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6664955D-A487-4997-B046-37E55CA78358}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70613BA5-AB8E-47E3-85FA-03130BF5857D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71C3A1C2-5C5B-48C7-A0F9-C3C823F9489E}" = dir=in | app=c:\users\kathrin\appdata\local\microsoft\skydrive\skydrive.exe |
"{72A9D7FB-6CB6-4B9D-B898-8B2AE2F4CA9D}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{7904127F-DAA3-4D2E-8FA2-2FD347356620}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A1E7CF4-8FD6-4224-80D5-657D233AA676}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{8AA51C21-516E-4A37-BCA9-E59B5DF80FE9}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CB3F601-F815-4DA8-8259-1AEA4113FE73}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{8E19A0B8-C3C2-432D-8206-485D41D5134A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8E3B8538-CD5C-4B27-807A-2E8CDF2DCF41}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{95DDAA72-FF78-49E4-9CED-C8C0DEFEE5D3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{A1E404AE-50FC-4DFA-A534-1FC7C646CE50}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{BD9CDB8E-2C58-458E-B2B0-A8B144D54D5B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C23F8F51-86A0-4340-AE4D-BE74F8490D93}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD3BBB81-4A81-4AC2-BD5F-AB2BCA930B73}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CFB8A7B8-02E6-458F-82A4-6F40A52DF6B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D229EEEB-4806-4585-883F-349BF8011B31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DFE9E1A7-0628-4DD2-85FC-A1132AB71669}" = protocol=6 | dir=out | app=system |
"{FE7234D6-49C8-4C7B-9756-035E807EDAFE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FFE372AA-37DF-41A5-8CB4-3BC41FD728CC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel(R) PROSet/Wireless WiFi-Software
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 265.94
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 265.94
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{E1F12296-09D5-4B82-9D2C-E54CC9FF1D15}" = HP Deskjet 2540 series - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software
"GPL Ghostscript 9.07" = GPL Ghostscript
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{53652DA6-AD2D-4B0F-80BA-6F3CFE2B48D7}" = ZoneAlarm Security
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CCA4E2-D15D-4927-A866-2D33BFED4A8E}" = ZoneAlarm Firewall
"{55958FAE-1862-4EE5-96BB-B9309CACE1C0}" = Qualcomm Gobi 2000 Package for Dell
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6F819C73-49DB-4AC5-8B6A-993354E34819}" = Brackets
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D583F01-A973-4B04-90BD-FB7886779090}" = Dell Wireless HSPA Mini-Card Drivers
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.9) - Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CCDF8E78-6102-470A-BBE4-9AF13694C716}" = Dell Mobile Broadband Utility
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11031}" = Nero 7 Premium
"{FA6381E9-96D2-4F6F-866C-4D16E5986FF6}" = TweetDeck
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"avast" = avast! Free Antivirus
"AVerISDBMail" = AVerISDBMail 1.0.1.1
"AVerMedia A319 MiniCard Pure ISDBT" = AVerMedia A319 MiniCard Pure ISDBT 1.4.64.45
"AVerMedia H339 Hybrid TV Tuner" = AVerMedia H339 Hybrid TV Tuner 2.2.64.69
"Dell Mobile Broadband Utility" = Dell Mobile Broadband Utility
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FreePDF_XP" = FreePDF (Remove only)
"Gizmo Central" = Gizmo Central
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 27.0.1 (x86 de)" = Mozilla Firefox 27.0.1 (x86 de)
"Mozilla Thunderbird 24.3.0 (x86 de)" = Mozilla Thunderbird 24.3.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"UltraStar Deluxe" = UltraStar Deluxe
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.02.2014 05:25:38 | Computer Name = Kathrin-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 09.02.2014 05:25:38 | Computer Name = Kathrin-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 09.02.2014 05:25:38 | Computer Name = Kathrin-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 09.02.2014 05:25:38 | Computer Name = Kathrin-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 09.02.2014 05:25:38 | Computer Name = Kathrin-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 09.02.2014 05:25:38 | Computer Name = Kathrin-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =
 
Error - 13.02.2014 13:47:53 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FF_Protection.exe, Version: 2.0.0.3,
 Zeitstempel: 0x4d026f18  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x131c  Startzeit der fehlerhaften Anwendung: 0x01cf28e3b650e9f6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: f5f3b731-94d6-11e3-b831-bc7737647a1b
 
Error - 13.02.2014 16:19:34 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DivXUpdate.exe, Version: 1.0.6.88,
 Zeitstempel: 0x511afc59  Name des fehlerhaften Moduls: netprofm.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4a5bda75  Ausnahmecode: 0xc0000005  Fehleroffset: 0x73ab2505
ID
 des fehlerhaften Prozesses: 0x15ac  Startzeit der fehlerhaften Anwendung: 0x01cf28e3bce17578
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Pfad
 des fehlerhaften Moduls: netprofm.dll  Berichtskennung: 26e8c983-94ec-11e3-b831-bc7737647a1b
 
Error - 21.02.2014 15:54:56 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe,
 Version: 11.8.800.168, Zeitstempel: 0x52223bb7  Name des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe,
 Version: 11.8.800.168, Zeitstempel: 0x52223bb7  Ausnahmecode: 0x40000015  Fehleroffset:
 0x00017e40  ID des fehlerhaften Prozesses: 0x650  Startzeit der fehlerhaften Anwendung:
 0x01cf2f3a129b31da  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
Berichtskennung:
 096bb493-9b32-11e3-ab8c-bc7737647a1b
 
Error - 21.02.2014 16:16:24 | Computer Name = Kathrin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_8_800_168.exe,
 Version: 11.8.800.168, Zeitstempel: 0x52223bb7  Name des fehlerhaften Moduls: FlashPlayerPlugin_11_8_800_168.exe,
 Version: 11.8.800.168, Zeitstempel: 0x52223bb7  Ausnahmecode: 0x40000015  Fehleroffset:
 0x00017e40  ID des fehlerhaften Prozesses: 0x1b6c  Startzeit der fehlerhaften Anwendung:
 0x01cf2f3ed06c75df  Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
Berichtskennung:
 090f633e-9b35-11e3-ab8c-bc7737647a1b
 
[ OSession Events ]
Error - 26.10.2013 08:17:13 | Computer Name = Kathrin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3732
 seconds with 3480 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.02.2014 10:16:28 | Computer Name = Kathrin-PC | Source = DCOM | ID = 10010
Description =
 
Error - 17.02.2014 14:22:51 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 18.02.2014 13:50:59 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 19.02.2014 13:53:37 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 20.02.2014 02:57:54 | Computer Name = Kathrin-PC | Source = DCOM | ID = 10010
Description =
 
Error - 22.02.2014 04:38:12 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 23.02.2014 05:19:23 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 23.02.2014 09:04:50 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 23.02.2014 09:24:26 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
Error - 23.02.2014 10:45:38 | Computer Name = Kathrin-PC | Source = BROWSER | ID = 8032
Description =
 
 
< End of report >

cosinus 24.02.2014 10:07
Zitat:
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Enterprise Office? Adobe CS3?
Ist das ein gewerblich genutzter Rechner?

DrFux 24.02.2014 10:23
Keine Ahnung, ist wie gesagt der Rechner meiner Freundin. Sie hat ihn von Ihrem Bruder bekommen, als dieser für sein Unternehmen neue besorgte und die alten halt los werden wollte.

Sie meinte Sie selbst habe nur Spiele installiert der Rest war schon drauf. Gibt es damit ein Problem?

cosinus 24.02.2014 10:45
Weil Firmenrechner hier normalerweise nicht bereinigt werden, für sowas ist die EDV-Abteilung zuständig.

Zitat:
FW: ZoneAlarm Free Firewall Firewall (Disabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
Erstmal würde ich das völlig unnötige ZoneAlarm runterschmeißen. Windows-Firewall ist sinnvoller und viel weniger fehlerträchtig. Sag Bescheid wenn es runter ist.

DrFux 24.02.2014 10:54
Hey,
habe ZoneAlarm deinstalliert unter Systemsteuerung /Programme und Funktionen

Windows Firewall ist aktiv.

cosinus 24.02.2014 11:04
Test mal wie sich die Internetverbindung ohne ZA verhält. Und bitte einen Lauf mit MBAR machen:


Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

DrFux 24.02.2014 18:52
Ok danke für den Hinweis. Ich werde das heute abend (18 Uhr) machen. Muss jetzt leider los. Danke aber schonmal für deine Hilfe.

Ich melde mich wenn ich damit fertig bin.

Hier der Log, er hat nichts gefunden.
Code:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Kathrin :: KATHRIN-PC [administrator]

24.02.2014 18:36:28
mbar-log-2014-02-24 (18-36-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 261286
Time elapsed: 11 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Wie es aussieht lag es echt nur an ZoneAlarm. Denn der Speed ist wieder bei 22MBps.

Echt komisch, aber auf jedenfall danke cosinus für deine Zeit und Hilfe.

Jetzt ist meine Freundin sicher wieder glücklich :D

cosinus 24.02.2014 21:22
Schön, dann brauchen wir eigentlich nicht noch tiefer bohren...es sei denn du willst noch etwaig vorhandene Junkware entfernen:

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


DrFux 09.03.2014 20:08
Hey, habe die beiden Programme einmal durchlauen lassen.

Hin und wieder tritt dass Problem weiterhin auf. Sprich Internet-Speed liegt nur bei einigen kb, wobei alle anderen Rechner im Netz 20MB haben.

FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014
Ran by Kathrin (administrator) on KATHRIN-PC on 09-03-2014 20:03:45
Running from D:\Desktop\fehler
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Ericsson AB) C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-23] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6560360 2010-12-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-11-30] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1605632 2010-11-14] (Intel® Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2010-11-29] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-14] (Microsoft Corporation)
HKU\S-1-5-21-438941080-4136186514-2544079810-1000\...\Run: [GizmoDriveDelegate] - RUNDLL32.EXE C:\PROGRA~2\GIZMO\GDRIVE.DLL,Remount_Startup_Images
Startup: C:\Users\Kathrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Kathrin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30876F6D184FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=251
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF NetworkProxy: "http", "contentdl"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\moveplayer@movenetworks.com [2013-05-12]
FF Extension: SeoQuake - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2013-10-20]
FF Extension: DownloadHelper - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-04]
FF Extension: YouTube to MP3 - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\youtube2mp3@mondayx.de.xpi [2013-05-12]
FF Extension: Web Developer - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2013-05-12]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}.xpi [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-12]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-08-25]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-06-04]
CHR Extension: (Google Docs) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-05-12]
CHR Extension: (Google Drive) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-12]
CHR Extension: (YouTube) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-12]
CHR Extension: (Google-Suche) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-05-12]
CHR Extension: (AdBlock) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-15]
CHR Extension: (PageRank Status) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn [2013-09-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-22]
CHR Extension: (Google Wallet) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2013-05-21]
CHR Extension: (Google Mail) - C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-05-12]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-07-26]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [31856 2013-05-12] (Arainia Solutions)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [83456 2009-12-29] ()
R2 QDLService2kDell; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [331512 2010-06-25] (QUALCOMM, Inc.)
R2 WMCoreService; C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe [463912 2010-06-09] (Ericsson AB)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [32840 2013-05-12] (Arainia Solutions LLC)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-09 19:59 - 2014-03-09 19:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-09 19:58 - 2014-02-04 19:09 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-09 19:44 - 2014-03-09 19:44 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 19:27 - 2014-03-09 19:27 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-06 19:04 - 2014-03-06 19:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-03-06 09:44 - 2014-03-06 09:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 09:44 - 2014-03-06 09:44 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\Skype
2014-02-28 07:46 - 2014-03-01 17:56 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-24 18:36 - 2014-03-09 19:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-24 18:35 - 2014-03-09 19:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-23 17:35 - 2014-02-23 17:35 - 00442624 _____ () C:\Windows\Minidump\022314-18392-01.dmp
2014-02-23 16:38 - 2014-03-09 20:03 - 00000000 ____D () C:\FRST
2014-02-23 16:37 - 2014-02-23 16:37 - 00000000 _____ () C:\Users\Kathrin\defogger_reenable
2014-02-23 15:26 - 2014-02-23 18:35 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 15:26 - 2014-02-23 18:35 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-23 13:56 - 2014-03-09 19:41 - 00000000 ____D () C:\AdwCleaner
2014-02-16 19:25 - 2014-02-16 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 21:23 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 21:23 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 21:23 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 21:23 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 21:23 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 21:23 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 21:23 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 21:23 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 21:23 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 21:23 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 21:23 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 21:23 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 21:23 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 21:23 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 21:23 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 21:23 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 21:23 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 21:23 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 21:23 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 21:23 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 21:23 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 21:23 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 21:23 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 21:23 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 21:23 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 21:23 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 21:23 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 21:23 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 21:23 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 21:23 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 21:23 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 21:23 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 21:23 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 21:23 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 21:23 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 21:23 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 21:23 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 21:23 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 21:23 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-13 21:23 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 21:23 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 06:41 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 06:41 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 06:41 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 06:41 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 06:41 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 06:41 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 06:41 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 06:41 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 06:41 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 06:41 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 06:41 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 06:41 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 06:41 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 06:41 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 06:41 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 06:41 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 06:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 06:41 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 06:41 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 06:41 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 06:41 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 06:41 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 06:41 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 06:41 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 06:41 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-09 20:03 - 2014-02-23 16:38 - 00000000 ____D () C:\FRST
2014-03-09 20:01 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-09 20:01 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-09 20:00 - 2014-03-09 19:59 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-09 20:00 - 2013-05-12 14:11 - 02088849 _____ () C:\Windows\WindowsUpdate.log
2014-03-09 19:58 - 2013-05-12 15:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-09 19:55 - 2013-05-28 17:31 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Dropbox
2014-03-09 19:55 - 2013-05-13 10:12 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\FreePDF_XP
2014-03-09 19:54 - 2013-05-20 19:41 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-09 19:54 - 2013-05-12 14:42 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-09 19:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-09 19:54 - 2009-07-14 05:51 - 00087618 _____ () C:\Windows\setupact.log
2014-03-09 19:44 - 2014-03-09 19:44 - 00000000 ____D () C:\Windows\ERUNT
2014-03-09 19:41 - 2014-02-23 13:56 - 00000000 ____D () C:\AdwCleaner
2014-03-09 19:40 - 2014-02-24 18:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-09 19:27 - 2014-03-09 19:27 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-09 19:26 - 2014-02-24 18:35 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-09 19:15 - 2013-05-12 14:42 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-08 00:26 - 2013-05-12 17:26 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Skype
2014-03-06 19:04 - 2014-03-06 19:04 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-03-06 09:44 - 2014-03-06 09:44 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-06 09:44 - 2014-03-06 09:44 - 00000000 ____D () C:\Users\Kathrin\AppData\Local\Skype
2014-03-06 09:44 - 2013-05-12 17:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-03 06:34 - 2013-05-12 15:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-01 17:56 - 2014-02-28 07:46 - 01594964 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-01 17:56 - 2009-07-14 18:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-03-01 17:56 - 2009-07-14 18:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-03-01 17:56 - 2009-07-14 06:13 - 01594964 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-28 18:30 - 2013-05-12 15:23 - 00132534 _____ () C:\Windows\PFRO.log
2014-02-24 10:48 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-23 19:02 - 2013-05-20 19:43 - 00002457 _____ () C:\freefallprotection.log
2014-02-23 19:02 - 2013-05-12 14:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-23 18:35 - 2014-02-23 15:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-23 18:35 - 2014-02-23 15:26 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-02-23 17:35 - 2014-02-23 17:35 - 00442624 _____ () C:\Windows\Minidump\022314-18392-01.dmp
2014-02-23 17:35 - 2013-05-13 11:35 - 00000000 ____D () C:\Windows\Minidump
2014-02-23 17:35 - 2013-05-13 11:34 - 829350788 _____ () C:\Windows\MEMORY.DMP
2014-02-23 16:37 - 2014-02-23 16:37 - 00000000 _____ () C:\Users\Kathrin\defogger_reenable
2014-02-23 16:37 - 2013-05-12 14:11 - 00000000 ____D () C:\Users\Kathrin
2014-02-23 14:01 - 2013-05-12 15:41 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\CheckPoint
2014-02-23 13:51 - 2013-05-12 17:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-22 09:16 - 2013-05-14 22:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 22:10 - 2013-05-12 14:42 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-16 22:10 - 2013-05-12 14:42 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-16 19:25 - 2014-02-16 19:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-15 17:07 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-09 10:25 - 2013-05-12 15:48 - 00000000 ____D () C:\Users\Kathrin\AppData\Roaming\Adobe

Some content of TEMP:
====================
C:\Users\Kathrin\AppData\Local\Temp\MouseKeyboardCenterx64_1031.exe
C:\Users\Kathrin\AppData\Local\Temp\ose00000.exe
C:\Users\Kathrin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 22:42

==================== End Of Log ============================
--- --- ---

cosinus 09.03.2014 22:15
Die Logs dazu aber fehlen

DrFux 10.03.2014 18:02
Sorry. Vergessen.
Anbei die fehlenden Logs:

AdwCleaner
AdwCleaner Logfile:
Code:
# AdwCleaner v3.020 - Bericht erstellt am 09/03/2014 um 19:41:21
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Kathrin - KATHRIN-PC
# Gestartet von : D:\Desktop\fehler\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Kathrin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Datei Gelöscht : C:\Users\Kathrin\AppData\Local\Temp\Uninstall.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Kathrin\AppData\Roaming\Mozilla\Firefox\Profiles\75q1k79o.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\Kathrin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13631 octets] - [23/02/2014 13:57:01]
AdwCleaner[R1].txt - [1209 octets] - [09/03/2014 19:40:27]
AdwCleaner[S0].txt - [13554 octets] - [23/02/2014 13:57:39]
AdwCleaner[S1].txt - [1132 octets] - [09/03/2014 19:41:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1192 octets] ##########
--- --- ---



Leider finde ich die JRT-FIle nicht. Soll ich die einfach nochmal ausführen?
(Liegt nicht auf dem Desktop)

cosinus 11.03.2014 10:46
Zitat:
(Liegt nicht auf dem Desktop)
Du sollst alle Tools ja auch auf dem Desktop packen und von da starten. Dann liegen die Logs auch auf dem Desktop. Hast du beim adwCleaner ja auch nicht gemacht :D

Zitat:
=> # Gestartet von : D:\Desktop\fehler\adwcleaner.exe


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:06 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131