Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   workstation setup - with wfp funktioniert nicht mehr (https://www.trojaner-board.de/153479-workstation-setup-with-wfp-funktioniert-mehr.html)

Rockenglein 05.05.2014 19:02
workstation setup - with wfp funktioniert nicht mehr
 
Hi,

ich weiß nicht ob ich in dieser Kategorie richtig bin, aber so langsam bin ich kurz davor meinen Laptop aus dem Fenster zu schmeißen.

History:

Seit ein paar Tagen updatet Avira AntiVir nicht mehr. Warum weiß ich nicht.
Die Update-Seite läuft 2min und bringt dann einfach ab, bei 0%.

VirenScan läuft, aber dauert ewig.

Ich hab versucht es neu zu installieren. Wenn ich die Installation starte, dann kommt oben genannter Kommentar.

Ich hab schon versucht die Anweisungen auf der Aviraseite zu befolgen, war im abgesichterten Modus und da hat das auch wieder geklappt eiun update zu machen, aber weiter tut sich nichts. Keine geregelten Updates :(
Beim manuellen Update passiert das selbe wie vorher.

Und nun?
Hat jemand ne Idee für mich?

Ich wäre euch unendlich dankbar!!!!!!!

LG

schrauber 05.05.2014 20:18
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Rockenglein 06.05.2014 15:15
Die FRST-Datei:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-05-2014 02
Ran by Theresa Engel (administrator) on THERESAENGEL-PC on 05-05-2014 22:13:52
Running from C:\Users\Theresa Engel\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\1&1\IGDCTRL.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-07] (Check Point Software Technologies LTD)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984 2012-11-02] (Check Point Software Technologies)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-22] (IDT, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [] - C:\Windows\system32\OSK.exe [182272 2009-04-11] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [Application Restart #0] - C:\Windows\System32\osk.exe [182272 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {1efce870-e804-11e2-aef4-002219e4655e} - H:\iStudio.exe
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {7414c5b1-3ff0-11de-aa6a-002219e4655e} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe GSSAP01.vbs
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {86f96361-2123-11de-ba82-002219e4655e} - F:\autorun.exe
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {8fad9477-1597-11de-b4c7-806e6f6e6963} - E:\start.exe
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {9affbd01-bc95-11df-a531-002219e4655e} - G:\Startme.exe
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {b4faa6a2-04f3-11e0-b563-002219e4655e} - G:\Startme.exe
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {ecde13b8-bdf4-11e1-bd8e-002219e4655e} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\MountPoints2: {f8982b43-ecca-11de-9201-002219e4655e} - G:\Menu.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
URLSearchHook: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} -  No File
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=109794&babsrc=SP_ss&mntrId=ba24fdad00000000000000225f602926
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {8a194578-81ea-4850-9911-13ba2d71efbd}  -  No File
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} -  No File
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default
FF user.js: detected! => C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\user.js
FF DefaultSearchEngine: Search the web
FF SearchEngineOrder.1: Search the web
FF SelectedSearchEngine: Search the web
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\nostmp [2011-05-06]
FF Extension: toolplugin - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\welcome@toolmin.com [2011-10-30]
FF Extension: Thumbnail Zoom - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04} [2011-04-22]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-02-09]
FF Extension: No Name - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}-trash [2010-11-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-01-29]

Chrome:
=======
CHR HomePage: hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=hp
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=hp"
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: hxxp://isearch.avg.com/search?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (AT_AnnaSui) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib [2010-03-25]
CHR Extension: (Google-Suche) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-08-30]
CHR Extension: (Google Mail) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-01-03]

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S2 gupdate1c9f8b3b8041700; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-29] (Google Inc.)
R2 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-02] (Check Point Software Technologies)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-07] (Check Point Software Technologies LTD)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-02] (Check Point Software Technologies)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-04-04] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451160 2012-11-01] (Check Point Software Technologies LTD)
U3 au4tfv2s; C:\Windows\system32\Drivers\au4tfv2s.sys [0 ] (Microsoft Corporation)
S3 gel90xne; \??\C:\Users\THERES~1\AppData\Local\Temp\gel90xne.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SMARTMouseFilterx86; system32\DRIVERS\SMARTMouseFilterx86.sys [X]
S3 SMARTVHidMini2000x86; system32\DRIVERS\SMARTVHidMini2000x86.sys [X]
S3 SMARTVTabletPCx86; system32\DRIVERS\SMARTVTabletPCx86.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-05 22:13 - 2014-05-05 22:14 - 00030248 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-05 22:13 - 2014-05-05 22:13 - 00000000 ____D () C:\FRST
2014-05-05 22:12 - 2014-05-05 22:12 - 01053184 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setupact.log
2014-05-02 15:38 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 15:38 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 14:03 - 2014-05-01 15:58 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-01 14:03 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 13:57 - 2014-05-05 19:42 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-01 13:57 - 2014-05-05 19:40 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 13:57 - 2014-05-01 13:56 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 13:38 - 2008-03-20 11:48 - 00007188 _____ () C:\Users\Theresa Engel\Desktop\msiserver.reg
2014-05-01 12:10 - 2014-05-01 12:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Theresa Engel\Desktop\Windows Installer MSI - CHIP-Downloader.exe
2014-05-01 11:45 - 2014-05-02 15:13 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 11:43 - 2014-05-05 19:40 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-01 11:43 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 11:42 - 2014-05-05 19:42 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-01 11:42 - 2014-05-05 19:40 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-01 11:42 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 22:25 - 2014-04-30 22:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-30 22:19 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-04-23 09:22 - 2014-04-23 09:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-22 16:54 - 2014-04-22 17:03 - 138607664 _____ () C:\Users\Theresa Engel\Desktop\avira_free_antivirus_de_14.0.3.350.exe
2014-04-16 10:28 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-16 10:27 - 2014-04-16 10:27 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 10:27 - 2014-03-17 22:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-16 10:27 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-16 10:27 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-15 19:06 - 2014-04-15 19:06 - 00000855 _____ () C:\Users\Theresa Engel\AppData\Local\recently-used.xbel
2014-04-15 03:09 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 03:09 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 03:09 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 03:09 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 03:09 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 03:09 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-15 03:09 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 03:09 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-15 03:09 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 03:09 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 03:09 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 03:09 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 03:09 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-15 03:09 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 20:02 - 2014-04-14 20:33 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\systweak
2014-04-14 20:02 - 2014-04-14 20:33 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-14 20:02 - 2012-01-20 14:14 - 00017280 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-04-14 17:05 - 2014-04-14 17:05 - 00000000 ____D () C:\Users\Theresa Engel\restore
2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
2014-04-14 15:55 - 2014-04-14 15:55 - 00000000 ____D () C:\Program Files\OnlineFotoservice
2014-04-10 14:34 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:33 - 2014-04-09 17:33 - 00330960 _____ () C:\Users\Theresa Engel\Desktop\gynzyen.exe
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ___RD () C:\Program Files\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Local\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2014-05-05 22:14 - 2014-05-05 22:13 - 00030248 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-05 22:13 - 2014-05-05 22:13 - 00000000 ____D () C:\FRST
2014-05-05 22:12 - 2014-05-05 22:12 - 01053184 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-05 22:11 - 2009-06-30 21:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-05 22:00 - 2010-12-12 13:36 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Skype
2014-05-05 20:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-05 20:36 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-05 19:42 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-05 19:42 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-05 19:40 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-05 19:40 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-05 19:40 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-05 16:50 - 2014-03-11 22:46 - 00838983 _____ () C:\Windows\WindowsUpdate.log
2014-05-05 16:50 - 2009-06-30 21:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setupact.log
2014-05-02 18:43 - 2008-01-21 09:16 - 01603440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-02 18:37 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-02 18:34 - 2006-11-02 15:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-02 15:13 - 2014-05-01 11:45 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 15:58 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-01 14:03 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 13:56 - 2014-05-01 13:57 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 13:45 - 2012-04-04 07:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-01 13:45 - 2011-07-19 19:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 13:45 - 2009-04-04 16:20 - 00000680 _____ () C:\Users\Theresa Engel\AppData\Local\d3d9caps.dat
2014-05-01 12:10 - 2014-05-01 12:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Theresa Engel\Desktop\Windows Installer MSI - CHIP-Downloader.exe
2014-05-01 11:43 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 11:43 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 22:25 - 2014-04-30 22:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-29 21:09 - 2009-10-26 19:36 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Privat
2014-04-29 18:08 - 2010-08-05 14:21 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Schule
2014-04-29 12:28 - 2014-05-02 15:38 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-02 15:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 09:22 - 2014-04-23 09:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-23 08:40 - 2009-10-10 12:10 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\vlc
2014-04-22 19:20 - 2012-06-20 16:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 17:03 - 2014-04-22 16:54 - 138607664 _____ () C:\Users\Theresa Engel\Desktop\avira_free_antivirus_de_14.0.3.350.exe
2014-04-22 16:41 - 2009-04-10 14:29 - 00112640 _____ () C:\Users\Theresa Engel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-22 16:40 - 2009-04-03 17:22 - 00000000 ____D () C:\Users\Theresa Engel
2014-04-17 11:07 - 2014-02-14 17:44 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Diamantene Hochzeit
2014-04-16 10:29 - 2013-10-22 10:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 10:27 - 2014-04-16 10:27 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 10:27 - 2009-03-20 23:02 - 00000000 ____D () C:\Program Files\Java
2014-04-15 19:07 - 2013-02-07 20:25 - 00000000 ____D () C:\Users\Theresa Engel\.gimp-2.8
2014-04-15 19:06 - 2014-04-15 19:06 - 00000855 _____ () C:\Users\Theresa Engel\AppData\Local\recently-used.xbel
2014-04-15 03:10 - 2009-04-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 03:07 - 2013-08-15 03:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 03:03 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-14 21:07 - 2013-06-29 10:19 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\MyPhoneExplorer
2014-04-14 20:33 - 2014-04-14 20:02 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\systweak
2014-04-14 20:33 - 2014-04-14 20:02 - 00000000 ____D () C:\Program Files\RegClean Pro
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-14 20:02 - 2013-06-29 10:19 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-04-14 17:05 - 2014-04-14 17:05 - 00000000 ____D () C:\Users\Theresa Engel\restore
2014-04-14 17:04 - 2010-03-28 18:13 - 00000000 ____D () C:\ProgramData\tmp
2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
2014-04-14 16:42 - 2010-03-28 18:13 - 00000000 ____D () C:\ProgramData\hps
2014-04-14 15:55 - 2014-04-14 15:55 - 00000000 ____D () C:\Program Files\OnlineFotoservice
2014-04-09 17:33 - 2014-04-09 17:33 - 00330960 _____ () C:\Users\Theresa Engel\Desktop\gynzyen.exe
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ___RD () C:\Program Files\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Local\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-09 17:25 - 2010-12-12 13:36 - 00000000 ____D () C:\ProgramData\Skype
2014-04-07 14:48 - 2011-08-30 20:13 - 00000000 ____D () C:\ProgramData\DivX
2014-04-07 14:48 - 2009-04-20 16:04 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\DivX
2014-04-07 14:48 - 2009-04-10 14:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-04-07 14:48 - 2009-04-10 14:17 - 00000000 ____D () C:\Program Files\DivX
2014-04-07 14:48 - 2009-04-10 14:17 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-04-07 13:51 - 2012-04-25 18:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\Theresa Engel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-02 18:42

==================== End Of Log ============================
--- --- ---

--- --- ---


Und die Addition-Datei:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-05-2014 02
Ran by Theresa Engel at 2014-05-05 22:15:11
Running from C:\Users\Theresa Engel\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
ActivDriver x86 v5.7 (HKLM\...\{E0D85BA2-0F91-4AE1-9174-B7FBABDC3F4D}) (Version: 5.7.23.1 - Promethean)
ActivInspire Core Resources (DEU) v1 (HKLM\...\{06C9F624-9F53-4C89-9720-1601A295769A}) (Version: 1.6.3 - Promethean)
ActivInspire Help (DEU) v1 (HKLM\...\{B18A62F5-296F-4BC4-B8DD-A9FB16EE9106}) (Version: 1.6.3 - Promethean)
ActivInspire HWR Resources (DEU) v1 (HKLM\...\{9BF5DB02-0FA3-48FB-B6B4-80A73EF629CB}) (Version: 1.6.3 - Promethean)
ActivInspire v1 (HKLM\...\{D7F4028A-4A92-4501-896C-3B707E843D7B}) (Version: 1.7.58968 - Promethean)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.5 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.5 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.97 - NOS Microsystems Ltd.)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.228 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM\...\Advanced Audio FX Engine) (Version:  - )
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.0703.2235 - )
Audacity 1.2.6 (HKLM\...\Audacity_is1) (Version:  - )
Blue Byte Game Channel (HKLM\...\Blue Byte Game Channel) (Version:  - UbiSoft)
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version:  - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version:  - )
Canon MP Navigator EX 3.0 (HKLM\...\MP Navigator EX 3.0) (Version:  - )
Canon MP560 series Benutzerregistrierung (HKLM\...\Canon MP560 series Benutzerregistrierung) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
capella 1200 (HKLM\...\{3DE79774-C8E9-4791-996B-3F8E5BAD9DBE}) (Version: 6.00.9200 - capella-software)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.0703.2236.38526 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.0703.2236.38526 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.0703.2236.38526 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Danish (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Dutch (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help English (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Finnish (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help French (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help German (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Italian (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Japanese (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Korean (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Norwegian (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Portuguese (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Russian (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Spanish (Version: 2008.0703.2235.38526 - ATI) Hidden
CCC Help Swedish (Version: 2008.0703.2235.38526 - ATI) Hidden
ccc-core-static (Version: 2008.0703.2236.38526 - ATI) Hidden
ccc-utility (Version: 2008.0703.2236.38526 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.01 - Piriform)
Cisco EAP-FAST Module (HKLM\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.101.209 - Alps Electric)
Dell Video Chat (HKLM\...\Dell Video Chat) (Version: 6.0 (6567) - SightSpeed Inc.)
Dell Webcam Central (HKLM\...\Dell Webcam Central) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11 Application) (Version: 5.10.38.30 - Dell Inc.)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.2 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
Forte Free 2.0 (HKLM\...\Forte Free) (Version:  - )
Free M4a to MP3 Converter 7.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.1.320 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.)
FRITZ!Box starter (HKLM\...\{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}) (Version: 2.04.02 - AVM Berlin)
G DATA Logox4 Speechengine (HKLM\...\lgx4.lgx.server) (Version:  - G DATA Software AG)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript) (Version: 9.02 - Artifex Software Inc.)
ICQ7.5 (HKLM\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Integrated Webcam Driver (1.06.03.0309)  (HKLM\...\Creative OA001) (Version: 1.06.03.0309 - Creative Technology Ltd.)
ITECIR Driver (Version: 1.00.000 - ITE) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 35 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.350 - Oracle)
MediaDirect (HKLM\...\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}) (Version: 4.0 - Dell)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Search Enhancement Pack (Version: 3.0.127.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
MyPhoneExplorer (HKLM\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
NeroLiveGadget (Version: 1.2.7.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
OnlineFotoservice (HKLM\...\OnlineFotoservice) (Version: 5.1.5 - CEWE Stiftung u Co. KGaA)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.1 - Frank Heindörfer, Philip Chinery)
QT Lite 4.1.0 (HKLM\...\quicktime_lite_is1) (Version: 4.1.0 - )
QuickSet (HKLM\...\{C4972073-2BFE-475D-8441-564EA97DA161}) (Version: 9.2.6 - Dell Inc.)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
Roxio Creator Audio (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (Version: 6.0.0 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Separate+ Gimp Plugin Version 0.5.7 (HKLM\...\Separate+ Gimp Plugin_is1) (Version: 0.5.7 - )
Skins (Version: 2008.0703.2236.38526 - ATI) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.0.2 (HKLM\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
Winamp (HKLM\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
ZD Soft Screen Recorder (HKLM\...\{DEEF2953-210C-4761-9FFB-7CD30DB3F952}) (Version: 5.2.0 - ZD Soft)
ZoneAlarm Firewall (Version: 11.0.000.018 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 11.0.000.054 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version:  - Check Point Software Technologies)
ZoneAlarm Security (Version: 11.0.000.018 - Check Point Software Technologies Ltd.) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2006-11-02 12:23 - 2010-06-22 17:33 - 00306050 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1001namen.com
127.0.0.1        1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        100sexlinks.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {28069BFF-6A43-42FC-ADD7-9E6116A83483} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-29] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35096497-D6CF-46FB-8969-0738032C0623} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {56C5FC80-44FA-4E0A-963C-7C97098D7023} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {58CB8BAE-8FB3-492B-982A-A48E869ED337} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-22] (Dell Inc.)
Task: {6020BB21-D8B6-476E-A7CA-0D968FAAAB5F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {A32102CC-B956-496A-8E47-85F5D747EB41} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C97BACD2-4FCC-4CB9-84AA-12E86379B429} - System32\Tasks\{5918DFD4-41C4-40FD-A639-2CF83ABE5A96} => C:\Program Files\Skype\\Phone\Skype.exe [2014-02-10] (Skype Technologies S.A.)
Task: {D31FD360-0277-44CF-BCA4-5151C190BE79} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {D459B152-F575-467B-AA38-F4832B6281A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-29] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-03-20 23:06 - 2008-12-22 12:34 - 00026112 _____ () C:\Windows\System32\WLTRYSVC.EXE
2009-03-20 23:06 - 2008-12-22 12:32 - 00054784 _____ () C:\Windows\System32\bcmwlrmt.dll
2009-08-10 16:57 - 2005-01-06 18:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2014-04-30 22:19 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2009-03-21 07:36 - 2008-11-24 11:16 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2009-04-09 12:38 - 2009-04-09 12:38 - 00053248 _____ () C:\Windows\system32\SearchRequire.dll
2009-05-27 21:02 - 2008-09-16 20:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2009-03-20 23:05 - 2009-03-20 23:05 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-18 19:08 - 2014-03-18 19:08 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 2
MSCONFIG\Services: Browser => 2
MSCONFIG\Services: BthServ => 2
MSCONFIG\Services: DFSR => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: ehstart => 2
MSCONFIG\Services: FDResPub => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate1c9f8b3b8041700 => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICQ Service => 2
MSCONFIG\Services: IswSvc => 2
MSCONFIG\Services: KtmRm => 2
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: mcmscsvc => 2
MSCONFIG\Services: McNASvc => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: McSysmon => 3
MSCONFIG\Services: Microsoft Office Groove Audit Service => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: SeaPort => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Sony Ericsson PCCompanion => 3
MSCONFIG\Services: Sony PC Companion => 3
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 2
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: upnphost => 2
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: WebClient => 2
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk => C:\Windows\pss\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Theresa Engel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL Internet.lnk => C:\Windows\pss\DSL Internet.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Theresa Engel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk => C:\Windows\pss\Trillian.lnk.Startup
MSCONFIG\startupreg: ActivControl => C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: dellsupportcenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FreePDF Assistant => C:\Program Files\FreePDF_XP\fpassist.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7.4\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: msnmsgr => ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: PCMService => "C:\Program Files\Dell\MediaDirect\PCMService.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QT Lite\QTTask.exe" -atboottime
MSCONFIG\startupreg: SightSpeed => "C:\Program Files\Dell Video Chat\DellVideoChat.exe" -bootmode
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: SMART Board Service => C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
MSCONFIG\startupreg: SMART SNMP Agent => C:\Program Files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
MSCONFIG\startupreg: Sony Ericsson PC Companion => "C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: WinampAgent => "C:\Program Files\Winamp\winampa.exe"
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: ZoneAlarm Installer => "C:\Program Files\CheckPoint\Install\Launcher.exe" "C:\Program Files\CheckPoint\Install\Install.exe" /r install /c "C:\Program Files\CheckPoint\Install\Install.xml" /w

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/05/2014 10:15:16 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:15:16 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 13
  Snapshotkontext: 13
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:04:07 PM) (Source: System Restore) (User: )
Description: Der geplante Wiederherstellungspunkt konnte nicht erstellt werden. Zusätzliche Informationen: (0x8004230f).

Error: (05/05/2014 10:04:07 PM) (Source: System Restore) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Hr = 0x8004230f).

Error: (05/05/2014 10:04:07 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien löschen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 0
  Snapshotkontext: 0
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:04:07 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien löschen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 0
  Snapshotkontext: 0
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:04:07 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen
  Schattenkopien löschen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 0
  Snapshotkontext: 0
  Ausführungskontext: Coordinator
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:04:07 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Schnittstellen für alle Anbieter auflisten, die diesen Kontext unterstützen
  Schattenkopien abfragen
  Schattenkopien löschen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
  Snapshotkontext: 0
  Snapshotkontext: 0
  Ausführungskontext: Coordinator
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:04:06 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422] ist ein Fehler aufgetreten.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {00000000-0000-0000-0000-000000000000}
  Snapshotkontext: 4194317
  Ausführungskontext: Coordinator
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Volumename: \\?\Volume{8fad9474-1597-11de-b4c7-806e6f6e6963}\
  Ausführungskontext: Coordinator

Error: (05/05/2014 10:04:06 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienst-Fehler: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter"
(SWPRV) ist deaktiviert. Aktivieren Sie den Dienst, und wiederholen Sie den Vorgang.


Vorgang:
  Für diesen Anbieter eine aufrufbare Schnittstelle abrufen
  Überprüfen, ob das Volume vom Anbieter unterstützt wird
  Volume einem Schattenkopiesatz hinzufügen

Kontext:
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Klassen-ID: {00000000-0000-0000-0000-000000000000}
  Snapshotkontext: 4194317
  Ausführungskontext: Coordinator
  Anbieter-ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
  Volumename: \\?\Volume{8fad9474-1597-11de-b4c7-806e6f6e6963}\
  Ausführungskontext: Coordinator


System errors:
=============
Error: (05/05/2014 10:15:25 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:15:25 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:15:13 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:14:13 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:14:07 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:14:07 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:14:07 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:13:13 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:13:13 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058

Error: (05/05/2014 10:13:13 PM) (Source: Service Control Manager) (User: )
Description: RAS-VerbindungsverwaltungTelefonie%%1058


Microsoft Office Sessions:
=========================
Error: (04/17/2013 05:38:49 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6545 seconds with 1260 seconds of active time.  This session ended with a crash.

Error: (06/16/2012 03:19:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71466 seconds with 5520 seconds of active time.  This session ended with a crash.

Error: (04/06/2012 08:30:59 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3772 seconds with 60 seconds of active time.  This session ended with a crash.

Error: (12/22/2011 10:04:08 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/02/2011 04:45:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 91795 seconds with 840 seconds of active time.  This session ended with a crash.

Error: (12/23/2010 11:48:37 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/24/2010 02:40:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 587 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/24/2010 03:18:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (09/23/2010 04:53:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/25/2010 06:05:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-07-19 20:14:31.675
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-17 08:40:47.599
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-16 19:05:37.640
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-07-16 14:08:18.514
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-29 21:52:04.529
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-29 12:32:27.099
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-06-10 18:05:45.115
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-16 19:24:52.144
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-04-28 13:51:57.658
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-03-22 14:59:40.962
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 3066.13 MB
Available physical RAM: 1258.55 MB
Total Pagefile: 6368.52 MB
Available Pagefile: 4367.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.91 GB) (Free:13.33 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=141 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Und jetzt?

schrauber 07.05.2014 09:44
hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Rockenglein 07.05.2014 15:32
so, combofix hab ich drüber laufen lassen.
allerdings hat er gemeckert, das avira desktop noch an ist. ich kriege es aber nicht beendet. da kommt immer, dass ich nicht die rechte habe (obwohl ich als admin angemeldet bin).
Code:
ComboFix 14-05-07.03 - Theresa Engel 07.05.2014  16:06:09.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1391 [GMT 2:00]
ausgeführt von:: c:\users\Theresa Engel\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Avira Desktop *Enabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
        /wow section - STAGE 4
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Zugriff verweigert
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Config
c:\programdata\Config\AVWIN.INI
c:\programdata\PCDr\6426\AddOnDownloaded\0bb0beb6-da93-477d-980d-15bb6e2df09c.dll
c:\programdata\PCDr\6426\AddOnDownloaded\59be3af2-87f2-4d3a-b380-7509f3d47c40.dll
c:\programdata\PCDr\6426\AddOnDownloaded\8745715d-dc8a-4b32-b6a6-89cd3d0cc3c5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c07cc30-4011-4e36-a63d-e59077a22429.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ad817bdc-639c-43e8-b06b-897bcb5b8f23.dll
c:\programdata\PCDr\6426\AddOnDownloaded\aeffdb78-a789-4b6a-b2c2-f85f9b4863e6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\bc1b45ef-7c18-4b8a-95cd-f77c43d4f7df.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c6bf01ba-05a7-4930-b8dd-7c5fd03e97ac.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d114d5a6-2ec4-4056-a365-d6281d97c6b6.dll
c:\programdata\PCDr\6426\AddOnDownloaded\d48ca7e0-0e31-445b-a98c-56b7318daa06.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e0db530c-27fc-4e55-af38-073796a09e9d.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e5847967-7dc8-4833-8ca6-09af078c1bcb.dll
c:\windows\~GLC0001.TMP
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-04-07 bis 2014-05-07  ))))))))))))))))))))))))))))))
.
.
2014-05-07 14:17 . 2014-05-07 14:17        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-05-05 20:13 . 2014-05-05 20:18        --------        d-----w-        C:\FRST
2014-05-02 13:38 . 2014-04-29 10:07        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2014-05-01 12:03 . 2014-05-01 13:58        --------        d-----w-        c:\programdata\REPORTS
2014-05-01 12:03 . 2014-05-01 12:03        --------        d-----w-        c:\programdata\INFECTED
2014-05-01 11:57 . 2014-05-07 12:32        --------        d-----w-        C:\ProgramDataREPORTS
2014-05-01 11:57 . 2014-05-01 11:57        --------        d-----w-        c:\programdata\idx
2014-05-01 11:57 . 2014-05-07 13:54        --------        d-----w-        c:\programdata\JOBS
2014-05-01 11:57 . 2014-05-01 11:57        --------        d-----w-        C:\ProgramDataBACKUP
2014-05-01 11:57 . 2014-05-01 11:57        --------        d-----w-        c:\programdata\PROFILES
2014-05-01 09:45 . 2014-05-02 13:13        --------        d-----w-        c:\programdata\IPM
2014-05-01 09:43 . 2014-05-05 17:40        --------        d-----w-        c:\programdata\LOGFILES
2014-05-01 09:43 . 2014-05-01 09:43        --------        d-----w-        C:\ProgramDataINFECTED
2014-05-01 09:42 . 2014-05-07 12:32        --------        d-----w-        C:\ProgramDataTEMP
2014-05-01 09:42 . 2014-05-01 09:43        --------        d-----w-        C:\ProgramDataEVENTDB
2014-05-01 09:42 . 2014-05-07 12:29        --------        d-----w-        C:\ProgramDataLOGFILES
2014-05-01 09:42 . 2014-05-07 14:17        --------        d-----w-        c:\programdata\EVENTDB
2014-04-30 20:25 . 2014-04-30 20:25        --------        d-----w-        c:\users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 20:19 . 2014-02-25 09:41        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2014-04-30 20:19 . 2014-02-25 09:41        90400        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-04-30 20:19 . 2014-02-25 09:41        135648        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-04-30 20:19 . 2014-04-30 20:19        --------        d-----w-        c:\programdata\Avira
2014-04-30 20:19 . 2014-04-30 20:19        --------        d-----w-        c:\program files\Avira
2014-04-16 08:27 . 2014-03-17 20:11        94632        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2014-04-14 18:02 . 2012-01-20 12:14        17280        ----a-w-        c:\windows\system32\roboot.exe
2014-04-14 18:02 . 2014-04-14 18:33        --------        d-----w-        c:\program files\RegClean Pro
2014-04-14 18:02 . 2014-04-14 18:33        --------        d-----w-        c:\users\Theresa Engel\AppData\Roaming\systweak
2014-04-14 15:05 . 2014-04-14 15:05        --------        d-----w-        c:\users\Theresa Engel\restore
2014-04-14 13:55 . 2014-04-14 13:55        --------        d-----w-        c:\program files\OnlineFotoservice
2014-04-09 15:25 . 2014-04-09 15:25        --------        d-----w-        c:\users\Theresa Engel\AppData\Local\Skype
2014-04-09 15:25 . 2014-04-09 15:25        --------        d-----w-        c:\program files\Common Files\Skype
2014-04-09 15:25 . 2014-04-09 15:25        --------        d-----r-        c:\program files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-01 11:45 . 2012-04-04 05:04        692400        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2014-05-01 11:45 . 2011-07-19 17:30        70832        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-13 12:46 . 2014-02-13 12:46        354656        ----a-w-        c:\windows\system32\DivXControlPanelApplet.cpl
2014-02-07 10:38 . 2014-03-13 16:28        2050560        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-17 196608]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2012-11-07 73392]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-12-22 483420]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2014-02-14 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart 0"="c:\windows\System32\osk.exe" [2009-04-11 182272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-7-9 1616976]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-20 21:27        10536        ----a-w-        c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO 6.1 HD Lite Edition.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Theresa Engel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DSL Internet.lnk]
path=c:\users\Theresa Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL Internet.lnk
backup=c:\windows\pss\DSL Internet.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Theresa Engel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Trillian.lnk]
path=c:\users\Theresa Engel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk
backup=c:\windows\pss\Trillian.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2012-02-24 09:47        1094000        ----a-w-        c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51        919008        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2009-10-19 02:12        1983816        ----a-w-        c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-09-04 01:43        767312        ----a-w-        c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40        687560        ----a-w-        c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central]
2008-06-03 14:54        446635        ------w-        c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2014-01-10 05:26        1861968        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2008-07-04 13:16        132392        ------w-        c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56        421888        ----a-w-        c:\program files\QT Lite\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SightSpeed]
2008-12-18 04:27        4823928        ----a-w-        c:\program files\Dell Video Chat\DellVideoChat.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-02-10 15:46        20922016        ----a-r-        c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2012-06-28 15:40        74752        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Installer]
2013-02-03 22:11        21504        ----a-w-        c:\program files\CheckPoint\Install\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3528268469-3291212239-673007857-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-12-22 81920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - PCDSRVC{5B8A2B68-04D6B966-06020200}_0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
bthsvcs        REG_MULTI_SZ          BthServ
nosGetPlusHelper        REG_MULTI_SZ          nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-29 18:12        1078088        ----a-w-        c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 12:17]
.
2014-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 12:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56&v=11.1.0.7&sap=hp
IE: Free YouTube Download - c:\users\Theresa Engel\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Save YouTube Video
IE: Save YouTube Video as MP3
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\
FF - prefs.js: browser.search.selectedEngine - Search the web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: browser.search.selectedEngine - Search the web
FF - user.js: browser.search.order.1 - Search the web
FF - user.js: browser.search.defaultenginename - Search the web
FF - user.js: keyword.URL - hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109794
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - ba24fdad00000000000000225f602926
FF - user.js: extensions.BabylonToolbar_i.hardId - ba24fdad00000000000000225f602926
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15366
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:11
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
HKLM-Run-ISW - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-AdobeAAMUpdater-1 - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
MSConfigStartUp-AdobeCS6ServiceManager - c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
MSConfigStartUp-Dell DataSafe Online - c:\program files\Dell DataSafe Online\DataSafeOnline.exe
MSConfigStartUp-dellsupportcenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-FreePDF Assistant - c:\program files\FreePDF_XP\fpassist.exe
MSConfigStartUp-ICQ - c:\program files\ICQ7.4\ICQ.exe
MSConfigStartUp-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-SMART Board Service - c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
MSConfigStartUp-SMART SNMP Agent - c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
MSConfigStartUp-Sony Ericsson PC Companion - c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
MSConfigStartUp-Sony PC Companion - c:\program files\Sony\Sony PC Companion\PCCompanion.exe
AddRemove-Blue Byte Game Channel - c:\bluebyte\BBGC\uninst.dll
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-05-07 16:17
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(608)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2014-05-07  16:20:56
ComboFix-quarantined-files.txt  2014-05-07 14:20
.
Vor Suchlauf: 19 Verzeichnis(se), 14.270.951.424 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 14.201.417.728 Bytes frei
.
- - End Of File - - 96504AEAE28EB646DAAEA1CDF2244109
5C616939100B85E558DA92B899A0FC36

schrauber 08.05.2014 09:23
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Rockenglein 08.05.2014 19:23
also das malware-programm hab ich laufen lassen.
das mit der textdatei finde ich aber komisch. da stehen nur die aktualisierungen drin.
hab aber nach deiner anleitung gearbeitet.
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 08.05.2014 18:15:57, SYSTEM, THERESAENGEL-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 08.05.2014 18:16:09, SYSTEM, THERESAENGEL-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.8.7,
Update, 08.05.2014 18:17:46, SYSTEM, THERESAENGEL-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 08.05.2014 18:17:58, SYSTEM, THERESAENGEL-PC, Manual, Malware Database, 2014.3.4.9, 2014.5.8.7,

(end)
so, adwcleaner gemacht.
Code:
# AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 19:27:34
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Theresa Engel - THERESAENGEL-PC
# Gestartet von : C:\Users\Theresa Engel\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Program Files\ICQ6Toolbar
Ordner Gelöscht : C:\Program Files\RegClean Pro
Ordner Gelöscht : C:\Program Files\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\LocalLow\SweetIM
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Toolplugin
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Conduit
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\ICQToolbarData
Ordner Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\welcome@toolmin.com
Datei Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\icqplugin.xml
Datei Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\icqplugin-2.xml
Datei Gelöscht : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Headlight
Schlüssel Gelöscht : HKCU\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\lyrixeeker
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\Software\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16545

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v28.0 (de)

[ Datei : C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\prefs.js ]

Zeile gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Zeile gelöscht : user_pref("CT2613550.CTID", "ct2613550");
Zeile gelöscht : user_pref("CT2613550.CurrentServerDate", "30-11-2010");
Zeile gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
Zeile gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Tue Nov 30 2010 18:35:15 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602533", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602539", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602545", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602551", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602557", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602563", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602569", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602575", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602581", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602587", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602593", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602599", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602605", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602611", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602617", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602623", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedPollDate129254982599602629", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.FeedTTL129254982599602545", 5);
Zeile gelöscht : user_pref("CT2613550.FeedTTL129254982599602551", 5);
Zeile gelöscht : user_pref("CT2613550.FeedTTL129254982599602575", 2);
Zeile gelöscht : user_pref("CT2613550.FeedTTL129254982599602605", 5);
Zeile gelöscht : user_pref("CT2613550.FeedTTL129254982599602617", 30);
Zeile gelöscht : user_pref("CT2613550.FirstServerDate", "30-11-2010");
Zeile gelöscht : user_pref("CT2613550.FirstTime", true);
Zeile gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
Zeile gelöscht : user_pref("CT2613550.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true);
Zeile gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
Zeile gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Zeile gelöscht : user_pref("CT2613550.Initialize", true);
Zeile gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
Zeile gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 2);
Zeile gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration");
Zeile gelöscht : user_pref("CT2613550.InstalledDate", "Tue Nov 30 2010 18:35:15 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.IsGrouping", false);
Zeile gelöscht : user_pref("CT2613550.IsMulticommunity", false);
Zeile gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
Zeile gelöscht : user_pref("CT2613550.IsOpenUninstallPage", true);
Zeile gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Tue Nov 30 2010 18:35:17 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Zeile gelöscht : user_pref("CT2613550.LastLogin_2.7.1.3", "Tue Nov 30 2010 18:36:44 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.LatestVersion", "2.7.1.3");
Zeile gelöscht : user_pref("CT2613550.Locale", "de-de");
Zeile gelöscht : user_pref("CT2613550.LoginCache", 4);
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
Zeile gelöscht : user_pref("CT2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
Zeile gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q=");
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Zeile gelöscht : user_pref("CT2613550.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Tue Nov 30 2010 18:16:41 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1285580322");
Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Tue Nov 30 2010 18:16:41 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Zeile gelöscht : user_pref("CT2613550.Uninstall", true);
Zeile gelöscht : user_pref("CT2613550.UserID", "UN63518949233022899");
Zeile gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
Zeile gelöscht : user_pref("CT2613550.clientLogIsEnabled", false);
Zeile gelöscht : user_pref("CT2613550.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Zeile gelöscht : user_pref("CT2613550.components.1000082", false);
Zeile gelöscht : user_pref("CT2613550.components.1000234", false);
Zeile gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
Zeile gelöscht : user_pref("CT2613550.ct2613550.FeedLastCount3082739963941193807", 360);
Zeile gelöscht : user_pref("CT2613550.ct2613550.FirstTimeSettingsDone", true);
Zeile gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Tue Nov 30 2010 18:36:48 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de");
Zeile gelöscht : user_pref("CT2613550.ct2613550.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2613550&octid=EB_ORIGINAL_CTID&SearchSource=1");
Zeile gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Tue Nov 30 2010 18:36:44 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.ct2613550.SettingsCheckIntervalMin", 120);
Zeile gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1285580322");
Zeile gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Nov 30 2010 18:36:43 GMT+0100");
Zeile gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1255348257");
Zeile gelöscht : user_pref("CT2613550.myStuffEnabled", true);
Zeile gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
Zeile gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Zeile gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
Zeile gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Zeile gelöscht : user_pref("CT2613550.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Nov 30 2010 18:35:16 GMT+0100");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Search the web");
Zeile gelöscht : user_pref("browser.search.order.1", "Search the web");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Search the web");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109794");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "ba24fdad00000000000000225f602926");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "ba24fdad00000000000000225f602926");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15366");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1721:11:34");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("icqtoolbar.allowSendURL", false);
Zeile gelöscht : user_pref("icqtoolbar.engineVerified", true);
Zeile gelöscht : user_pref("icqtoolbar.geolastmodified", 1306241018);
Zeile gelöscht : user_pref("icqtoolbar.hiddenElements", "itb_options");
Zeile gelöscht : user_pref("icqtoolbar.history", "hanstein||else%20m%C3%BCller||travianerwiki||h%26m||h6m||mutter%20mozart||travianer%20wiki||jetzt%20spielen||ht%20links||zdf%20terra%20x||kino.to||daemon%20tool||deamo[...]
Zeile gelöscht : user_pref("icqtoolbar.icqgeo", 49);
Zeile gelöscht : user_pref("icqtoolbar.installTime", "1306258930");
Zeile gelöscht : user_pref("icqtoolbar.newtab_state", "0");
Zeile gelöscht : user_pref("icqtoolbar.numberOfSearches", 0);
Zeile gelöscht : user_pref("icqtoolbar.previousFFVersion", "4.0.1");
Zeile gelöscht : user_pref("icqtoolbar.skip_default_search", "no");
Zeile gelöscht : user_pref("icqtoolbar.suggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.uninstStatSent", true);
Zeile gelöscht : user_pref("icqtoolbar.uniqueID", "123877307512387730641238848093275");
Zeile gelöscht : user_pref("icqtoolbar.usageStatstTimestamp", 1306241020);
Zeile gelöscht : user_pref("icqtoolbar.voucherHideClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherMoreLinkClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherRedeemClicks", 0);
Zeile gelöscht : user_pref("icqtoolbar.voucherWasShown", 0);
Zeile gelöscht : user_pref("icqtoolbar.xmlEnableSuggestions", false);
Zeile gelöscht : user_pref("icqtoolbar.xmlLanguage", "de");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=");

-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://isearch.avg.com/search?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=dsp&q={searchTerms}
Gelöscht [Homepage] : hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=hp
Gelöscht [Extension] : epojlgbehpaeekopencdagbdamnkppci
Gelöscht [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Gelöscht [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Gelöscht [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Gelöscht [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Gelöscht [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [21701 octets] - [08/05/2014 19:24:53]
AdwCleaner[S0].txt - [21360 octets] - [08/05/2014 19:27:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [21421 octets] ##########
und die JRT

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Theresa Engel on 08.05.2014 at 20:01:58,59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3528268469-3291212239-673007857-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7F792A38-096E-4D67-89D6-75A5235E1518}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Theresa Engel\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\Theresa Engel\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{514ACB0E-0A1C-4F56-8722-EF1755E2F439}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{697D88BA-CE88-4299-A0E1-697C0DC9F4D4}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{74F01BB4-E45E-4406-996C-89263498640A}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{9F3F9E61-B74C-49F0-BA28-855387CD5899}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{A2B9DE31-35CB-449D-B0FD-699C184C5CC5}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{BA70393B-4C78-4D83-BBD5-BD95107F273B}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{C04F9484-C4BF-4A08-A864-08575F117B83}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{CB495680-5464-4A8A-9CF5-F80510E51B4F}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{CB65B72E-132E-4B3C-A04A-2F83A00E15C1}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{EB923DDA-11EA-4D05-A08C-544A5020D280}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{EF764E1A-4A61-4A64-BB9F-C77090D2E823}
Successfully deleted: [Empty Folder] C:\Users\Theresa Engel\appdata\local\{FAE088C5-B3EB-4D64-9D69-55E76145D6F2}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Theresa Engel\AppData\Roaming\mozilla\firefox\profiles\ris3wkct.default\minidumps [95 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 20:09:37,23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und jetzt?

und die FRST noch


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-05-2014 02
Ran by Theresa Engel (administrator) on THERESAENGEL-PC on 08-05-2014 20:20:53
Running from C:\Users\Theresa Engel\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\1&1\IGDCTRL.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-07] (Check Point Software Technologies LTD)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-22] (IDT, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ISW] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [Application Restart #0] - C:\Windows\System32\osk.exe [182272 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\nostmp [2011-05-06]
FF Extension: Thumbnail Zoom - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04} [2011-04-22]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-02-09]
FF Extension: No Name - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}-trash [2010-11-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-01-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=hp"
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: hxxp://isearch.avg.com/search?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (AT_AnnaSui) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib [2010-03-25]
CHR Extension: (Google-Suche) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-08-30]
CHR Extension: (Google Mail) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-01-03]

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S2 gupdate1c9f8b3b8041700; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-29] (Google Inc.)
R2 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-02] (Check Point Software Technologies)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-07] (Check Point Software Technologies LTD)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-02] (Check Point Software Technologies)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-04-04] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451160 2012-11-01] (Check Point Software Technologies LTD)
U3 ag51xgef; C:\Windows\system32\Drivers\ag51xgef.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\THERES~1\AppData\Local\Temp\catchme.sys [X]
S3 gel90xne; \??\C:\Users\THERES~1\AppData\Local\Temp\gel90xne.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SMARTMouseFilterx86; system32\DRIVERS\SMARTMouseFilterx86.sys [X]
S3 SMARTVHidMini2000x86; system32\DRIVERS\SMARTVHidMini2000x86.sys [X]
S3 SMARTVTabletPCx86; system32\DRIVERS\SMARTVTabletPCx86.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 20:09 - 2014-05-08 20:09 - 00002839 _____ () C:\Users\Theresa Engel\Desktop\JRT.txt
2014-05-08 20:01 - 2014-05-08 20:01 - 01016261 _____ (Thisisu) C:\Users\Theresa Engel\Desktop\JRT.exe
2014-05-08 20:01 - 2014-05-08 20:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 19:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 19:24 - 2014-05-08 19:36 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:23 - 2014-05-08 19:23 - 01316991 _____ () C:\Users\Theresa Engel\Desktop\adwcleaner.exe
2014-05-08 19:09 - 2014-05-08 19:09 - 00000488 _____ () C:\Users\Theresa Engel\Desktop\mbam.txt
2014-05-08 18:17 - 2014-05-08 18:17 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 18:15 - 2014-05-08 19:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 18:15 - 2014-05-08 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 18:15 - 2014-05-08 18:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-08 18:15 - 2014-05-08 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 18:15 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 18:15 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 18:15 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 18:07 - 2014-05-08 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Theresa Engel\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-07 16:49 - 2012-08-19 13:57 - 03029602 _____ () C:\Users\Theresa Engel\Desktop\mein ziel.wma
2014-05-07 16:23 - 2014-05-08 19:53 - 00000850 _____ () C:\Windows\PFRO.log
2014-05-07 16:20 - 2014-05-07 16:20 - 00020027 _____ () C:\ComboFix.txt
2014-05-07 16:03 - 2014-05-07 16:21 - 00000000 ____D () C:\ComboFix
2014-05-07 16:03 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-07 16:03 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-07 16:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-07 15:56 - 2014-05-07 16:21 - 00000000 ____D () C:\Qoobox
2014-05-07 15:55 - 2014-05-07 16:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 15:22 - 2014-05-07 15:23 - 05200039 ____R (Swearware) C:\Users\Theresa Engel\Desktop\ComboFix.exe
2014-05-05 22:15 - 2014-05-05 22:18 - 00048241 _____ () C:\Users\Theresa Engel\Desktop\Addition.txt
2014-05-05 22:13 - 2014-05-08 20:20 - 00025153 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-05 22:13 - 2014-05-08 20:20 - 00000000 ____D () C:\FRST
2014-05-05 22:12 - 2014-05-05 22:12 - 01053184 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setupact.log
2014-05-02 15:38 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 15:38 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 14:03 - 2014-05-08 18:05 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-01 14:03 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 13:57 - 2014-05-08 18:05 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-01 13:57 - 2014-05-07 15:54 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 13:57 - 2014-05-01 13:56 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 13:38 - 2008-03-20 11:48 - 00007188 _____ () C:\Users\Theresa Engel\Desktop\msiserver.reg
2014-05-01 11:45 - 2014-05-02 15:13 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 11:43 - 2014-05-08 18:03 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-01 11:43 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 11:42 - 2014-05-08 19:54 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-01 11:42 - 2014-05-08 18:03 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-01 11:42 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 22:25 - 2014-04-30 22:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-30 22:19 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-04-23 09:22 - 2014-04-23 09:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-22 16:54 - 2014-04-22 17:03 - 138607664 _____ () C:\Users\Theresa Engel\Desktop\avira_free_antivirus_de_14.0.3.350.exe
2014-04-16 10:28 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-16 10:27 - 2014-04-16 10:27 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 10:27 - 2014-03-17 22:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-16 10:27 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-16 10:27 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-15 19:06 - 2014-04-15 19:06 - 00000855 _____ () C:\Users\Theresa Engel\AppData\Local\recently-used.xbel
2014-04-15 03:09 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 03:09 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 03:09 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 03:09 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 03:09 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 03:09 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-15 03:09 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 03:09 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-15 03:09 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 03:09 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 03:09 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 03:09 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 03:09 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-15 03:09 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-14 17:05 - 2014-04-14 17:05 - 00000000 ____D () C:\Users\Theresa Engel\restore
2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
2014-04-14 15:55 - 2014-04-14 15:55 - 00000000 ____D () C:\Program Files\OnlineFotoservice
2014-04-10 14:34 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ___RD () C:\Program Files\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Local\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Program Files\Common Files\Skype

==================== One Month Modified Files and Folders =======

2014-05-08 20:21 - 2014-05-05 22:13 - 00025153 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-08 20:20 - 2014-05-05 22:13 - 00000000 ____D () C:\FRST
2014-05-08 20:10 - 2009-06-30 21:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 20:09 - 2014-05-08 20:09 - 00002839 _____ () C:\Users\Theresa Engel\Desktop\JRT.txt
2014-05-08 20:01 - 2014-05-08 20:01 - 01016261 _____ (Thisisu) C:\Users\Theresa Engel\Desktop\JRT.exe
2014-05-08 20:01 - 2014-05-08 20:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 19:59 - 2008-01-21 09:16 - 01603440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 19:57 - 2010-12-12 13:36 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Skype
2014-05-08 19:54 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-08 19:53 - 2014-05-07 16:23 - 00000850 _____ () C:\Windows\PFRO.log
2014-05-08 19:53 - 2010-11-30 19:08 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\CheckPoint
2014-05-08 19:53 - 2009-06-30 21:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 19:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 19:53 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 19:53 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 19:52 - 2014-03-11 22:46 - 00885544 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 19:52 - 2006-11-02 15:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 19:36 - 2014-05-08 19:24 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:27 - 2013-03-21 22:20 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-08 19:27 - 2009-04-04 14:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-08 19:23 - 2014-05-08 19:23 - 01316991 _____ () C:\Users\Theresa Engel\Desktop\adwcleaner.exe
2014-05-08 19:17 - 2014-05-08 18:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 19:09 - 2014-05-08 19:09 - 00000488 _____ () C:\Users\Theresa Engel\Desktop\mbam.txt
2014-05-08 18:54 - 2014-04-04 16:50 - 00011719 _____ () C:\Users\Theresa Engel\Desktop\schulplaner.xlsx
2014-05-08 18:17 - 2014-05-08 18:17 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 18:17 - 2014-05-08 18:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 18:17 - 2014-05-08 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-08 18:15 - 2014-05-08 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 18:07 - 2014-05-08 18:07 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Theresa Engel\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-08 18:05 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-08 18:05 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-08 18:03 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-08 18:03 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-07 16:21 - 2014-05-07 16:03 - 00000000 ____D () C:\ComboFix
2014-05-07 16:21 - 2014-05-07 15:56 - 00000000 ____D () C:\Qoobox
2014-05-07 16:20 - 2014-05-07 16:20 - 00020027 _____ () C:\ComboFix.txt
2014-05-07 16:20 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-07 16:18 - 2014-05-07 15:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 16:17 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-07 15:54 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-07 15:23 - 2014-05-07 15:22 - 05200039 ____R (Swearware) C:\Users\Theresa Engel\Desktop\ComboFix.exe
2014-05-05 22:18 - 2014-05-05 22:15 - 00048241 _____ () C:\Users\Theresa Engel\Desktop\Addition.txt
2014-05-05 22:12 - 2014-05-05 22:12 - 01053184 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-04 11:22 - 2014-05-04 11:22 - 00000000 _____ () C:\Windows\setupact.log
2014-05-02 15:13 - 2014-05-01 11:45 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 14:03 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 13:56 - 2014-05-01 13:57 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 13:45 - 2012-04-04 07:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-01 13:45 - 2011-07-19 19:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 13:45 - 2009-04-04 16:20 - 00000680 _____ () C:\Users\Theresa Engel\AppData\Local\d3d9caps.dat
2014-05-01 11:43 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 11:43 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 22:25 - 2014-04-30 22:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-29 21:09 - 2009-10-26 19:36 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Privat
2014-04-29 18:08 - 2010-08-05 14:21 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Schule
2014-04-29 12:28 - 2014-05-02 15:38 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-02 15:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 09:22 - 2014-04-23 09:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-23 08:40 - 2009-10-10 12:10 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\vlc
2014-04-22 19:20 - 2012-06-20 16:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 17:03 - 2014-04-22 16:54 - 138607664 _____ () C:\Users\Theresa Engel\Desktop\avira_free_antivirus_de_14.0.3.350.exe
2014-04-22 16:41 - 2009-04-10 14:29 - 00112640 _____ () C:\Users\Theresa Engel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-22 16:40 - 2009-04-03 17:22 - 00000000 ____D () C:\Users\Theresa Engel
2014-04-17 11:07 - 2014-02-14 17:44 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Diamantene Hochzeit
2014-04-16 10:29 - 2013-10-22 10:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 10:27 - 2014-04-16 10:27 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 10:27 - 2009-03-20 23:02 - 00000000 ____D () C:\Program Files\Java
2014-04-15 19:07 - 2013-02-07 20:25 - 00000000 ____D () C:\Users\Theresa Engel\.gimp-2.8
2014-04-15 19:06 - 2014-04-15 19:06 - 00000855 _____ () C:\Users\Theresa Engel\AppData\Local\recently-used.xbel
2014-04-15 03:10 - 2009-04-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 03:07 - 2013-08-15 03:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 03:03 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-14 21:07 - 2013-06-29 10:19 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\MyPhoneExplorer
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-14 20:02 - 2013-06-29 10:19 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-04-14 17:05 - 2014-04-14 17:05 - 00000000 ____D () C:\Users\Theresa Engel\restore
2014-04-14 17:04 - 2010-03-28 18:13 - 00000000 ____D () C:\ProgramData\tmp
2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
2014-04-14 16:42 - 2010-03-28 18:13 - 00000000 ____D () C:\ProgramData\hps
2014-04-14 15:55 - 2014-04-14 15:55 - 00000000 ____D () C:\Program Files\OnlineFotoservice
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ___RD () C:\Program Files\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Local\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-04-09 17:25 - 2014-04-09 17:25 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-04-09 17:25 - 2010-12-12 13:36 - 00000000 ____D () C:\ProgramData\Skype

Some content of TEMP:
====================
C:\Users\Theresa Engel\AppData\Local\Temp\avgnt.exe
C:\Users\Theresa Engel\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-08 20:00

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 09.05.2014 16:01

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Rockenglein 13.05.2014 21:10
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=512be6ff5b555c4ba14c5b83be55af5a
# engine=18243
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-13 06:32:55
# local_time=2014-05-13 08:32:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 100 19676 237538703 0 0
# compatibility_mode=9217 16777214 75 4 41567654 41567654 0 0
# scanned=259741
# found=0
# cleaned=0
# scan_time=16906
beim securitycheck kommt nur:
Code:
UNSUPPORTED OPERATING SYSTEM! ABORTED!
und noch der frstlog

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014 01
Ran by Theresa Engel (administrator) on THERESAENGEL-PC on 13-05-2014 22:07:21
Running from C:\Users\Theresa Engel\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files\1&1\IGDCTRL.EXE
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
(Check Point Software Technologies LTD) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-07] (Check Point Software Technologies LTD)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-22] (IDT, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984 2012-11-02] (Check Point Software Technologies)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [Application Restart #0] - C:\Windows\System32\osk.exe [182272 2009-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3528268469-3291212239-673007857-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
URLSearchHook: HKCU - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - ZoneAlarm-Sicherheit Toolbar - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
Toolbar: HKCU - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @zylom.com/ZylomGamesPlayer - C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\nostmp [2011-05-06]
FF Extension: Thumbnail Zoom - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{E10A6337-382E-4FE6-96DE-936ADC34DD04} [2011-04-22]
FF Extension: Adobe DLM (powered by getPlus(R)) - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011-02-09]
FF Extension: No Name - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}-trash [2010-11-30]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF Extension: Adblock Plus - C:\Users\Theresa Engel\AppData\Roaming\Mozilla\Firefox\Profiles\ris3wkct.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-13]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-18]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF Extension: ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-01-29]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://isearch.avg.com/?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=hp"
CHR DefaultSearchKeyword: isearch.avg.com
CHR DefaultSearchProvider: AVG Secure Search
CHR DefaultSearchURL: hxxp://isearch.avg.com/search?cid={A7EC73B6-D810-468A-BB09-CDE079B804BB}&mid=814fe03bed1047d092a2d16b5f008cad-f6c1204e1fa11c7ae62c602b0c8fe2dd5434d8b3&lang=de&ds=od011&pr=sa&d=2012-06-20 21:56:18&v=11.1.0.7&sap=dsp&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\Google\Chrome\Application\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Zylom Plugin) - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll (Zylom)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (AT_AnnaSui) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjohejgigkmiclpgnilojffhiohcglib [2010-03-25]
CHR Extension: (Google-Suche) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-03]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2011-08-30]
CHR Extension: (Google Mail) - C:\Users\Theresa Engel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-03]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2012-01-03]

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S2 gupdate1c9f8b3b8041700; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-29] (Google Inc.)
R2 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-02] (Check Point Software Technologies)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-07] (Check Point Software Technologies LTD)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
R2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-02] (Check Point Software Technologies)
R3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
R3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
R3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-04-04] ()
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451160 2012-11-01] (Check Point Software Technologies LTD)
U3 ag51xgef; C:\Windows\system32\Drivers\ag51xgef.sys [0 ] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\THERES~1\AppData\Local\Temp\catchme.sys [X]
S3 gel90xne; \??\C:\Users\THERES~1\AppData\Local\Temp\gel90xne.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SMARTMouseFilterx86; system32\DRIVERS\SMARTMouseFilterx86.sys [X]
S3 SMARTVHidMini2000x86; system32\DRIVERS\SMARTVHidMini2000x86.sys [X]
S3 SMARTVTabletPCx86; system32\DRIVERS\SMARTVTabletPCx86.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-13 22:05 - 2014-05-13 22:05 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\FRST-OlderVersion
2014-05-13 21:44 - 2014-05-13 21:44 - 00855379 _____ () C:\Users\Theresa Engel\Desktop\SecurityCheck.exe
2014-05-13 15:18 - 2014-05-13 15:19 - 02347384 _____ (ESET) C:\Users\Theresa Engel\Desktop\esetsmartinstaller_deu.exe
2014-05-12 15:45 - 2014-05-12 16:00 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\WM
2014-05-08 20:09 - 2014-05-08 20:09 - 00002839 _____ () C:\Users\Theresa Engel\Desktop\JRT.txt
2014-05-08 20:01 - 2014-05-08 20:01 - 01016261 _____ (Thisisu) C:\Users\Theresa Engel\Desktop\JRT.exe
2014-05-08 20:01 - 2014-05-08 20:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 19:25 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 19:24 - 2014-05-08 19:36 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:23 - 2014-05-08 19:23 - 01316991 _____ () C:\Users\Theresa Engel\Desktop\adwcleaner.exe
2014-05-08 19:09 - 2014-05-08 19:09 - 00000488 _____ () C:\Users\Theresa Engel\Desktop\mbam.txt
2014-05-08 18:15 - 2014-05-08 19:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 18:15 - 2014-05-08 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 16:49 - 2012-08-19 13:57 - 03029602 _____ () C:\Users\Theresa Engel\Desktop\mein ziel.wma
2014-05-07 16:20 - 2014-05-07 16:20 - 00020027 _____ () C:\ComboFix.txt
2014-05-07 16:03 - 2014-05-07 16:21 - 00000000 ____D () C:\ComboFix
2014-05-07 16:03 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-07 16:03 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-07 16:03 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-07 16:03 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-07 15:56 - 2014-05-07 16:21 - 00000000 ____D () C:\Qoobox
2014-05-07 15:55 - 2014-05-07 16:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 15:22 - 2014-05-07 15:23 - 05200039 ____R (Swearware) C:\Users\Theresa Engel\Desktop\ComboFix.exe
2014-05-05 22:15 - 2014-05-05 22:18 - 00048241 _____ () C:\Users\Theresa Engel\Desktop\Addition.txt
2014-05-05 22:13 - 2014-05-13 22:07 - 00025584 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-05 22:13 - 2014-05-13 22:07 - 00000000 ____D () C:\FRST
2014-05-05 22:12 - 2014-05-13 22:05 - 01056256 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-02 15:38 - 2014-04-29 12:28 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 15:38 - 2014-04-29 12:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-01 14:03 - 2014-05-08 18:05 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-01 14:03 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 13:57 - 2014-05-13 20:51 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-01 13:57 - 2014-05-07 15:54 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 13:57 - 2014-05-01 13:56 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 13:38 - 2008-03-20 11:48 - 00007188 _____ () C:\Users\Theresa Engel\Desktop\msiserver.reg
2014-05-01 11:45 - 2014-05-02 15:13 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 11:43 - 2014-05-08 18:03 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-01 11:43 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 11:42 - 2014-05-13 20:51 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-01 11:42 - 2014-05-13 20:51 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-01 11:42 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 22:25 - 2014-04-30 22:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-30 22:19 - 2014-02-25 11:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-04-30 22:19 - 2014-02-25 11:41 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-04-23 09:22 - 2014-04-23 09:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-22 16:54 - 2014-04-22 17:03 - 138607664 _____ () C:\Users\Theresa Engel\Desktop\avira_free_antivirus_de_14.0.3.350.exe
2014-04-16 10:28 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-16 10:27 - 2014-04-16 10:27 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 10:27 - 2014-03-17 22:11 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-04-16 10:27 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-16 10:27 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-15 19:06 - 2014-04-15 19:06 - 00000855 _____ () C:\Users\Theresa Engel\AppData\Local\recently-used.xbel
2014-04-15 03:09 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-15 03:09 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-15 03:09 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-15 03:09 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-15 03:09 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-15 03:09 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-15 03:09 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-15 03:09 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-15 03:09 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-15 03:09 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-15 03:09 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-15 03:09 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-15 03:09 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-15 03:09 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-14 17:05 - 2014-04-14 17:05 - 00000000 ____D () C:\Users\Theresa Engel\restore
2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
2014-04-14 15:55 - 2014-04-14 15:55 - 00000000 ____D () C:\Program Files\OnlineFotoservice

==================== One Month Modified Files and Folders =======

2014-05-13 22:08 - 2014-05-05 22:13 - 00025584 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-13 22:07 - 2014-05-05 22:13 - 00000000 ____D () C:\FRST
2014-05-13 22:05 - 2014-05-13 22:05 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\FRST-OlderVersion
2014-05-13 22:05 - 2014-05-05 22:12 - 01056256 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-13 21:56 - 2013-06-19 17:31 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Winamp
2014-05-13 21:44 - 2014-05-13 21:44 - 00855379 _____ () C:\Users\Theresa Engel\Desktop\SecurityCheck.exe
2014-05-13 21:40 - 2014-03-18 19:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-13 21:40 - 2012-04-25 18:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-13 21:10 - 2009-06-30 21:45 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-13 20:51 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-13 20:51 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-13 20:51 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-13 20:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-13 20:50 - 2006-11-02 14:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-13 20:40 - 2008-01-21 09:16 - 01603440 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-13 20:00 - 2009-10-26 19:36 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Privat
2014-05-13 18:20 - 2009-06-30 21:45 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 16:18 - 2014-03-11 22:46 - 00945872 ____N () C:\Windows\WindowsUpdate.log
2014-05-13 15:19 - 2014-05-13 15:18 - 02347384 _____ (ESET) C:\Users\Theresa Engel\Desktop\esetsmartinstaller_deu.exe
2014-05-13 15:18 - 2009-10-10 12:10 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\vlc
2014-05-12 16:00 - 2014-05-12 15:45 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\WM
2014-05-09 06:50 - 2013-06-29 10:19 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\MyPhoneExplorer
2014-05-08 21:03 - 2010-12-12 13:36 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Skype
2014-05-08 20:09 - 2014-05-08 20:09 - 00002839 _____ () C:\Users\Theresa Engel\Desktop\JRT.txt
2014-05-08 20:01 - 2014-05-08 20:01 - 01016261 _____ (Thisisu) C:\Users\Theresa Engel\Desktop\JRT.exe
2014-05-08 20:01 - 2014-05-08 20:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 19:53 - 2010-11-30 19:08 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\CheckPoint
2014-05-08 19:53 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 19:52 - 2006-11-02 15:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 19:36 - 2014-05-08 19:24 - 00000000 ____D () C:\AdwCleaner
2014-05-08 19:27 - 2013-03-21 22:20 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-08 19:27 - 2009-04-04 14:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-08 19:23 - 2014-05-08 19:23 - 01316991 _____ () C:\Users\Theresa Engel\Desktop\adwcleaner.exe
2014-05-08 19:17 - 2014-05-08 18:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 19:09 - 2014-05-08 19:09 - 00000488 _____ () C:\Users\Theresa Engel\Desktop\mbam.txt
2014-05-08 18:54 - 2014-04-04 16:50 - 00011719 _____ () C:\Users\Theresa Engel\Desktop\schulplaner.xlsx
2014-05-08 18:15 - 2014-05-08 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 18:05 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-08 18:03 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-07 16:21 - 2014-05-07 16:03 - 00000000 ____D () C:\ComboFix
2014-05-07 16:21 - 2014-05-07 15:56 - 00000000 ____D () C:\Qoobox
2014-05-07 16:20 - 2014-05-07 16:20 - 00020027 _____ () C:\ComboFix.txt
2014-05-07 16:20 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-05-07 16:18 - 2014-05-07 15:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 16:17 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-07 15:54 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-07 15:23 - 2014-05-07 15:22 - 05200039 ____R (Swearware) C:\Users\Theresa Engel\Desktop\ComboFix.exe
2014-05-05 22:18 - 2014-05-05 22:15 - 00048241 _____ () C:\Users\Theresa Engel\Desktop\Addition.txt
2014-05-02 15:13 - 2014-05-01 11:45 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 14:03 - 2014-05-01 14:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 13:57 - 2014-05-01 13:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 13:56 - 2014-05-01 13:57 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 13:45 - 2012-04-04 07:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-01 13:45 - 2011-07-19 19:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-01 13:45 - 2009-04-04 16:20 - 00000680 _____ () C:\Users\Theresa Engel\AppData\Local\d3d9caps.dat
2014-05-01 11:43 - 2014-05-01 11:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 11:43 - 2014-05-01 11:42 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 22:25 - 2014-04-30 22:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 22:19 - 2014-04-30 22:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-29 18:08 - 2010-08-05 14:21 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Schule
2014-04-29 12:28 - 2014-05-02 15:38 - 12347392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 12:07 - 2014-05-02 15:38 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-23 09:22 - 2014-04-23 09:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-22 19:20 - 2012-06-20 16:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 17:03 - 2014-04-22 16:54 - 138607664 _____ () C:\Users\Theresa Engel\Desktop\avira_free_antivirus_de_14.0.3.350.exe
2014-04-22 16:41 - 2009-04-10 14:29 - 00112640 _____ () C:\Users\Theresa Engel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-22 16:40 - 2009-04-03 17:22 - 00000000 ____D () C:\Users\Theresa Engel
2014-04-17 11:07 - 2014-02-14 17:44 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Diamantene Hochzeit
2014-04-16 10:29 - 2013-10-22 10:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 10:27 - 2014-04-16 10:27 - 00004241 _____ () C:\Windows\system32\jupdate-1.7.0_55-b13.log
2014-04-16 10:27 - 2009-03-20 23:02 - 00000000 ____D () C:\Program Files\Java
2014-04-15 19:07 - 2013-02-07 20:25 - 00000000 ____D () C:\Users\Theresa Engel\.gimp-2.8
2014-04-15 19:06 - 2014-04-15 19:06 - 00000855 _____ () C:\Users\Theresa Engel\AppData\Local\recently-used.xbel
2014-04-15 03:10 - 2009-04-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-15 03:07 - 2013-08-15 03:14 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-15 03:03 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-14 20:02 - 2014-04-14 20:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-04-14 20:02 - 2013-06-29 10:19 - 00000000 ____D () C:\Program Files\MyPhoneExplorer
2014-04-14 17:05 - 2014-04-14 17:05 - 00000000 ____D () C:\Users\Theresa Engel\restore
2014-04-14 17:04 - 2010-03-28 18:13 - 00000000 ____D () C:\ProgramData\tmp
2014-04-14 16:42 - 2014-04-14 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnlineFotoservice
2014-04-14 16:42 - 2010-03-28 18:13 - 00000000 ____D () C:\ProgramData\hps
2014-04-14 15:55 - 2014-04-14 15:55 - 00000000 ____D () C:\Program Files\OnlineFotoservice

Some content of TEMP:
====================
C:\Users\Theresa Engel\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-08 20:00

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Ergebnis:
die Meldung kommt weiterhin, wenn ich avira installieren will.

schrauber 14.05.2014 19:15
Bitte mal das laufen lassen, dann nochmal versuchen:

Avira RegistryCleaner - Download - Filepony

Rockenglein 15.05.2014 18:05
gemacht.
10 keys will er nicht löschen

ich erweitere auf "jetzt geht nichts mehr"!!!!

Computer lässt sich nicht mehr hoch fahren.
Es kommt bloß immer die Starthilfe und dann, dass sie das Problem nicht lösen kann.

Ich probiere gerade Avira Rescue System.
Mal schauen ob sich da was findet.
Ansonsten weiß ich auch nicht weiter.

Ich hab leider einige Dateien, die ich nicht gern verlieren würde.

update: hat nichts gebracht :(
lade gerade knoppix runter

schrauber 16.05.2014 11:34
Seit wann genau ist das so? Was haste als letztes gemacht? Vielleicht Windows Updates?

Safe Mode, letzte als funktionirend bekannte Version geht auch nit?



Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).


Rockenglein 16.05.2014 22:12
Also egal was ich nach de Wahl von F8 anklicke, es kommt immer die Systemreparatur, genauso, wenn ich beim starten nichts anklicke.

Ich hab dieses Tool von avira drüber laufen lassen. Das sagt, dass ich keinen Virus hab. Haben ja die ganzen Programme vorher auch schon gesagt.

Ich glaube an ein Windowsproblem.
Ich sichere gerade meine Daten mit knoppix.

Da ich keine Vista-DVD besitze versuche ich mir gerade so eine recovery-CD runter zu laden und werde das dann versuchen.

Oder siehst du noch eine andere Möglichkeit?

Update:
FRST hab ich hin bekommen

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by SYSTEM on MINWINPC on 16-05-2014 23:08:15
Running from F:\
Platform: Windows Vista (TM) Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.




==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-01-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3810304 2008-12-22] (Dell Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-11-07] (Check Point Software Technologies LTD)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2012-02-20] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-12-22] (IDT, Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-02-14] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [738984 2012-11-02] (Check Point Software Technologies)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\Theresa Engel\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\Theresa Engel\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\Theresa Engel\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\Theresa Engel\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-12-22] (Andrea Electronics Corporation)
S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S4 gupdate1c9f8b3b8041700; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-06-29] (Google Inc.)
S2 IGDCTRL; C:\Program Files\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
S4 IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [497320 2012-11-02] (Check Point Software Technologies)
S2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-12-22] (IDT, Inc.)
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [2447440 2012-11-07] (Check Point Software Technologies LTD)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-12-22] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2014-02-25] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-02-25] (Avira Operations GmbH & Co. KG)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-12-22] (Broadcom Corporation)
S2 ISWKL; C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-11-02] (Check Point Software Technologies)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [54784 2008-07-28] (ITE Tech. Inc. )
S3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
S3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-07-01] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-07-01] ()
S3 s0016bus; C:\Windows\System32\DRIVERS\s0016bus.sys [89256 2008-05-16] (MCCI Corporation)
S3 s0016mdfl; C:\Windows\System32\DRIVERS\s0016mdfl.sys [15016 2008-05-16] (MCCI Corporation)
S3 s0016mdm; C:\Windows\System32\DRIVERS\s0016mdm.sys [120744 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\DRIVERS\s0016mgmt.sys [114216 2008-05-16] (MCCI Corporation)
S3 s0016nd5; C:\Windows\System32\DRIVERS\s0016nd5.sys [25512 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\DRIVERS\s0016obex.sys [110632 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\DRIVERS\s0016unic.sys [115752 2008-05-16] (MCCI Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [717296 2009-04-04] (Duplex Secure Ltd.)
S1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451160 2012-11-01] (Check Point Software Technologies LTD)
S5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\THERES~1\AppData\Local\Temp\catchme.sys [X]
S3 gel90xne; \??\C:\Users\THERES~1\AppData\Local\Temp\gel90xne.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 SMARTMouseFilterx86; system32\DRIVERS\SMARTMouseFilterx86.sys [X]
S3 SMARTVHidMini2000x86; system32\DRIVERS\SMARTVHidMini2000x86.sys [X]
S3 SMARTVTabletPCx86; system32\DRIVERS\SMARTVTabletPCx86.sys [X]
S3 vsdatant7; System32\drivers\vsdatant.win7.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-15 06:38 - 2014-05-15 06:38 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 06:36 - 2014-05-06 00:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-15 06:36 - 2014-05-06 00:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-15 06:36 - 2014-05-06 00:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-15 06:29 - 2014-03-25 14:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-05-14 15:22 - 2014-05-14 15:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 15:22 - 2014-05-14 15:22 - 00000000 _____ () C:\Windows\setupact.log
2014-05-14 12:27 - 2014-05-14 13:24 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Fotobuch Klasse
2014-05-14 12:10 - 2014-05-14 12:10 - 00000800 _____ () C:\Windows\PFRO.log
2014-05-12 14:45 - 2014-05-12 15:00 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\WM
2014-05-08 19:01 - 2014-05-08 19:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 18:25 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\System32\sqlite3.dll
2014-05-08 18:24 - 2014-05-08 18:36 - 00000000 ____D () C:\AdwCleaner
2014-05-08 17:15 - 2014-05-08 18:17 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-08 17:15 - 2014-05-08 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-07 15:20 - 2014-05-07 15:20 - 00020027 _____ () C:\ComboFix.txt
2014-05-07 15:03 - 2014-05-07 15:21 - 00000000 ____D () C:\ComboFix
2014-05-07 15:03 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-07 15:03 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-07 15:03 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-07 15:03 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-07 15:03 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-07 15:03 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-07 15:03 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-07 15:03 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-07 14:56 - 2014-05-07 15:21 - 00000000 ____D () C:\Qoobox
2014-05-07 14:55 - 2014-05-07 15:18 - 00000000 ____D () C:\Windows\erdnt
2014-05-05 21:13 - 2014-05-13 21:08 - 00042271 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-05 21:13 - 2014-05-13 21:08 - 00000000 ____D () C:\FRST
2014-05-05 21:12 - 2014-05-13 21:05 - 01056256 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-01 13:03 - 2014-05-08 17:05 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-01 13:03 - 2014-05-01 13:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 12:57 - 2014-05-15 14:04 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-01 12:57 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-01 12:57 - 2014-05-01 12:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 12:57 - 2014-05-01 12:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 12:57 - 2014-05-01 12:56 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 12:38 - 2008-03-20 10:48 - 00007188 _____ () C:\Users\Theresa Engel\Desktop\msiserver.reg
2014-05-01 10:45 - 2014-05-02 14:13 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 10:43 - 2014-05-08 17:03 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-01 10:43 - 2014-05-01 10:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 10:42 - 2014-05-15 14:42 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-01 10:42 - 2014-05-15 14:01 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-01 10:42 - 2014-05-01 10:43 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 21:25 - 2014-04-30 21:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 21:19 - 2014-04-30 21:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 21:19 - 2014-04-30 21:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-30 21:19 - 2014-02-25 10:41 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2014-04-30 21:19 - 2014-02-25 10:41 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
2014-04-30 21:19 - 2014-02-25 10:41 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avkmgr.sys
2014-04-30 21:19 - 2014-02-25 10:41 - 00028520 _____ (Avira GmbH) C:\Windows\System32\Drivers\ssmdrv.sys
2014-04-23 08:22 - 2014-04-23 08:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-16 09:28 - 2014-03-17 21:02 - 00264616 _____ (Oracle Corporation) C:\Windows\System32\javaws.exe
2014-04-16 09:27 - 2014-04-16 09:27 - 00004241 _____ () C:\Windows\System32\jupdate-1.7.0_55-b13.log
2014-04-16 09:27 - 2014-03-17 21:11 - 00094632 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2014-04-16 09:27 - 2014-03-17 21:02 - 00175528 _____ (Oracle Corporation) C:\Windows\System32\javaw.exe
2014-04-16 09:27 - 2014-03-17 21:02 - 00175016 _____ (Oracle Corporation) C:\Windows\System32\java.exe

==================== One Month Modified Files and Folders =======

2014-05-15 14:42 - 2014-05-01 10:42 - 00000000 ____D () C:\ProgramData\EVENTDB
2014-05-15 14:42 - 2014-03-11 21:46 - 01159314 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 14:42 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:42 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:33 - 2010-12-12 12:36 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Skype
2014-05-15 14:25 - 2008-01-21 08:16 - 01603440 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-15 14:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 14:04 - 2014-05-01 12:57 - 00000000 ____D () C:\ProgramDataREPORTS
2014-05-15 14:01 - 2014-05-01 12:57 - 00000000 ____D () C:\ProgramData\JOBS
2014-05-15 14:01 - 2014-05-01 10:42 - 00000000 ____D () C:\ProgramDataLOGFILES
2014-05-15 06:43 - 2009-04-04 15:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 06:42 - 2013-08-15 02:14 - 00000000 ____D () C:\Windows\System32\MRT
2014-05-15 06:38 - 2014-05-15 06:38 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-15 06:38 - 2006-11-02 11:24 - 90547776 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2014-05-15 06:29 - 2014-04-04 15:50 - 00011922 _____ () C:\Users\Theresa Engel\Desktop\schulplaner.xlsx
2014-05-14 15:22 - 2014-05-14 15:22 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-14 15:22 - 2014-05-14 15:22 - 00000000 _____ () C:\Windows\setupact.log
2014-05-14 13:24 - 2014-05-14 12:27 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Fotobuch Klasse
2014-05-14 12:35 - 2010-03-28 17:13 - 00000000 ____D () C:\ProgramData\tmp
2014-05-14 12:21 - 2010-03-28 17:13 - 00000000 ____D () C:\ProgramData\hps
2014-05-14 12:10 - 2014-05-14 12:10 - 00000800 _____ () C:\Windows\PFRO.log
2014-05-14 12:10 - 2014-03-18 18:08 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-14 12:10 - 2012-04-25 17:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-13 21:10 - 2014-02-14 16:44 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Diamantene Hochzeit
2014-05-13 21:08 - 2014-05-05 21:13 - 00042271 _____ () C:\Users\Theresa Engel\Desktop\FRST.txt
2014-05-13 21:08 - 2014-05-05 21:13 - 00000000 ____D () C:\FRST
2014-05-13 21:05 - 2014-05-05 21:12 - 01056256 _____ (Farbar) C:\Users\Theresa Engel\Desktop\FRST.exe
2014-05-13 20:56 - 2013-06-19 16:31 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Winamp
2014-05-13 19:00 - 2009-10-26 18:36 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Privat
2014-05-13 14:18 - 2009-10-10 11:10 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\vlc
2014-05-12 15:00 - 2014-05-12 14:45 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\WM
2014-05-09 05:50 - 2013-06-29 09:19 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\MyPhoneExplorer
2014-05-08 19:01 - 2014-05-08 19:01 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 18:53 - 2010-11-30 18:08 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\CheckPoint
2014-05-08 18:36 - 2014-05-08 18:24 - 00000000 ____D () C:\AdwCleaner
2014-05-08 18:27 - 2013-03-21 21:20 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-05-08 18:27 - 2009-04-04 13:27 - 00000000 ____D () C:\ProgramData\ICQ
2014-05-08 18:17 - 2014-05-08 17:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-05-08 17:15 - 2014-05-08 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 17:05 - 2014-05-01 13:03 - 00000000 ____D () C:\ProgramData\REPORTS
2014-05-08 17:03 - 2014-05-01 10:43 - 00000000 ____D () C:\ProgramData\LOGFILES
2014-05-07 15:21 - 2014-05-07 15:03 - 00000000 ____D () C:\ComboFix
2014-05-07 15:21 - 2014-05-07 14:56 - 00000000 ____D () C:\Qoobox
2014-05-07 15:20 - 2014-05-07 15:20 - 00020027 _____ () C:\ComboFix.txt
2014-05-07 15:20 - 2006-11-02 12:18 - 00000000 ___RD () C:\users\Public
2014-05-07 15:18 - 2014-05-07 14:55 - 00000000 ____D () C:\Windows\erdnt
2014-05-07 15:17 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-05-06 00:32 - 2014-05-15 06:36 - 12347392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-05-06 00:14 - 2014-05-15 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-05-06 00:14 - 2014-05-15 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-05-02 14:13 - 2014-05-01 10:45 - 00000000 ____D () C:\ProgramData\IPM
2014-05-01 13:03 - 2014-05-01 13:03 - 00000000 ____D () C:\ProgramData\INFECTED
2014-05-01 12:57 - 2014-05-01 12:57 - 00000000 ____D () C:\ProgramDataBACKUP
2014-05-01 12:57 - 2014-05-01 12:57 - 00000000 ____D () C:\ProgramData\idx
2014-05-01 12:56 - 2014-05-01 12:57 - 00000305 _____ () C:\ProgramData\addr_file.html
2014-05-01 12:45 - 2012-04-04 06:04 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-05-01 12:45 - 2011-07-19 18:30 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-05-01 12:45 - 2009-04-04 15:20 - 00000680 _____ () C:\Users\Theresa Engel\AppData\Local\d3d9caps.dat
2014-05-01 10:43 - 2014-05-01 10:43 - 00000000 ____D () C:\ProgramDataINFECTED
2014-05-01 10:43 - 2014-05-01 10:42 - 00000000 ____D () C:\ProgramDataEVENTDB
2014-04-30 21:25 - 2014-04-30 21:25 - 00000000 ____D () C:\Users\Theresa Engel\AppData\Roaming\Avira
2014-04-30 21:19 - 2014-04-30 21:19 - 00000000 ____D () C:\ProgramData\Avira
2014-04-30 21:19 - 2014-04-30 21:19 - 00000000 ____D () C:\Program Files\Avira
2014-04-29 17:08 - 2010-08-05 13:21 - 00000000 ____D () C:\Users\Theresa Engel\Desktop\Schule
2014-04-23 08:22 - 2014-04-23 08:22 - 00227096 _____ () C:\Users\Theresa Engel\Desktop\avira_registry_cleaner_de.exe
2014-04-22 18:20 - 2012-06-20 15:00 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-22 15:41 - 2009-04-10 13:29 - 00112640 _____ () C:\Users\Theresa Engel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-22 15:40 - 2009-04-03 16:22 - 00000000 ____D () C:\users\Theresa Engel
2014-04-16 09:29 - 2013-10-22 09:58 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 09:27 - 2014-04-16 09:27 - 00004241 _____ () C:\Windows\System32\jupdate-1.7.0_55-b13.log
2014-04-16 09:27 - 2009-03-20 22:02 - 00000000 ____D () C:\Program Files\Java

Some content of TEMP:
====================
C:\Users\Theresa Engel\AppData\Local\Temp\avgnt.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3066.13 MB
Available physical RAM: 2589.16 MB
Total Pagefile: 2907.86 MB
Available Pagefile: 2694.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1978.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:138.91 GB) (Free:11.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.19 GB) NTFS
Drive e: (LRMCFRE_DE_DVD) (CDROM) (Total:0.14 GB) (Free:0 GB) UDF
Drive f: (USB36004) (Removable) (Total:14.95 GB) (Free:6.88 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 18000000)
Partition 1: (Not Active) - (Size=141 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=15 GB) - (Type=0C)


LastRegBack: 2014-05-15 13:58

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 17.05.2014 19:57
Windowsproblem, bzw hat Avira da vielleicht was zerballert. Daten sichern ist schon mal ne gute Idee.

Rockenglein 18.05.2014 16:16
Daten sichern hat geklappt.
Hab alles was ich brauche.

Siehst du ne andere Möglichkeit als das System neu drauf zu machen?
Systemstartwiederherstllung oder wie das heißt funktioniert schon mal nicht. das hab sich bestimmt schon 30 mal drüber laufen lassen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:17 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131