Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.03.2014, 22:14   #1
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Guten Abend,

Vor etwa 2 Wochen ist mir erstmals aufgefallen, dass mein Computer beim Öffnen von Websites langsamer als gewöhnlich ist. Außerdem erscheinen in dem Feld unten links, wo immer so etwas steht wie: "verbinden mit: www.google.de" o.ä., immer ganz kurz Sachen wie: Übertragen der Daten von "akamaihd" (so in etwa) oder seit kurzem auch: "amazonaws". Ich meine es gibt auch noch weitere von diesen Adressen, hab mir die Namen aber so schnell nicht merken können. Ich habe daraufhin sämtliche Programme, die ich in den Tagen zuvor installiert habe deinstalliert, meinen Browser komplett neuinstalliert und ADWcleaner durchlaufen lassen. Bei ADWcleaner gab es keinerlei Funde. Danach war die Rechnergeschwindigkeit für ein oder zwei tage normal, danach ging alles wieder von Vorne los. Abgesehen von der Geschwindigkeit gibt es keine Problem o.ä. Ich bin mir nicht sicher ob es wirklich ein Problem ist oder ob ich Gespenster sehe.
Ich habe die Information nach der Checkliste zusammengestellt. Schritt 1 hat problemlos geklappt, allerdings wurde der Computer nach dem Scan einmal neugestartet. Schritt 2 funktionierte auch problemlos, das Logfile füge ich unten an, allerdings weiß ich nicht genau wie man die Datei Addition.txt generiert. Schritt 3 hat auch funktioniert, das Logfile ist ebenfalls unten eingefügt.
Ich wäre sehr dankbar, wenn mir jemand helfen mag. Im Voraus vielen Dank!!
Gruß Daniel

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daniel (administrator) on DANIEL-PC on 14-03-2014 21:29:30
Running from C:\Users\Daniel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Users\Daniel\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-22] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] - c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-29] (cyberlink)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1242448 2011-12-16] (Valve Corporation)
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\MountPoints2: {195b030e-2a7d-11e3-89f4-848f69b0bb45} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\MountPoints2: {195b0321-2a7d-11e3-89f4-848f69b0bb45} - E:\.\Setup.exe AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {F80EFB33-2D2D-48F6-A01A-27D972EC4F23} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=36d36bf6-9d45-4385-ab42-14e31132ac62&apn_sauid=5662B196-9AE3-4B46-AEFA-DA9F1E284167
SearchScopes: HKCU - {F80EFB33-2D2D-48F6-A01A-27D972EC4F23} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=FXTV5&o=101699&src=kw&q={searchTerms}&locale=&apn_ptnrs=F4&apn_dtid=YYYYYYYYDE&apn_uid=36d36bf6-9d45-4385-ab42-14e31132ac62&apn_sauid=5662B196-9AE3-4B46-AEFA-DA9F1E284167
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629231946.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629231946.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
FF NewTab: about:blank
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: https://anonymous-proxy-servers.net/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 4001
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 4001
FF NetworkProxy: "type", 1
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-14]
FF Extension: Cookie Monster - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-14]
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-14]
FF Extension: JonDoFox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2013-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-07] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]
U3 uwdirpod; \??\C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-14 21:27 - 2014-03-14 21:27 - 00050645 _____ () C:\Users\Daniel\Desktop\Gmer.txt
2014-03-14 21:19 - 2014-03-14 21:19 - 00380416 _____ () C:\Users\Daniel\Downloads\ye1xljj3.exe
2014-03-14 21:10 - 2014-03-14 21:29 - 00019848 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-03-14 21:10 - 2014-03-14 21:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-03-14 16:03 - 2014-03-14 16:03 - 30814600 _____ (JonDos GmbH) C:\Users\Daniel\Downloads\JonDoFox290.paf(1).exe
2014-03-14 12:18 - 2014-03-14 12:18 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 11:36 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-13 11:35 - 2014-03-13 11:35 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-03-13 11:29 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-13 11:29 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-13 11:29 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-13 11:25 - 2014-03-13 11:29 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 11:25 - 2014-03-13 11:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 11:20 - 2014-03-13 11:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-12 22:33 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:33 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:33 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:33 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:33 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:33 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:33 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:33 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:33 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:33 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:33 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:33 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:33 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:33 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:33 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:33 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:33 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:33 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:33 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:33 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:33 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:33 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:33 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:33 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:33 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:33 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:33 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:33 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:33 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:33 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:33 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:33 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:33 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:33 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:33 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:33 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:33 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:33 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:33 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:33 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:33 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:33 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:33 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:33 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 22:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 21:25 - 2014-03-11 21:26 - 01949184 _____ () C:\Users\Daniel\Downloads\adwcleaner_3.021.exe
2014-03-10 13:14 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Daniel\Desktop\KORR_1
2014-03-01 23:26 - 2014-03-01 23:26 - 00000000 ____D () C:\Users\Daniel\Desktop\Gordie Tentrees
2014-03-01 22:58 - 2014-03-01 22:58 - 02734688 _____ () C:\Users\Daniel\Downloads\SetupCloneCD5314.exe
2014-03-01 22:58 - 2008-03-01 23:08 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-03-01 22:54 - 2014-03-01 22:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Downloader.exe
2014-02-23 23:21 - 2014-02-23 23:25 - 137004504 _____ () C:\Users\Daniel\Downloads\avira_free_antivirus1403_de.exe
2014-02-23 22:31 - 2014-02-23 22:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 22:06 - 2014-02-23 22:07 - 05049344 _____ (Crawler.com ) C:\Users\Daniel\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-02-15 11:26 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-14 11:08 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-14 11:08 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 11:09 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-13 11:09 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-13 11:09 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-13 11:09 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-13 11:09 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-13 11:09 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-13 11:09 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-13 11:09 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-13 11:09 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-13 11:09 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-13 11:09 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-13 11:09 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-13 11:09 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-13 11:09 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-13 11:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-13 11:09 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-13 11:09 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-13 11:09 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-13 11:09 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-13 11:09 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-13 11:09 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-13 11:08 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-13 11:08 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-13 11:08 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-13 11:08 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-14 21:29 - 2014-03-14 21:10 - 00019848 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-03-14 21:29 - 2013-11-29 22:42 - 00000000 ____D () C:\FRST
2014-03-14 21:27 - 2014-03-14 21:27 - 00050645 _____ () C:\Users\Daniel\Desktop\Gmer.txt
2014-03-14 21:19 - 2014-03-14 21:19 - 00380416 _____ () C:\Users\Daniel\Downloads\ye1xljj3.exe
2014-03-14 21:10 - 2014-03-14 21:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-03-14 20:51 - 2011-10-22 14:36 - 01981790 _____ () C:\Windows\WindowsUpdate.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-03-14 20:29 - 2011-10-26 17:56 - 00000000 ____D () C:\Users\Daniel
2014-03-14 16:19 - 2013-09-01 11:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-03-14 16:15 - 2013-09-01 11:14 - 00000000 ___RD () C:\Users\Daniel\Dropbox
2014-03-14 16:04 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:04 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-14 16:03 - 2014-03-14 16:03 - 30814600 _____ (JonDos GmbH) C:\Users\Daniel\Downloads\JonDoFox290.paf(1).exe
2014-03-14 15:57 - 2011-12-16 17:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-14 15:56 - 2011-10-22 14:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-14 15:56 - 2010-11-21 04:47 - 00624040 _____ () C:\Windows\PFRO.log
2014-03-14 15:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-14 15:56 - 2009-07-14 05:51 - 00114882 _____ () C:\Windows\setupact.log
2014-03-14 13:07 - 2010-11-21 07:50 - 00652246 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 13:07 - 2010-11-21 07:50 - 00129254 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 13:07 - 2009-07-14 06:13 - 01514416 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 12:18 - 2014-03-14 12:18 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-13 11:36 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-13 11:36 - 2014-02-15 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 11:36 - 2011-10-26 19:25 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mozilla
2014-03-13 11:35 - 2014-03-13 11:35 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-03-13 11:29 - 2014-03-13 11:25 - 00000000 ____D () C:\ProgramData\Avira
2014-03-13 11:29 - 2014-03-13 11:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 11:20 - 2014-03-13 11:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-13 11:18 - 2009-07-14 05:45 - 00473176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 11:17 - 2013-03-14 22:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 11:17 - 2013-03-14 22:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 11:16 - 2013-11-29 21:23 - 00000000 ____D () C:\AdwCleaner
2014-03-13 10:52 - 2011-10-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 00:01 - 2013-09-29 09:59 - 00000000 ____D () C:\Users\Daniel\Documents\Reisebuch Fahrradtouren M.-V
2014-03-11 21:26 - 2014-03-11 21:25 - 01949184 _____ () C:\Users\Daniel\Downloads\adwcleaner_3.021.exe
2014-03-11 21:12 - 2011-10-22 22:11 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 12:53 - 2011-10-22 22:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-07 16:00 - 2014-03-10 13:14 - 00000000 ____D () C:\Users\Daniel\Desktop\KORR_1
2014-03-01 23:26 - 2014-03-01 23:26 - 00000000 ____D () C:\Users\Daniel\Desktop\Gordie Tentrees
2014-03-01 23:25 - 2008-03-01 23:15 - 00000812 _____ () C:\Windows\cdplayer.ini
2014-03-01 23:19 - 2008-03-01 23:15 - 00000000 ____D () C:\Users\Daniel\Desktop\The Piano Guys
2014-03-01 22:58 - 2014-03-01 22:58 - 02734688 _____ () C:\Users\Daniel\Downloads\SetupCloneCD5314.exe
2014-03-01 22:54 - 2014-03-01 22:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Downloader.exe
2014-03-01 22:53 - 2014-01-15 19:22 - 00006144 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 12:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 22:33 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 22:33 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 22:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 22:33 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 22:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 22:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 22:33 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 22:33 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 22:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 22:33 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 22:33 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 22:33 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 22:33 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 22:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 22:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 22:33 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 22:33 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 22:33 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 22:33 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 22:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 22:33 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 22:33 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 22:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 22:33 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 22:33 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 22:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-26 16:24 - 2011-02-11 11:22 - 01594892 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-25 11:41 - 2014-03-13 11:29 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-13 11:29 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-13 11:29 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-23 23:25 - 2014-02-23 23:21 - 137004504 _____ () C:\Users\Daniel\Downloads\avira_free_antivirus1403_de.exe
2014-02-23 22:31 - 2014-02-23 22:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 22:07 - 2014-02-23 22:06 - 05049344 _____ (Crawler.com ) C:\Users\Daniel\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-02-20 23:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-15 11:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\APNStub.exe
C:\Users\Daniel\AppData\Local\Temp\AskSLib.dll
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Daniel\AppData\Local\Temp\COMAP.EXE
C:\Users\Daniel\AppData\Local\Temp\contentDATs.exe
C:\Users\Daniel\AppData\Local\Temp\dvdshrink.3.2.de.(decss-frei).setup.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\mfc80.dll
C:\Users\Daniel\AppData\Local\Temp\mfc80u.dll
C:\Users\Daniel\AppData\Local\Temp\mfcm80.dll
C:\Users\Daniel\AppData\Local\Temp\mfcm80u.dll
C:\Users\Daniel\AppData\Local\Temp\MSN5F22.exe
C:\Users\Daniel\AppData\Local\Temp\msvcm80.dll
C:\Users\Daniel\AppData\Local\Temp\msvcp80.dll
C:\Users\Daniel\AppData\Local\Temp\msvcr80.dll
C:\Users\Daniel\AppData\Local\Temp\OSU.exe
C:\Users\Daniel\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Daniel\AppData\Local\Temp\SIntf16.dll
C:\Users\Daniel\AppData\Local\Temp\SIntf32.dll
C:\Users\Daniel\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Daniel\AppData\Local\Temp\Uninstaller.exe
C:\Users\Daniel\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Daniel\AppData\Local\Temp\WTGXMLUtil.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 14:39

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-14 21:27:49
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: ye1xljj3.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                                                                               fffff800039b4000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575                                                                                                                               fffff800039b402f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000075021465 2 bytes [02, 75]
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    00000000750214bb 2 bytes [02, 75]
.text     ...                                                                                                                                                                                              * 2
.text     C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                                 000007fefd522db0 5 bytes JMP 000007fffd510180
.text     C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                            000007fefd5237d0 7 bytes JMP 000007fffd5100d8
.text     C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                              000007fefd528ef0 6 bytes JMP 000007fffd510148
.text     C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                          000007fefd53af60 5 bytes JMP 000007fffd510110
.text     C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                           000007fefd6289e0 8 bytes JMP 000007fffd5101f0
.text     C:\Windows\system32\Dwm.exe[2832] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                         000007fefd62be40 8 bytes JMP 000007fffd5101b8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                       00000000772defe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                     00000000773099b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                     00000000773194d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                     0000000077319640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1488] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                              000000007733a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                      00000000772defe0 5 bytes JMP 000000016fff0148
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                    00000000773099b0 7 bytes JMP 000000016fff00d8
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                    00000000773194d0 5 bytes JMP 000000016fff0180
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                    0000000077319640 5 bytes JMP 000000016fff0110
.text     C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3020] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                             000000007733a500 7 bytes JMP 000000016fff01b8
.text     C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                    00000000772defe0 5 bytes JMP 000000016fff0148
.text     C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                                  00000000773099b0 7 bytes JMP 000000016fff00d8
.text     C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                                  00000000773194d0 5 bytes JMP 000000016fff0180
.text     C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                                  0000000077319640 5 bytes JMP 000000016fff0110
.text     C:\Windows\System32\igfxpers.exe[3184] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                           000000007733a500 7 bytes JMP 000000016fff01b8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                             000007fefd522db0 5 bytes JMP 000007fffd510180
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                        000007fefd5237d0 7 bytes JMP 000007fffd5100d8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                          000007fefd528ef0 6 bytes JMP 000007fffd510148
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                      000007fefd53af60 5 bytes JMP 000007fffd510110
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                       000007fefd6289e0 8 bytes JMP 000007fffd5101f0
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                     000007fefd62be40 8 bytes JMP 000007fffd5101b8
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                             000007feff3b7490 11 bytes JMP 000007fffd510228
.text     C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[3464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                            000007feff3cbf00 7 bytes JMP 000007fffd510260
.text     C:\Windows\system32\wbem\unsecapp.exe[3784] C:\Windows\system32\ole32.dll!CoCreateInstance                                                                                                       000007feff3b7490 11 bytes JMP 000007fffd510228
.text     C:\Windows\system32\wbem\unsecapp.exe[3784] C:\Windows\system32\ole32.dll!CoSetProxyBlanket                                                                                                      000007feff3cbf00 7 bytes JMP 000007fffd510260
.text     C:\Program Files\Dell\QuickSet\quickset.exe[4708] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                           000007fefd6289e0 8 bytes JMP 000007fffd5101f0
.text     C:\Program Files\Dell\QuickSet\quickset.exe[4708] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                         000007fefd62be40 8 bytes JMP 000007fffd5101b8
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                     00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                            000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                            0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                            0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                              0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                 0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                               0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                   0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                      0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Program Files (x86)\Steam\steam.exe[4752] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate                                                                                                       000000007541549c 5 bytes JMP 00000001002f0800
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                              00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                     000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                     0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                     0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                       0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                          0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                        0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                            0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                               0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                              0000000075475ea5 5 bytes JMP 0000000171721ce0
.text     C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe[4788] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                               00000000754a9d0b 5 bytes JMP 0000000171721c70
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                          00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                 000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                 0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                 0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                   0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                   00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[4796] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                     00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe[4940] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                  00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                      00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                             000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                             0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                             0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                               0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                      0000000075475ea5 5 bytes JMP 0000000171721ce0
.text     C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[4980] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                       00000000754a9d0b 5 bytes JMP 0000000171721c70
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                          00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                 000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                 0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                 0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                   0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                      0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                    0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                        0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe[5004] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                           0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                            00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                   000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                   0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                   0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5116] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                     0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4148] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                              00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Program Files (x86)\PDF24\pdf24.exe[4148] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                               00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                      000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                      0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                      0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                        0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                           0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                         0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                             0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\ole32.DLL!CoSetProxyBlanket                                                               0000000075475ea5 5 bytes JMP 0000000171721ce0
.text     C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[4160] C:\Windows\syswow64\ole32.DLL!CoCreateInstance                                                                00000000754a9d0b 5 bytes JMP 0000000171721c70
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA                                                                                 00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW                                                                        000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx                                                                        0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation                                                                        0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW                                                                          0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                             0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                           0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                               0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                  0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                          00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                            00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                                         0000000075021465 2 bytes [02, 75]
.text     C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2020] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                                        00000000750214bb 2 bytes [02, 75]
.text     ...                                                                                                                                                                                              * 2
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                    00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                           000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                           0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                           0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                             0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                              0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                  0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                     0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                             00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                               00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                    0000000075475ea5 5 bytes JMP 0000000171721ce0
.text     C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe[4896] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                     00000000754a9d0b 5 bytes JMP 0000000171721c70
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                           00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                  000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                  0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                  0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                    0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                    00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[5236] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                      00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                     00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                            000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                            0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                            0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                              0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                 0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                               0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                   0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                      0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                             0000000075021465 2 bytes [02, 75]
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                            00000000750214bb 2 bytes [02, 75]
.text     ...                                                                                                                                                                                              * 2
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                              00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                00000000755eeba5 5 bytes JMP 0000000171721a90
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                                                     0000000075475ea5 5 bytes JMP 0000000171721ce0
.text     C:\Users\Daniel\Downloads\Defogger.exe[7104] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                                      00000000754a9d0b 5 bytes JMP 0000000171721c70
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW                                                                                                00000000772defe0 5 bytes JMP 000000016fff0148
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx                                                                                              00000000773099b0 7 bytes JMP 000000016fff00d8
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32GetModuleInformation                                                                                              00000000773194d0 5 bytes JMP 000000016fff0180
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW                                                                                              0000000077319640 5 bytes JMP 000000016fff0110
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\kernel32.dll!RegSetValueExA                                                                                                       000000007733a500 7 bytes JMP 000000016fff01b8
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!FreeLibrary                                                                                                        000007fefd522db0 5 bytes JMP 000007fffd4b0180
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW                                                                                                   000007fefd5237d0 7 bytes JMP 000007fffd4b00d8
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW                                                                                                     000007fefd528ef0 6 bytes JMP 000007fffd4b0148
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW                                                                                                 000007fefd53af60 5 bytes JMP 000007fffd4b0110
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                  000007fefd6289e0 8 bytes JMP 000007fffd4b01f0
.text     C:\Users\Daniel\Downloads\FRST64.exe[3848] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList                                                                                                000007fefd62be40 8 bytes JMP 000007fffd4b01b8
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                                                     00000000769713e1 7 bytes JMP 0000000171721e90
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW                                                                                            000000007698b1d3 5 bytes JMP 0000000171721da0
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                                            0000000076a088b4 7 bytes JMP 0000000171721d90
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                                            0000000076a08939 5 bytes JMP 0000000171721e80
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                                              0000000076a08c8f 5 bytes JMP 0000000171721e10
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                                                 0000000075411d1b 5 bytes JMP 0000000171722450
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                                               0000000075411dc9 5 bytes JMP 00000001717224b0
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                                                   0000000075412aa4 5 bytes JMP 0000000171722520
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                                      0000000075412d0a 5 bytes JMP 0000000171722670
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                                              00000000755ee96b 5 bytes JMP 0000000171721a00
.text     C:\Users\Daniel\Downloads\ye1xljj3.exe[6152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                                                00000000755eeba5 5 bytes JMP 0000000171721a90

---- Threads - GMER 2.1 ----

Thread    C:\Windows\system32\svchost.exe [1168:1104]                                                                                                                                                      000007fef8fbbd88
Thread    C:\Windows\system32\svchost.exe [1168:3984]                                                                                                                                                      000007fef3e083d8
Thread    C:\Windows\system32\svchost.exe [1168:3988]                                                                                                                                                      000007fef3e083d8
Thread    C:\Windows\system32\svchost.exe [1168:3992]                                                                                                                                                      000007fef3e083d8
Thread    C:\Windows\system32\svchost.exe [1168:3996]                                                                                                                                                      000007fef3e083d8
Thread    C:\Windows\system32\svchost.exe [1168:3148]                                                                                                                                                      000007fef35d3f1c
Thread    C:\Windows\system32\svchost.exe [1168:2412]                                                                                                                                                      000007fefa761a38
Thread    C:\Windows\system32\svchost.exe [1168:2408]                                                                                                                                                      000007fef3dd5388
Thread    C:\Windows\system32\svchost.exe [1168:3504]                                                                                                                                                      000007fef3577738
Thread    C:\Windows\system32\svchost.exe [1168:3508]                                                                                                                                                      000007fef3561f90
Thread    C:\Windows\system32\svchost.exe [1168:4340]                                                                                                                                                      000007fef6c65170
Thread    C:\Windows\system32\svchost.exe [1168:4320]                                                                                                                                                      000007fef8df5124
Thread    C:\Windows\system32\taskhost.exe [2768:3064]                                                                                                                                                     000007fefb2c1010
Thread    C:\Windows\system32\taskhost.exe [2768:5452]                                                                                                                                                     000007fef6c65170
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:5752]                                                                                                                                   000007fefb592a7c
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:5764]                                                                                                                                   000007fee9ae4830
Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4164:5908]                                                                                                                                   000007fef8df5124
Thread    C:\Windows\system32\svchost.exe [4400:4500]                                                                                                                                                      000007fef7065fd0
Thread    C:\Windows\system32\svchost.exe [4400:4504]                                                                                                                                                      000007fef70663ec
Thread    C:\Windows\system32\svchost.exe [4400:4416]                                                                                                                                                      000007fef1b78470
Thread    C:\Windows\system32\svchost.exe [4400:2172]                                                                                                                                                      000007fef1b82418
Thread    C:\Windows\system32\svchost.exe [4400:5836]                                                                                                                                                      000007fee8b9f130
Thread    C:\Windows\system32\svchost.exe [4400:3656]                                                                                                                                                      000007fef8df5124
Thread    C:\Windows\system32\svchost.exe [4400:3940]                                                                                                                                                      000007fee8b94734
Thread    C:\Windows\system32\svchost.exe [4400:6404]                                                                                                                                                      000007fee8b94734
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5948:5960]                                                                                                              000007fef10bb528
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5948:5964]                                                                                                              000007fef0f7b334
Thread    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [5948:5996]                                                                                                              000007fef0f7b334
---- Processes - GMER 2.1 ----

Library   C:\Users\Daniel\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2014-01-03 00:45:04)                          00000000042e0000
Library   C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896](2013-10-18 23:55:02)                                00000000666c0000
Library   C:\Users\Daniel\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe [4896] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00)  0000000065d30000

---- EOF - GMER 2.1 ----
         

Alt 14.03.2014, 23:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zitat:
allerdings weiß ich nicht genau wie man die Datei Addition.txt generiert.
Das macht FRST von allein. Wenn die nicht erstellt wurde war der Haken bei additions nicht gesetzt, das hat genau 2 mögliche Ursachen:

1) Du hast den Haken weggenommen
2) Du hast FRST schon der Vergangenheit benutzt - nur beim ersten Ausführen von FRST ist von allein ein Haken bei additions drin
__________________

__________________

Alt 14.03.2014, 23:25   #3
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Hallo und vielen Dank für die schnelle Antwort.
Bei Avira gibt es unter "Ereignisse" keinerlei Funde. Ich habe auch direkt nach Auftreten des Problems einen kompletten Systemscan (mit Avira) durchführen lassen, der allerdings auch ohne Ergebnisse blieb...
Komisch, den Haken hab ich nicht weggenommen. Kann allerdings sein, dass ich FRST früher schonmal verwendet habe. Hier nochmal die Datei Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Daniel at 2014-03-14 23:19:53
Running from C:\Users\Daniel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)
Avira (HKLM-x32\...\{b0281a65-bf49-4b99-9ba4-8bd5acf46421}) (Version: 1.0.5179.26566 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5179.26566 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
ChemAxon Marvin Beans (64bit) 5.9.2 (HKLM\...\ChemAxon Marvin Beans (64bit) 5.9.2) (Version:  - ChemAxon)
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.3522 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DIE SIEDLER - Das Erbe der Könige (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
Die Siedler 2 - Die nächste Generation (HKLM-x32\...\{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}) (Version: 1.00.0000 - UBISOFT)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.2.901 - Foxit Corporation)
Image Tuner 3.2 (HKLM-x32\...\Image Tuner_is1) (Version:  - Glorylogic)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
JChem .NET API 5.9.2.611 (HKLM\...\{E318E4B5-BF2E-4672-9F77-4A510FD395EA}) (Version: 5.9.2.0 - ChemAxon)
JonDo (HKLM-x32\...\JonDoUninstall) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mercury (HKLM-x32\...\Mercury 3.1) (Version: 3.1 - CCDC)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
NVIDIA 3D Vision Treiber 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.30 - NVIDIA Corporation)
NVIDIA Grafiktreiber 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.30 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.41.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6830 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 268.30 (Version: 268.30 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
Python 2.7.5 (HKLM-x32\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.0 - Nikon)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

10-03-2014 13:58:59 Windows Update
11-03-2014 20:11:59 Removed Skype™ 6.11
13-03-2014 09:50:00 Windows Update
13-03-2014 10:06:06 Removed Microsoft Silverlight
14-03-2014 11:50:42 Windows Update
14-03-2014 20:47:29 Installed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {352AADBE-4563-4E19-80DE-20FA85265177} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe
Task: {9761518F-2067-4BAC-9062-7FE53F42F3CF} - \Funmoods No Task File
Task: {EFE8356C-F0B4-4E67-89EC-7C695888A395} - \Desk 365 RunAsStdUser No Task File

==================== Loaded Modules (whitelisted) =============

2011-07-28 02:07 - 2011-07-28 02:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-10-06 11:27 - 2011-09-13 09:16 - 00342984 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2011-10-22 23:09 - 2011-07-20 14:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-22 21:57 - 2010-12-17 16:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-07-28 02:07 - 2011-07-28 02:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-10-06 11:27 - 2011-09-13 09:16 - 00510920 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2010-11-29 21:04 - 2010-11-29 21:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll
2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-02-12 15:27 - 2011-11-07 09:52 - 00220944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
2013-02-12 15:27 - 2011-11-07 09:52 - 00036624 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
2014-03-07 14:47 - 2014-03-07 14:47 - 00111696 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-07 14:48 - 2014-03-07 14:48 - 00061520 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00857896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-12-16 18:01 - 2012-02-26 19:21 - 14415144 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00914216 _____ () C:\Program Files (x86)\Steam\bin\avcodec-52.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00091432 _____ () C:\Program Files (x86)\Steam\bin\avutil-50.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00155432 _____ () C:\Program Files (x86)\Steam\bin\avformat-52.dll
2013-02-12 15:27 - 2011-05-06 04:03 - 00594944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
2013-02-12 15:27 - 2011-11-07 09:39 - 00099328 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
2013-02-12 15:27 - 2011-11-07 09:38 - 00027136 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
2013-02-12 15:27 - 2010-10-14 10:37 - 00971776 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
2013-02-12 15:27 - 2010-10-14 10:37 - 00080688 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
2013-02-12 15:27 - 2011-11-07 09:38 - 00055296 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
2013-02-12 15:27 - 2011-11-07 09:39 - 00043008 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
2013-02-12 15:27 - 2011-11-07 09:38 - 00035840 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
2013-02-12 15:27 - 2011-11-07 09:43 - 00020992 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2013-02-12 15:27 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
2013-02-12 15:27 - 2011-05-06 04:02 - 00341504 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
2014-03-13 11:30 - 2014-03-07 14:48 - 00049744 _____ () C:\Users\Daniel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-03-14 21:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-13 11:35 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-21 18:32 - 2011-04-21 18:32 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:A8336F7B8D19861C

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2014 09:45:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 08:16:16 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/14/2014 03:56:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 00:25:58 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (03/13/2014 11:18:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/13/2014 11:13:59 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Runtime.Remoting, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80131040

Error: (03/13/2014 11:13:59 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Dynamic, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error: (03/13/2014 11:13:59 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80131040

Error: (03/13/2014 11:13:59 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: Microsoft.CSharp, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a . Error code = 0x80070002

Error: (03/13/2014 10:52:47 AM) (Source: Windows Search Service) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog


System errors:
=============
Error: (03/14/2014 07:25:53 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.

Error: (03/14/2014 00:51:10 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (03/11/2014 09:22:37 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/11/2014 09:22:37 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/11/2014 00:22:57 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/11/2014 00:22:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/11/2014 00:22:56 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/11/2014 00:22:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/11/2014 00:22:55 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.

Error: (03/10/2014 02:59:26 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 6038.17 MB
Available physical RAM: 3543.91 MB
Total Pagefile: 12074.52 MB
Available Pagefile: 9132.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:679 GB) (Free:571.23 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Gruß
Daniel
__________________

Alt 15.03.2014, 00:56   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Zitat:
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Enterprise Office?
Wie kommt das denn dadrauf? Oder ist/war das ein Büro-PC auf dem diese Version bei entsprechender Lizenz installiert wurde?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.03.2014, 21:55   #5
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Hallo cosinus,
das war der Arbeitsrechner der Eltern, den ich allerdings seit einiger Zeit benutze.
Gruß Daniel


Alt 16.03.2014, 01:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.

Alt 18.03.2014, 17:58   #7
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Hallo Cosinus,
ich habe einen Scan mit MBAR durcheführt, allerdings wurde dabei nichts gefunden. Soweit ein gutes zeichen denke ich. Seitdem ich die Laufwerksemulation abgeschaltet habe ist das Problem auch fast nicht mehr aufgetreten. Geschwindigkeitseinbußen habe ich (gefühlt) keine, bei diesen oben beschriebenen Einblendungen unten links im Bildschirm tauchte auch nur noch ganz selten "akamaihd" etc. auf. Komplett weg scheint es allerdings noch nicht zu sein.
Nochmals danke für die Hilfe!
Gruß Daniel

Alt 19.03.2014, 11:17   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Log bitte immer posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.03.2014, 17:31   #9
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Hier ist die Logfile:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Daniel :: DANIEL-PC [administrator]

18.03.2014 16:51:40
mbar-log-2014-03-18 (16-51-40).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 276895
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         

Alt 19.03.2014, 19:05   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



ok, mbar war auch aktuell

Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2014, 13:25   #11
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



soo, hier ist der Logfile-Zoo:
Code:
ATTFilter
# AdwCleaner v3.022 - Bericht erstellt am 21/03/2014 um 11:55:19
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Daniel - DANIEL-PC
# Gestartet von : C:\Users\Daniel\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\f8b34e3b5e6e337aa6491ee3f713f8f5\adwcleaner_3.021.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Temp\OCS
Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\10vxuot9.default\prefs.js ]


[ Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js ]

Zeile gelöscht : user_pref("pttl.menu-search-groups-tab", false);
Zeile gelöscht : user_pref("pttl.menu-search-groups-win", false);

*************************

AdwCleaner[R0].txt - [5245 octets] - [29/11/2013 21:24:17]
AdwCleaner[R1].txt - [3939 octets] - [29/11/2013 21:26:24]
AdwCleaner[R2].txt - [2290 octets] - [29/11/2013 23:26:59]
AdwCleaner[R3].txt - [1410 octets] - [14/01/2014 12:46:23]
AdwCleaner[R4].txt - [1971 octets] - [23/02/2014 22:11:07]
AdwCleaner[R5].txt - [1687 octets] - [23/02/2014 22:49:02]
AdwCleaner[R6].txt - [1870 octets] - [11/03/2014 21:26:38]
AdwCleaner[R7].txt - [1547 octets] - [13/03/2014 11:15:31]
AdwCleaner[R8].txt - [2334 octets] - [21/03/2014 11:54:35]
AdwCleaner[S0].txt - [5279 octets] - [29/11/2013 21:27:10]
AdwCleaner[S1].txt - [2114 octets] - [29/11/2013 23:27:47]
AdwCleaner[S2].txt - [1318 octets] - [16/12/2013 22:13:10]
AdwCleaner[S3].txt - [1427 octets] - [14/01/2014 12:47:21]
AdwCleaner[S4].txt - [1984 octets] - [23/02/2014 22:12:34]
AdwCleaner[S5].txt - [1748 octets] - [23/02/2014 22:49:44]
AdwCleaner[S6].txt - [1837 octets] - [11/03/2014 21:27:40]
AdwCleaner[S7].txt - [1609 octets] - [13/03/2014 11:16:31]
AdwCleaner[S8].txt - [2211 octets] - [21/03/2014 11:55:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [2271 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Daniel on 21.03.2014 at 12:05:02,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F80EFB33-2D2D-48F6-A01A-27D972EC4F23}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{54A65DDD-0D6E-4B88-BA4D-6C04E07BD211}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{56F59F20-C1D1-4320-8DFB-E75A3D5667B3}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{657038D8-63AE-4FCB-86DE-8749BCC015FA}
Successfully deleted: [Empty Folder] C:\Users\Daniel\appdata\local\{C7F020BC-470F-4E7C-AA70-52229ADA0877}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.03.2014 at 12:11:19,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Daniel (administrator) on DANIEL-PC on 21-03-2014 12:46:01
Running from C:\Users\Daniel\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
() C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(Dropbox, Inc.) C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Daniel\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] - C:\Windows\system32\nvHotkey.dll [312936 2011-04-22] (NVIDIA Corporation)
HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-28] (Intel(R) Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM-x32\...\Run: [RemoteControl9] - c:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - c:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-18] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - c:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-29] (cyberlink)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] - C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [172624 2014-03-14] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1242448 2011-12-16] (Valve Corporation)
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\MountPoints2: {195b030e-2a7d-11e3-89f4-848f69b0bb45} - E:\.\Setup.exe AUTORUN=1
HKU\S-1-5-21-541065689-311852328-1367447640-1001\...\MountPoints2: {195b0321-2a7d-11e3-89f4-848f69b0bb45} - E:\.\Setup.exe AUTORUN=1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Daniel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk
ShortcutTarget: Überwachungstool für die Intel® Turbo-Boost-Technik 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120629231946.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120629231946.dll No File
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox
FF NewTab: about:blank
FF DefaultSearchEngine: Startpage HTTPS
FF SelectedSearchEngine: Startpage HTTPS
FF Homepage: https://anonymous-proxy-servers.net/
FF NetworkProxy: "ftp", "127.0.0.1"
FF NetworkProxy: "ftp_port", 4001
FF NetworkProxy: "gopher", "127.0.0.1"
FF NetworkProxy: "gopher_port", 4001
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 4001
FF NetworkProxy: "no_proxies_on", ""
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 4001
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 4001
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\duckduckgo-ssl-javascript-free.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-de-ssl.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\google-encrypted-no-personalization.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick-ssl-pictures---english.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-eng-ger.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-esp-ale.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\leo-fra-all.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\metager2.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\ssl-wikipedia-english.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\searchplugins\startpage-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\https-everywhere@eff.org [2014-03-20]
FF Extension: Cookie Monster - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{45d8ff86-d909-11db-9705-005056c00008} [2014-03-14]
FF Extension: DownloadHelper - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-14]
FF Extension: JonDoFox - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{437be45a-4114-11dd-b9ab-71d256d89593}.xpi [2013-12-10]
FF Extension: NoScript - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-09]
FF Extension: Adblock Plus - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-28]
FF Extension: ProfileSwitcher - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4}.xpi [2013-10-28]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-02-15]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2013-02-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [116816 2014-03-14] (Avira Operations GmbH & Co. KG)
S2 CLKMSVC10_9EC60124; c:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe [236016 2010-10-29] (CyberLink)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-28] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [138752 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 ewusbnet; C:\Windows\SysWOW64\DRIVERS\ewusbnet.sys [138752 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 ew_hwusbdev; C:\Windows\SysWOW64\DRIVERS\ew_hwusbdev.sys [117248 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 hwdatacard; C:\Windows\SysWOW64\DRIVERS\ewusbmdm.sys [121600 2013-10-06] (Huawei Technologies Co., Ltd.)
S3 NvStUSB; C:\Windows\system32\drivers\nvstusb.sys [121960 2010-12-12] ()
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.)
S3 CtClsFlt; system32\DRIVERS\CtClsFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-21 12:45 - 2014-03-21 12:45 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64(1).exe
2014-03-21 12:11 - 2014-03-21 12:11 - 00001203 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-03-21 12:05 - 2014-03-21 12:05 - 00000000 ____D () C:\Windows\ERUNT
2014-03-21 12:03 - 2014-03-21 12:03 - 01037734 _____ (Thisisu) C:\Users\Daniel\Downloads\JRT.exe
2014-03-21 11:58 - 2014-03-21 11:58 - 00002351 _____ () C:\Users\Daniel\Desktop\AdwCleaner[S8].txt
2014-03-21 11:53 - 2014-03-21 11:53 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-03-19 22:39 - 2014-03-19 22:43 - 00000000 ____D () C:\Users\Daniel\Documents\Meeereschemie
2014-03-18 16:51 - 2014-03-18 17:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 16:51 - 2014-03-18 16:51 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 16:48 - 2014-03-18 16:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 16:47 - 2014-03-18 17:36 - 00000000 ____D () C:\Users\Daniel\Desktop\mbar
2014-03-18 16:46 - 2014-03-18 16:47 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Daniel\Downloads\mbar-1.07.0.1009.exe
2014-03-15 22:03 - 2014-03-15 22:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 22:03 - 2014-03-15 22:09 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 18:31 - 2014-03-15 18:31 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-14 23:19 - 2014-03-21 12:46 - 00019478 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-03-14 23:19 - 2014-03-14 23:20 - 00028369 _____ () C:\Users\Daniel\Downloads\Addition.txt
2014-03-14 21:53 - 2014-03-14 21:53 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-03-14 21:50 - 2014-02-25 11:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-03-14 21:50 - 2014-02-25 11:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-03-14 21:50 - 2014-02-25 11:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-03-14 21:48 - 2014-03-14 21:48 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-14 21:48 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-03-14 21:48 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-03-14 21:48 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-03-14 21:48 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-03-14 21:38 - 2014-03-14 21:50 - 00000000 ____D () C:\ProgramData\Avira
2014-03-14 21:38 - 2014-03-14 21:38 - 04051048 _____ (Avira Operations GmbH & Co. KG) C:\Users\Daniel\Downloads\avira_de_av___ws.exe
2014-03-14 21:19 - 2014-03-14 21:19 - 00380416 _____ () C:\Users\Daniel\Downloads\ye1xljj3.exe
2014-03-14 21:10 - 2014-03-14 21:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-03-14 16:03 - 2014-03-14 16:03 - 30814600 _____ (JonDos GmbH) C:\Users\Daniel\Downloads\JonDoFox290.paf(1).exe
2014-03-13 11:36 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-13 11:25 - 2014-03-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-13 11:20 - 2014-03-18 12:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-12 22:33 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 22:33 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 22:33 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 22:33 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 22:33 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 22:33 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 22:33 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 22:33 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 22:33 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 22:33 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 22:33 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 22:33 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 22:33 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 22:33 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 22:33 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 22:33 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 22:33 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 22:33 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 22:33 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 22:33 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 22:33 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 22:33 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 22:33 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 22:33 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 22:33 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 22:33 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 22:33 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 22:33 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 22:33 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 22:33 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 22:33 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 22:33 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 22:33 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 22:33 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 22:33 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 22:33 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 22:33 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 22:33 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 22:33 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 22:33 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 22:33 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 22:33 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 22:33 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 22:33 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 22:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 22:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 22:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 22:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-10 13:14 - 2014-03-07 16:00 - 00000000 ____D () C:\Users\Daniel\Desktop\KORR_1
2014-03-01 23:26 - 2014-03-01 23:26 - 00000000 ____D () C:\Users\Daniel\Desktop\Gordie Tentrees
2014-03-01 22:58 - 2014-03-01 22:58 - 02734688 _____ () C:\Users\Daniel\Downloads\SetupCloneCD5314.exe
2014-03-01 22:58 - 2008-03-01 23:08 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-03-01 22:54 - 2014-03-01 22:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Downloader.exe
2014-02-23 23:21 - 2014-02-23 23:25 - 137004504 _____ () C:\Users\Daniel\Downloads\avira_free_antivirus1403_de.exe
2014-02-23 22:31 - 2014-02-23 22:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 22:06 - 2014-02-23 22:07 - 05049344 _____ (Crawler.com ) C:\Users\Daniel\Downloads\SpywareTerminatorSetup_3.0.0.82.exe

==================== One Month Modified Files and Folders =======

2014-03-21 12:46 - 2014-03-14 23:19 - 00019478 _____ () C:\Users\Daniel\Downloads\FRST.txt
2014-03-21 12:46 - 2013-11-29 22:42 - 00000000 ____D () C:\FRST
2014-03-21 12:46 - 2011-10-22 14:36 - 01387013 _____ () C:\Windows\WindowsUpdate.log
2014-03-21 12:45 - 2014-03-21 12:45 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64(1).exe
2014-03-21 12:11 - 2014-03-21 12:11 - 00001203 _____ () C:\Users\Daniel\Desktop\JRT.txt
2014-03-21 12:05 - 2014-03-21 12:05 - 00000000 ____D () C:\Windows\ERUNT
2014-03-21 12:03 - 2014-03-21 12:03 - 01037734 _____ (Thisisu) C:\Users\Daniel\Downloads\JRT.exe
2014-03-21 12:03 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 12:03 - 2009-07-14 05:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 11:58 - 2014-03-21 11:58 - 00002351 _____ () C:\Users\Daniel\Desktop\AdwCleaner[S8].txt
2014-03-21 11:57 - 2013-09-01 11:14 - 00000000 ___RD () C:\Users\Daniel\Dropbox
2014-03-21 11:57 - 2013-09-01 11:09 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Dropbox
2014-03-21 11:57 - 2011-12-16 17:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-21 11:56 - 2011-10-22 14:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-21 11:56 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 11:56 - 2009-07-14 05:51 - 00115218 _____ () C:\Windows\setupact.log
2014-03-21 11:55 - 2013-11-29 21:23 - 00000000 ____D () C:\AdwCleaner
2014-03-21 11:53 - 2014-03-21 11:53 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-03-19 22:43 - 2014-03-19 22:39 - 00000000 ____D () C:\Users\Daniel\Documents\Meeereschemie
2014-03-19 16:47 - 2011-02-11 11:22 - 01595092 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-19 16:47 - 2010-11-21 07:50 - 00699712 _____ () C:\Windows\system32\perfh007.dat
2014-03-19 16:47 - 2010-11-21 07:50 - 00149820 _____ () C:\Windows\system32\perfc007.dat
2014-03-19 16:47 - 2009-07-14 06:13 - 01595092 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 17:36 - 2014-03-18 16:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 17:36 - 2014-03-18 16:47 - 00000000 ____D () C:\Users\Daniel\Desktop\mbar
2014-03-18 16:51 - 2014-03-18 16:51 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 16:48 - 2014-03-18 16:48 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 16:47 - 2014-03-18 16:46 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Daniel\Downloads\mbar-1.07.0.1009.exe
2014-03-18 15:20 - 2010-11-21 04:47 - 00810676 _____ () C:\Windows\PFRO.log
2014-03-18 12:40 - 2014-03-13 11:25 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-03-18 12:40 - 2014-03-13 11:20 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-15 22:09 - 2014-03-15 22:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-15 22:09 - 2014-03-15 22:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-15 22:09 - 2011-10-26 20:22 - 00000000 ____D () C:\Users\Daniel\AppData\Local\Adobe
2014-03-15 18:31 - 2014-03-15 18:31 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-03-14 23:20 - 2014-03-14 23:19 - 00028369 _____ () C:\Users\Daniel\Downloads\Addition.txt
2014-03-14 21:53 - 2014-03-14 21:53 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Avira
2014-03-14 21:50 - 2014-03-14 21:38 - 00000000 ____D () C:\ProgramData\Avira
2014-03-14 21:48 - 2014-03-14 21:48 - 00005327 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-14 21:48 - 2013-09-14 09:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-14 21:48 - 2011-10-22 21:55 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-14 21:38 - 2014-03-14 21:38 - 04051048 _____ (Avira Operations GmbH & Co. KG) C:\Users\Daniel\Downloads\avira_de_av___ws.exe
2014-03-14 21:19 - 2014-03-14 21:19 - 00380416 _____ () C:\Users\Daniel\Downloads\ye1xljj3.exe
2014-03-14 21:10 - 2014-03-14 21:10 - 02157056 _____ (Farbar) C:\Users\Daniel\Downloads\FRST64.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00050477 _____ () C:\Users\Daniel\Downloads\Defogger.exe
2014-03-14 20:29 - 2014-03-14 20:29 - 00000474 _____ () C:\Users\Daniel\Downloads\defogger_disable.log
2014-03-14 20:29 - 2014-03-14 20:29 - 00000000 _____ () C:\Users\Daniel\defogger_reenable
2014-03-14 20:29 - 2011-10-26 17:56 - 00000000 ____D () C:\Users\Daniel
2014-03-14 16:03 - 2014-03-14 16:03 - 30814600 _____ (JonDos GmbH) C:\Users\Daniel\Downloads\JonDoFox290.paf(1).exe
2014-03-13 11:36 - 2014-03-13 11:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-13 11:36 - 2014-02-15 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 11:36 - 2011-10-26 19:25 - 00000000 ____D () C:\Users\Daniel\AppData\Roaming\Mozilla
2014-03-13 11:18 - 2009-07-14 05:45 - 00473176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 11:17 - 2013-03-14 22:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 11:17 - 2013-03-14 22:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 10:52 - 2011-10-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 00:01 - 2013-09-29 09:59 - 00000000 ____D () C:\Users\Daniel\Documents\Reisebuch Fahrradtouren M.-V
2014-03-11 21:12 - 2011-10-22 22:11 - 00000000 ____D () C:\ProgramData\Skype
2014-03-10 12:53 - 2011-10-22 22:26 - 00000000 ____D () C:\ProgramData\Sonic
2014-03-07 16:00 - 2014-03-10 13:14 - 00000000 ____D () C:\Users\Daniel\Desktop\KORR_1
2014-03-01 23:26 - 2014-03-01 23:26 - 00000000 ____D () C:\Users\Daniel\Desktop\Gordie Tentrees
2014-03-01 23:25 - 2008-03-01 23:15 - 00000812 _____ () C:\Windows\cdplayer.ini
2014-03-01 23:19 - 2008-03-01 23:15 - 00000000 ____D () C:\Users\Daniel\Desktop\The Piano Guys
2014-03-01 22:58 - 2014-03-01 22:58 - 02734688 _____ () C:\Users\Daniel\Downloads\SetupCloneCD5314.exe
2014-03-01 22:54 - 2014-03-01 22:54 - 00613200 _____ (Chip Digital GmbH) C:\Users\Daniel\Downloads\Virtual CloneDrive - CHIP-Downloader.exe
2014-03-01 22:53 - 2014-01-15 19:22 - 00006144 _____ () C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 12:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-01 07:05 - 2014-03-12 22:33 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-12 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-12 22:33 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-12 22:33 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-12 22:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-12 22:33 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-12 22:33 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-12 22:33 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-12 22:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-12 22:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-12 22:33 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-12 22:33 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-12 22:33 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-12 22:33 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-12 22:33 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-12 22:33 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-12 22:33 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-12 22:33 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-12 22:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-12 22:33 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-12 22:33 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-12 22:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-12 22:33 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-12 22:33 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-12 22:33 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-12 22:33 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-12 22:33 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-12 22:33 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-12 22:33 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-12 22:33 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-12 22:33 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-12 22:33 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-12 22:33 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-12 22:33 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-12 22:33 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-12 22:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-12 22:33 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-12 22:33 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-12 22:33 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-25 11:41 - 2014-03-14 21:50 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-02-25 11:41 - 2014-03-14 21:50 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-02-25 11:41 - 2014-03-14 21:50 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-02-23 23:25 - 2014-02-23 23:21 - 137004504 _____ () C:\Users\Daniel\Downloads\avira_free_antivirus1403_de.exe
2014-02-23 22:31 - 2014-02-23 22:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Daniel\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-23 22:07 - 2014-02-23 22:06 - 05049344 _____ (Crawler.com ) C:\Users\Daniel\Downloads\SpywareTerminatorSetup_3.0.0.82.exe
2014-02-20 23:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Daniel\AppData\Local\Temp\APNStub.exe
C:\Users\Daniel\AppData\Local\Temp\AskSLib.dll
C:\Users\Daniel\AppData\Local\Temp\avgnt.exe
C:\Users\Daniel\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Daniel\AppData\Local\Temp\COMAP.EXE
C:\Users\Daniel\AppData\Local\Temp\contentDATs.exe
C:\Users\Daniel\AppData\Local\Temp\dvdshrink.3.2.de.(decss-frei).setup.exe
C:\Users\Daniel\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Daniel\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Daniel\AppData\Local\Temp\fp_pl_pfs_installer-2.exe
C:\Users\Daniel\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Daniel\AppData\Local\Temp\i4jdel0.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Daniel\AppData\Local\Temp\mfc80.dll
C:\Users\Daniel\AppData\Local\Temp\mfc80u.dll
C:\Users\Daniel\AppData\Local\Temp\mfcm80.dll
C:\Users\Daniel\AppData\Local\Temp\mfcm80u.dll
C:\Users\Daniel\AppData\Local\Temp\MSN5F22.exe
C:\Users\Daniel\AppData\Local\Temp\msvcm80.dll
C:\Users\Daniel\AppData\Local\Temp\msvcp80.dll
C:\Users\Daniel\AppData\Local\Temp\msvcr80.dll
C:\Users\Daniel\AppData\Local\Temp\OSU.exe
C:\Users\Daniel\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Daniel\AppData\Local\Temp\Quarantine.exe
C:\Users\Daniel\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Daniel\AppData\Local\Temp\SIntf16.dll
C:\Users\Daniel\AppData\Local\Temp\SIntf32.dll
C:\Users\Daniel\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Daniel\AppData\Local\Temp\Uninstaller.exe
C:\Users\Daniel\AppData\Local\Temp\WtgDriverInstallX.dll
C:\Users\Daniel\AppData\Local\Temp\WTGXMLUtil.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-10 14:39

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Daniel at 2014-03-21 12:46:56
Running from C:\Users\Daniel\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19120 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19120 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ALDI TALK Verbindungsassistent (HKLM-x32\...\ALDITALKVerbindungsassistent) (Version: ALDI TALK 4.0 - ALDI TALK Verbindungsassistent)
Apple Application Support (HKLM-x32\...\{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}) (Version: 1.3.2 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.71 - ArcSoft)
Avira (HKLM-x32\...\{54e41ca6-dd37-46c6-ac9e-32183e09bfcd}) (Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.0.5186.22941 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
ChemAxon Marvin Beans (64bit) 5.9.2 (HKLM\...\ChemAxon Marvin Beans (64bit) 5.9.2) (Version:  - ChemAxon)
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.3522 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.3522 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
DIE SIEDLER - Das Erbe der Könige (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
Die Siedler 2 - Die nächste Generation (HKLM-x32\...\{ED56EF4F-35FF-48D4-B616-A66E791EF1B6}) (Version: 1.00.0000 - UBISOFT)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.2.901 - Foxit Corporation)
Image Tuner 3.2 (HKLM-x32\...\Image Tuner_is1) (Version:  - Glorylogic)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2455 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{0DD706AF-B542-438C-999E-B30C7F625C8D}) (Version: 2.1.39.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 27 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416027FF}) (Version: 6.0.270 - Oracle)
JChem .NET API 5.9.2.611 (HKLM\...\{E318E4B5-BF2E-4672-9F77-4A510FD395EA}) (Version: 5.9.2.0 - ChemAxon)
JonDo (HKLM-x32\...\JonDoUninstall) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mercury (HKLM-x32\...\Mercury 3.1) (Version: 3.1 - CCDC)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.0.1 - Nikon)
NVIDIA 3D Vision Treiber 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 268.30 - NVIDIA Corporation)
NVIDIA Grafiktreiber 268.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 268.30 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.41.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.0.21 (Version: 1.0.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6830 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 268.30 (Version: 268.30 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 1.0.21 - NVIDIA Corporation) Hidden
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PDF24 Creator 5.4.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
Python 2.7.5 (HKLM-x32\...\{DBDD570E-0952-475f-9453-AB88F3DD5659}) (Version: 2.7.5150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{E7004147-2CCA-431C-AA05-2AB166B9785D}) (Version: 7.68.75.0 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Überwachungstool für die Intel® Turbo-Boost-Technik 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878234) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{EC1934B0-AE0F-4BBD-8955-54BB3247ED9E}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
ViewNX 2 (HKLM-x32\...\{DDD62492-32A7-412B-8AF1-2CF032AD42E3}) (Version: 2.1.0 - Nikon)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-03-2014 10:06:06 Removed Microsoft Silverlight
14-03-2014 11:50:42 Windows Update
14-03-2014 20:47:29 Installed Java 7 Update 51
18-03-2014 11:35:22 Windows Update
18-03-2014 11:56:34 Windows Update
19-03-2014 15:45:38 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {352AADBE-4563-4E19-80DE-20FA85265177} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\SlySoft\CloneCD\ExecuteWithUAC.exe
Task: {9761518F-2067-4BAC-9062-7FE53F42F3CF} - \Funmoods No Task File
Task: {EFE8356C-F0B4-4E67-89EC-7C695888A395} - \Desk 365 RunAsStdUser No Task File

==================== Loaded Modules (whitelisted) =============

2011-07-28 02:07 - 2011-07-28 02:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-10-06 11:27 - 2011-09-13 09:16 - 00342984 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe
2011-10-22 23:09 - 2011-07-20 14:04 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-22 21:57 - 2010-12-17 16:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2011-07-28 02:07 - 2011-07-28 02:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-10-06 11:27 - 2011-09-13 09:16 - 00510920 _____ () C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe
2010-11-29 21:04 - 2010-11-29 21:04 - 00403968 _____ () C:\Program Files\Intel\TurboBoost\de\SignalIslandUi.resources.dll
2013-02-12 15:27 - 2011-11-07 09:52 - 00220944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
2013-02-12 15:27 - 2011-11-07 09:52 - 00036624 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-03-14 21:50 - 2014-02-25 11:41 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00111696 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-03-14 12:46 - 2014-03-14 12:46 - 00061520 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00857896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2011-12-16 18:01 - 2012-02-26 19:21 - 14415144 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00914216 _____ () C:\Program Files (x86)\Steam\bin\avcodec-52.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00091432 _____ () C:\Program Files (x86)\Steam\bin\avutil-50.dll
2011-12-16 18:01 - 2012-02-26 19:21 - 00155432 _____ () C:\Program Files (x86)\Steam\bin\avformat-52.dll
2013-02-12 15:27 - 2011-05-06 04:03 - 00594944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
2013-02-12 15:27 - 2011-11-07 09:39 - 00099328 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
2013-02-12 15:27 - 2011-11-07 09:38 - 00027136 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
2013-02-12 15:27 - 2010-10-14 10:37 - 00971776 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
2013-02-12 15:27 - 2010-10-14 10:37 - 00080688 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
2013-02-12 15:27 - 2011-11-07 09:38 - 00055296 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
2013-02-12 15:27 - 2011-11-07 09:39 - 00043008 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
2013-02-12 15:27 - 2011-11-07 09:38 - 00035840 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
2013-02-12 15:27 - 2011-11-07 09:43 - 00020992 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Daniel\AppData\Roaming\Dropbox\bin\libcef.dll
2013-02-12 15:27 - 2007-09-09 16:07 - 00151552 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
2013-02-12 15:27 - 2011-05-06 04:02 - 00341504 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-03-13 11:30 - 2014-03-14 12:46 - 00049744 _____ () C:\Users\Daniel\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-13 11:35 - 2014-02-13 01:36 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-04-21 18:32 - 2011-04-21 18:32 - 00235112 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:A8336F7B8D19861C

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (03/21/2014 00:16:36 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 47%
Total physical RAM: 6038.17 MB
Available physical RAM: 3141.41 MB
Total Pagefile: 12074.52 MB
Available Pagefile: 8629.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:679 GB) (Free:566.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=679 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 21.03.2014, 15:21   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2014, 15:57   #13
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Hier ist das Fixlog:
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Daniel at 2014-03-21 15:56:16 Run:1
Running from C:\Users\Daniel\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
*****************

C:\ProgramData\PKP_DLes.DAT => Moved successfully.
C:\ProgramData\PKP_DLet.DAT => Moved successfully.
C:\ProgramData\PKP_DLev.DAT => Moved successfully.

==== End of Fixlog ====
         

Alt 21.03.2014, 16:44   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2014, 19:39   #15
karlheinz123
 
Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Standard

Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.



Guten Abend, sowohl Malewarebytes als auch ESET haben nix gefunden. Hier die Logfiles:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.03.21.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Daniel :: DANIEL-PC [Administrator]

21.03.2014 18:10:52
mbam-log-2014-03-21 (18-10-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 252218
Laufzeit: 4 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=cc661326bb5b1f4b80f684eda0233005
# engine=17549
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-21 06:32:01
# local_time=2014-03-21 07:32:01 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 10604 2105457 3380 0
# compatibility_mode=5893 16776573 100 94 24392 147056571 0 0
# scanned=166950
# found=0
# cleaned=0
# scan_time=4083
         
Vielen Dank schonmal!
Gruß Daniel

Antwort

Themen zu Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.
antivir, antivirus, autorun, avira, browser, checkliste, computer, desktop, firefox, ftp, home, homepage, iexplore.exe, logfile, mozilla, newtab, port, problem, proxy, realtek, registry, scan, services.exe, software, spyware, svchost.exe, system, taskhost.exe, wscript.exe



Ähnliche Themen: Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä.


  1. HTC One S, auf dem der Bundestrojaner ist, mit PC verbinden?
    Smartphone, Tablet & Handy Security - 18.08.2015 (5)
  2. Macbook ist sehr langsam geworden durch Virus oder Trojaner?
    Alles rund um Mac OSX & Linux - 12.07.2015 (13)
  3. Trojaner oder anderer Virus wahrscheinlich durch download
    Plagegeister aller Art und deren Bekämpfung - 02.01.2015 (17)
  4. Wahrscheinlich Trojaner oder Virus durch JAVA Update
    Plagegeister aller Art und deren Bekämpfung - 17.04.2014 (15)
  5. Browser ist gesperrt durch Virus oder Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.03.2014 (11)
  6. Vista: Webseiten öffnen automatsich: rvzr-a.akamaihd, onlinewebfind oder fastdailyfind
    Log-Analyse und Auswertung - 19.03.2014 (16)
  7. Windows 8 Unerwünschtes aufpoppen durch rvzr-a.akamaihd.net
    Log-Analyse und Auswertung - 07.01.2014 (10)
  8. Rechner durch Download eines Wurms infiziert oder nicht?
    Plagegeister aller Art und deren Bekämpfung - 03.11.2011 (37)
  9. Pc mit Fernseher verbinden
    Netzwerk und Hardware - 29.12.2010 (1)
  10. Belästigung seit fast 5 Jahren durch Keylogger oder Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.12.2010 (14)
  11. Virus oder Trojaner durch Internet Explorer was tun?
    Plagegeister aller Art und deren Bekämpfung - 24.12.2008 (0)
  12. TR/Crypt.XPACK.Gen durch AntiVir gelöscht oder nicht?
    Log-Analyse und Auswertung - 23.03.2008 (0)
  13. Befall durch Fujack und Backdoor oder Falschmeldung?
    Log-Analyse und Auswertung - 23.08.2007 (6)
  14. Mischpult mit pc verbinden!!
    Netzwerk und Hardware - 04.06.2007 (1)
  15. Befall durch Rootkit oder Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 20.11.2006 (17)
  16. 2 PCs miteinander verbinden?
    Alles rund um Windows - 24.02.2006 (1)
  17. PCs m Firewire verbinden???
    Netzwerk und Hardware - 01.11.2003 (4)

Zum Thema Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. - Guten Abend, Vor etwa 2 Wochen ist mir erstmals aufgefallen, dass mein Computer beim Öffnen von Websites langsamer als gewöhnlich ist. Außerdem erscheinen in dem Feld unten links, wo immer - Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä....
Archiv
Du betrachtest: Verminderung der Rechnergeschw. durch Verbinden mit akamaihd.de oder amazonaws o.ä. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.