Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internet Explorer und Firefox rdir.de

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.06.2014, 12:08   #1
alexam
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Immer wieder können webseiten über einen link in einem email nicht geöffnet werden oder der Seitenaufbau dauert lange.
z.B. focus-online öffnet per link aus dem newsletter.
Dann ist nur ganz kurz in der Adresszeile eine Änderung zu sehen:
"hxxp://rdir.de/r.html?uid=A.B.qHg.J-7-.BHhGg.39Wv2urrXtpH3G8bg_hABw"
um dann danach focus-online. de anzuzeigen oder die Seite kann nicht angezeigt werden.

Alle Browser sind betroffen: Internet Explorer11, Firefox30.0
Bereits durchgeführt: Reinigung mit ADWCleaner, Malwarebytes Quarantäne.
Das linkverhalten aus emailnewsletter hat sich dennoch nicht geändert.
Angehängte Dateien
Dateityp: txt Extras2.Txt (44,2 KB, 171x aufgerufen)
Dateityp: txt OTL2.Txt (79,8 KB, 158x aufgerufen)

Alt 23.06.2014, 12:12   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!






Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 23.06.2014, 12:26   #3
alexam
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software

Scan Date: 23.06.2014
Scan Time: 11:01:36
Logfile: malwarebyte2 txt.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.23.03
Rootkit Database: v2014.06.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rita Admin 2014
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 299809
Time Elapsed: 7 min, 51 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 2
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2529800815-4198277294-2760420422-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [d609413af48749ed6c1413b7b949e719],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2529800815-4198277294-2760420422-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [459ab4c71b60d75f4e41dd03758ea25e],
Registry Values: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-2529800815-4198277294-2760420422-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, Quarantined, [459ab4c71b60d75f4e41dd03758ea25e]
Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.AdPeak.A, C:\TEMP, Quarantined, [23bccbb0d0abd561756ee5c57b870df3],

Files: 6
PUP.Optional.SavingsBull.A, C:\TEMP\InstallFilter32.msi, Quarantined, [5f80f982a8d38caa8fc4d08322e2ca36],
PUP.Optional.OptimumInstaller.A, C:\Users\Rosa\Downloads\Setup.exe, Quarantined, [5b8465166516b97d995a3f12b9482fd1],
PUP.Optional.AdPeak.A, C:\TEMP\lsp2.log, Quarantined, [23bccbb0d0abd561756ee5c57b870df3],
PUP.Optional.AdPeak.A, C:\TEMP\Thumbs.db, Quarantined, [23bccbb0d0abd561756ee5c57b870df3],
PUP.Optional.Superfish.A, C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Quarantined, [1dc2522907742c0a90285b56659dc739],
PUP.Optional.Superfish.A, C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [c21df487ec8ffc3a298fae033bc7f60a],

Physical Sectors: 0
(No malicious items detected)


(end)

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.06.2014 11:55:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\x1\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,83% Memory free
8,00 Gb Paging File | 5,68 Gb Available in Paging File | 71,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214,84 Gb Total Space | 139,78 Gb Free Space | 65,06% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 215,57 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
Drive E: | 83,24 Gb Total Space | 56,44 Gb Free Space | 67,80% Space Free | Partition Type: NTFS
Drive F: | 53,94 Gb Total Space | 51,30 Gb Free Space | 95,12% Space Free | Partition Type: NTFS
 
Computer Name: x1-PC | User Name: x2 Admin 2014 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05DFACBB-F479-465A-B7CF-2DDDB2C55B73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11CD574A-6362-45C0-892B-828D8C001F52}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1F22C4B8-343D-4ABB-B2AD-FC8E9B79203A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{4B0A5305-4523-4A3F-8DA0-AD434757311A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4C2253B1-8D93-42BB-9414-CF608826CC0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4D927256-0011-446D-99EF-C2D257E32316}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5785D9AD-2853-43EF-AABB-A29E93F307F6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5AC7727A-7290-4513-8414-AB7764340D48}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5AE0B8E8-2EA3-441A-BBF7-C3C87035AFA7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6A82F0B4-D235-4B52-929B-C745643FE5CC}" = lport=137 | protocol=17 | dir=in | app=system | 
"{790BD9AF-C0ED-47EC-9933-98E16A5A559C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{79B37E3B-6FEC-4AF3-B94E-B461E59D319E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{87BC58A9-A690-45FA-9A25-7963CB5E044B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9317CFF9-8EF6-4D72-BAB5-A85C319057EA}" = rport=139 | protocol=6 | dir=out | app=system | 
"{93A962DE-DABD-4EA2-903D-F7E604D5C865}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{96DA746A-7AD9-4A72-AC43-085ECCA950E3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{981DEFFA-C602-4BDD-9A7E-AB567E15EB81}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2F776F3-F088-4CCF-A5A6-1EFFA037F6BD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A63BDF4A-33DF-47DD-B2F8-5082C9564129}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A8294D18-542C-4C02-A77A-04E7163B5E49}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A879EA0D-0000-4F53-BBE7-9A7B84A5E7B2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B9DBD288-C63E-4855-BC15-B853380169BE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D2D73F2A-CC51-4C6E-B6F6-985AF7234659}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEC54827-A41C-4F9D-98F1-C019F642EB41}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F3D3190F-DE81-4B4F-AFE4-D417862C25D0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F8BB30EA-24FC-44C1-914E-50241D907EA2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{235BD8C1-C883-46D9-BD9C-411871FFB73F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{241DCF40-B30C-42A0-A922-D60ED0CD2DAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2E2BBEA1-24C9-4BE5-8A04-B2D598D80561}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{343B892B-8025-46BB-9274-5DC2B8C0D27F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{37B0300C-DD67-412A-80A6-AED1467DCBFF}" = protocol=6 | dir=out | app=system | 
"{43D5A0EA-DE67-4462-8648-6161EFAFC731}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{488DE008-DEA3-41CD-89C8-02A1C1E47AE4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4CF32F79-F1D2-4A7B-B5C9-2CA9D6FAAA01}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4FB2D3BE-2BC1-4211-B308-7C567FA89FEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6A98633D-DE27-4779-A34B-7D75A31C3B32}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F503208-8DB9-4C21-9E41-56814551E775}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{714D80DC-F3D2-4C94-84CE-F4F61536EBD1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{902D1693-9C05-47C6-8E29-64254A63AE59}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A776E28D-731B-4C69-A4BB-94514227A399}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A8F9D0ED-C78E-4DA7-BF81-281B44116663}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AEDA319F-D9D7-43E0-BC3A-08D394CF100A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D8671AA9-0CB8-4A66-B698-1AA887B2C8FE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E13CDEF9-AE57-4472-BA3C-27A8B1636E8B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E56DCC77-413D-4AF6-BE8C-C85758098A7F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F94A1F4B-A72B-49A6-B81B-546B914DCC57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2368907C-E8F6-4750-A023-254C3E2B5E8D}" = Classic Shell
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617CA6E9-D5FB-4017-8130-82E68C56C34D}" = Image Resizer for Windows (64 bit)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{CB3CA48C-95CB-412B-B7AE-6F2EA8F89907}" = Windows Live Family Safety
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"ProfessionalRetail - de-de" = Microsoft Office Professional 2013 - de-de
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}" = OpenOffice 4.0.1
"{0AFB35F6-7D55-45DE-AFD7-7819CD332EC2}" = Windows Live Family Safety
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{41BF4A3B-D60A-4E92-883F-C88C8C157261}" = Fotogalerie
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite MFC-7320
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66233218-CA57-4AB2-BA43-A97AA4635960}" = Windows Live Essentials
"{69d72156-6582-4556-8637-06f40aa7f85b}" = Image Resizer for Windows
"{70C91B91-61E8-4D06-86D6-A9DCC291983A}" = Movie Maker
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{87DABDEA-47A4-4182-AA7C-2C90DAAE3117}" = Photo Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0407-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{955E4722-1480-4198-A144-65FA5F4446DA}" = Windows Live Writer
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A951D5DA-4759-4C3B-9C36-C6BF30082A2F}" = Windows Live Writer Resources
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.07) - Deutsch
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F7232FE1-BC35-4229-8D76-D49941FE9929}" = Windows Live Mail
"{FC071B45-4A5F-408F-92F8-4D9D693E866F}" = Windows Live UX Platform Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"IrfanView" = IrfanView (remove only)
"MailStore Home_universal1" = MailStore Home 8.2.0.9316
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 30.0 (x86 de)" = Mozilla Firefox 30.0 (x86 de)
"Mozilla Thunderbird 24.5.0 (x86 de)" = Mozilla Thunderbird 24.5.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Picasa 3" = Picasa 3
"ScreenshotCaptor_is1" = Screenshot Captor 4.8
"SpeedFan" = SpeedFan (remove only)
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.06.2014 07:49:12 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:12.418]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:13 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:13.962]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:15 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:15.507]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:17 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:17.051]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:18 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:18.595]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:20 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:20.140]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:21 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:21.684]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:23 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:23.229]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:24 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:24.773]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
Error - 19.06.2014 07:49:26 | Computer Name = Rosa-PC | Source = Brother BrLog | ID = 1001
Description = WDLMW BrtWDLMW: [2014/06/19 13:49:26.317]: [00003764]: lperrcode->api
 = 1 , lperrcode->code = 2   
 
[ System Events ]
Error - 19.06.2014 02:32:06 | Computer Name = Rosa-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 19.06.2014 02:32:06 | Computer Name = Rosa-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 22.06.2014 03:10:11 | Computer Name = Rosa-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 22.06.2014 03:10:11 | Computer Name = Rosa-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 22.06.2014 19:00:41 | Computer Name = Rosa-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 22.06.2014 19:00:41 | Computer Name = Rosa-PC | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 22.06.2014 20:19:10 | Computer Name = Rosa-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Spybot-S&D 2 Scanner Service erreicht.
 
Error - 22.06.2014 20:19:10 | Computer Name = Rosa-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 22.06.2014 20:24:24 | Computer Name = Rosa-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 22.06.2014 20:24:24 | Computer Name = Rosa-PC | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.06.2014 11:55:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\x1\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,83% Memory free
8,00 Gb Paging File | 5,68 Gb Available in Paging File | 71,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 214,84 Gb Total Space | 139,78 Gb Free Space | 65,06% Space Free | Partition Type: NTFS
Drive D: | 244,14 Gb Total Space | 215,57 Gb Free Space | 88,29% Space Free | Partition Type: NTFS
Drive E: | 83,24 Gb Total Space | 56,44 Gb Free Space | 67,80% Space Free | Partition Type: NTFS
Drive F: | 53,94 Gb Total Space | 51,30 Gb Free Space | 95,12% Space Free | Partition Type: NTFS
 
Computer Name: x1-PC | User Name: x2 Admin 2014 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Rosa\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe (DonationCoder)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswsnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtAyDyBzztDyDzytDtAtBtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0FtAtB0AyB0FyDtG0E0CzzyCtGtAzztBtDtGtAzyzytCtGyCzztDyBtAtB0A0AyD0FyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDyE0CzztD0CtCtGtA0B0E0DtGyD0C0A0FtG0E0EyE0DtGyB0BtCyDtD0FtByBtDtD0F0C2Q&cr=2045314773&ir=
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google [binary data]
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://boerse.dab-bank.de/maerkte-kurse/index.html
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 B0 60 62 6C 4C CF 01  [binary data]
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE581
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\..\SearchScopes\{7CB89FA5-F787-4718-860D-2B4ED14875D8}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\..\SearchScopes\{EECE1CD9-56D8-4B85-B5B4-A3DF347838A6}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1003\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2529800815-4198277294-2760420422-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014.06.23 02:31:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 30.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014.05.31 20:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita Admin 2014\AppData\Roaming\mozilla\Extensions
[2014.06.12 11:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.06.12 11:45:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (ClassicIEBHO Class) - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3:64bit: - HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe (IvoSoft)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B23F7EBC-2F07-4E6A-8CA8-7B22AA7E75BF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.01.29 15:25:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.06.23 10:19:29 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.06.23 10:19:03 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.06.23 10:19:03 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.06.23 10:19:03 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.06.23 10:19:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.06.23 10:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.06.23 02:02:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2014.06.23 02:01:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.06.21 08:12:47 | 000,000,000 | -HSD | C] -- C:\Users\Rita Admin 2014\AppData\Local\EmieUserList
[2014.06.21 08:12:47 | 000,000,000 | -HSD | C] -- C:\Users\Rita Admin 2014\AppData\Local\EmieSiteList
[2014.06.12 11:45:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.06.12 08:39:24 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.06.12 08:39:24 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.06.12 08:39:23 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.06.12 08:39:23 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.06.12 08:39:23 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.06.12 08:39:23 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.06.12 08:39:22 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.06.12 08:39:22 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.06.12 08:39:21 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.06.12 08:39:21 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.06.12 08:39:21 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.06.12 08:39:21 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.06.12 08:39:21 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.06.12 08:39:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.06.12 08:39:20 | 000,608,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.06.12 08:39:20 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.06.12 08:39:19 | 002,040,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.06.12 08:39:19 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.06.12 08:39:19 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.06.12 08:39:19 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.06.12 08:39:18 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.06.12 08:39:18 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.06.12 08:39:18 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.06.12 08:39:18 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.06.12 08:39:17 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.06.12 08:39:17 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.06.12 08:39:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.06.12 08:39:16 | 005,782,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.06.12 08:39:16 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.06.12 08:39:16 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.06.12 08:39:16 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.06.12 08:39:15 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.06.12 08:39:15 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.06.12 08:39:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2014.06.12 08:39:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2014.06.12 08:39:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2014.06.12 08:39:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014.06.12 08:39:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014.06.12 08:39:02 | 003,178,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2014.06.12 08:38:50 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2014.06.12 08:38:49 | 000,288,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2014.05.31 20:37:29 | 000,000,000 | ---D | C] -- C:\Users\Rita Admin 2014\AppData\Roaming\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2014.06.23 11:47:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.23 11:39:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.06.23 11:19:33 | 000,022,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.06.23 11:19:33 | 000,022,368 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.06.23 11:12:49 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.23 11:12:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.06.23 11:11:54 | 3220,480,000 | -HS- | M] () -- C:\hiberfil.sys
[2014.06.23 11:01:29 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.06.23 11:01:11 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.23 02:33:42 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014.06.10 22:43:45 | 000,002,181 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.06.08 19:14:26 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2014.06.01 09:45:39 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014.05.31 20:39:24 | 000,032,646 | ---- | M] () -- C:\Users\Rita Admin 2014\Documents\cc_20140531_203921.reg
[2014.05.31 19:52:30 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.05.30 12:02:09 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.05.30 11:39:43 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.05.30 11:39:23 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.05.30 11:38:29 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.05.30 11:27:57 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.05.30 11:24:28 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.05.30 11:21:23 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.05.30 11:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.05.30 11:20:36 | 000,752,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.05.30 11:11:24 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.05.30 11:08:22 | 005,782,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.05.30 11:06:42 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.05.30 10:55:36 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.05.30 10:49:21 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.05.30 10:46:48 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.05.30 10:44:23 | 000,295,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.05.30 10:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.05.30 10:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.05.30 10:35:44 | 000,608,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.05.30 10:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.05.30 10:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.05.30 10:29:31 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.05.30 10:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.05.30 10:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.05.30 10:24:19 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.05.30 10:23:22 | 002,040,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.05.30 10:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.05.30 10:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.05.30 10:04:20 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.05.30 09:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.05.30 09:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.05.30 09:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.05.30 09:13:09 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
 
========== Files Created - No Company Name ==========
 
[2014.06.23 11:01:11 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.06.01 09:45:39 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2014.05.31 20:39:22 | 000,032,646 | ---- | C] () -- C:\Users\Rita Admin 2014\Documents\cc_20140531_203921.reg
[2014.05.31 19:52:30 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014.05.31 19:52:30 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.04.27 18:04:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2014.04.27 18:04:33 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2014.04.27 17:57:41 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7320.DAT
[2014.03.31 14:05:18 | 000,000,757 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2014.03.31 14:05:18 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2014.03.31 14:04:51 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2014.03.31 14:03:38 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2014.03.31 14:03:33 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2014.03.31 14:03:30 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2014.03.31 11:41:43 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.03.25 04:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.03.25 04:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014.04.21 17:25:26 | 000,000,000 | ---D | M] -- C:\Users\Rita Admin 2014\AppData\Roaming\AVAST Software
[2014.06.23 07:20:44 | 000,000,000 | ---D | M] -- C:\Users\Rita Admin 2014\AppData\Roaming\ClassicShell
[2014.04.21 18:06:23 | 000,000,000 | ---D | M] -- C:\Users\Rita Admin 2014\AppData\Roaming\OpenOffice
[2014.04.27 17:03:27 | 000,000,000 | ---D | M] -- C:\Users\Rita Admin 2014\AppData\Roaming\PC-FAX TX
[2014.03.31 13:50:00 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\AVAST Software
[2014.06.23 11:20:50 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\ClassicShell
[2014.04.21 16:40:28 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\DonationCoder
[2014.06.23 02:28:26 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\IrfanView
[2014.03.31 01:42:19 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\LibreOffice
[2014.04.21 10:43:32 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\OpenOffice
[2014.03.31 16:29:49 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\TeamViewer
[2014.03.31 11:57:27 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\Thunderbird
[2014.04.21 10:48:25 | 000,000,000 | ---D | M] -- C:\Users\Rosa\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
__________________

Alt 23.06.2014, 12:30   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Zitat:
64bit- Professional Service Pack 1
"ProfessionalRetail - de-de" = Microsoft Office Professional 2013 - de-de
Ist das ein gewerblich genutztes System?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.06.2014, 12:40   #5
alexam
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Nein, Windows Pro und Office 2013 werden PRIVAT eingesetzt. Die Software mit Seriennummer wurde legal erworben. Eine Rechnungskopie kann Ihnen übersandt werden.


Alt 23.06.2014, 13:27   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Internet Explorer und Firefox rdir.de

Alt 23.06.2014, 14:13   #7
alexam
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.213 - Bericht erstellt am 23/06/2014 um 13:36:56
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Rita Admin 2014 - ROSA-PC
# Gestartet von : C:\Users\Rosa\Downloads\adwcleaner_3.213.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17126


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Rita Admin 2014\AppData\Roaming\Mozilla\Firefox\Profiles\sv675wbo.default\prefs.js ]


[ Datei : C:\Users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\135zbtwo.default-1403511998757\prefs.js ]


[ Datei : C:\Users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\cw4o7cwl.Rosa\prefs.js ]


*************************

AdwCleaner[R0].txt - [2914 octets] - [03/05/2014 21:56:12]
AdwCleaner[R1].txt - [1975 octets] - [23/06/2014 02:52:57]
AdwCleaner[R2].txt - [1276 octets] - [23/06/2014 11:24:19]
AdwCleaner[R3].txt - [1078 octets] - [23/06/2014 13:36:56]
AdwCleaner[S0].txt - [2975 octets] - [03/05/2014 22:00:02]
AdwCleaner[S1].txt - [1980 octets] - [23/06/2014 02:55:33]

########## EOF - \AdwCleaner\AdwCleaner[R3].txt - [1258 octets] ##########
         
--- --- ---JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Rita Admin 2014 on 23.06.2014 at 13:43:15,31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.06.2014 at 13:50:05,60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---


FRST 64-bit - download funktioniert weder im Internet Explorer noch im firefox. Wird geblockt obwohl "freigeschaltet".
Ich habe jetzt kein Vertrauen mehr in all diese tools.
Bisher hat keine einizige Reinigung einen Vorteil gebracht.
rdir.de wird immer noch angezeigt.
Ich wundere mich, dass hierzu rdir.de keine einzige Erklärung aus dem Forum kommt.
Woher das kommt und wem es nützt.

Danke für eure Unterstützung.

Running from C:\Users\Rosa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ3O179S
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-01-18] (IvoSoft)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-07] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-05-12] (Malwarebytes Corporation)
HKU\S-1-5-21-2529800815-4198277294-2760420422-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-03-31] (Google Inc.)
Startup: C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://boerse.dab-bank.de/maerkte-kurse/index.html
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x86B060626C4CCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = Google
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_14_ie&cd=2XzuyEtN2Y1L1QzutDtDtBtAyDyEtAyDyBzztDyDzytDtAtBtN0D0Tzu0SzztBtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEt DtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StB0FtAtB0AyB0FyDtG0E0CzzyCtGtAzztBtDtGtAzyzytCtGyCzztDyBtAtB0A0AyD0FyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtDyE0CzztD0CtCtGt A0B0E0DtGyD0C0A0FtG0E0EyE0DtGyB0BtCyDtD0FtByBtDtD0F0C2Q&cr=2045314773&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {7CB89FA5-F787-4718-860D-2B4ED14875D8} URL = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
SearchScopes: HKCU - {EECE1CD9-56D8-4B85-B5B4-A3DF347838A6} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\135zbtwo.default-1403511998757
FF Homepage: https://boerse.dab-bank.de/maerkte-kurse/index.html |hxxp://www.wetteronline.de/wetter/stuttgart
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: IE Tab + - C:\Users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\135zbtwo.default-1403511998757\Extensions\coralietab@mozdev.org [2014-06-23]
FF Extension: ColorfulTabs - C:\Users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\135zbtwo.default-1403511998757\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-06-23]
FF Extension: Adblock Plus - C:\Users\Rosa\AppData\Roaming\Mozilla\Firefox\Profiles\135zbtwo.default-1403511998757\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-03-31]

Chrome:
=======
CHR StartupUrls: "https://boerse.dab-bank.de/maerkte-kurse/index.html", "hxxp://www.handelsblatt.com/", "hxxp://www.wetteronline.de/wetter/stuttgart"
CHR Extension: (Google Docs) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-31]
CHR Extension: (Google Drive) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-31]
CHR Extension: (YouTube) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-31]
CHR Extension: (Print Extension) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpkeigdcgenbnkhgepkihlgfabkhdong [2014-05-03]
CHR Extension: (X-notifier (for Gmail™,Hotmail,Yahoo,AOL...)) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdfjbkbddpfnoplfhceolpopfoepleco [2014-05-03]
CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-05-03]
CHR Extension: (Google-Suche) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-31]
CHR Extension: (Einfach Drucken) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hlcpjandbihelclgoinjineogmpifpdl [2014-05-03]
CHR Extension: (Drucken) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd [2014-05-03]
CHR Extension: (Google Maps) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2014-05-03]
CHR Extension: (Google Wallet) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR Extension: (Google Mail) - C:\Users\Rosa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-25]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-25] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-25] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-25] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-25] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-25] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-23 14:08 - 2014-06-23 14:08 - 00000000 ____D () C:\FRST
2014-06-23 13:43 - 2014-06-23 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 13:41 - 2014-06-23 13:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\Rosa\Downloads\Junkware Removal Tool - CHIP-Installer.exe
2014-06-23 11:38 - 2014-06-23 11:38 - 00602112 _____ (OldTimer Tools) C:\Users\Rosa\Downloads\OTL.exe
2014-06-23 11:01 - 2014-06-23 11:01 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 10:26 - 2014-06-23 10:26 - 00000000 ____D () C:\Users\Rosa\Desktop\Alte Firefox-Daten
2014-06-23 10:19 - 2014-06-23 11:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 10:19 - 2014-06-23 11:01 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-23 10:19 - 2014-06-23 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 10:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-23 10:19 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-23 10:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-23 10:17 - 2014-06-23 10:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rosa\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-23 10:17 - 2014-06-23 10:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rosa\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-23 02:52 - 2014-06-23 02:52 - 01342659 _____ () C:\Users\Rosa\Downloads\adwcleaner_3.213.exe
2014-06-23 02:02 - 2014-06-23 02:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-23 02:01 - 2014-06-23 02:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-21 07:55 - 2014-06-23 11:11 - 00007286 _____ () C:\Windows\PFRO.log
2014-06-12 11:45 - 2014-06-23 02:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-12 08:39 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 08:39 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 08:39 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 08:39 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 08:39 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 08:39 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 08:39 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 08:39 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 08:39 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 08:39 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 08:39 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 08:39 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 08:39 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 08:39 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 08:39 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 08:39 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 08:39 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 08:39 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 08:39 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 08:39 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 08:39 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 08:39 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 08:39 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 08:39 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 08:39 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 08:39 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 08:39 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 08:39 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 08:39 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 08:39 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 08:39 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 08:39 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 08:39 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 08:39 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 08:39 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 08:39 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 08:39 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 08:39 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 08:39 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 08:39 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 08:39 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 08:39 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 08:39 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 08:39 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 08:39 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 08:39 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 08:39 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 08:39 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 08:39 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 08:39 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 08:39 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 08:39 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-12 08:39 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 08:39 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-12 08:39 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 08:39 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 08:39 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 08:39 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 08:39 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 08:39 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 08:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 08:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 08:38 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 08:38 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 08:38 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 08:38 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-01 09:45 - 2014-06-01 09:45 - 00002096 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-05-31 20:40 - 2014-06-23 13:55 - 00002464 _____ () C:\Windows\setupact.log
2014-05-31 20:40 - 2014-05-31 20:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-31 20:37 - 2014-05-31 20:37 - 00000000 ____D () C:\Users\Rita Admin 2014\AppData\Roaming\Mozilla
2014-05-31 20:08 - 2014-05-31 20:08 - 00001717 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Windows Media Player.lnk
2014-05-31 20:08 - 2014-05-31 20:08 - 00001664 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Sidebar.lnk
2014-05-31 20:08 - 2014-05-31 20:08 - 00001428 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Memory Diagnostics Tool.lnk
2014-05-31 20:08 - 2014-05-31 20:08 - 00001394 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Paint.lnk
2014-05-31 20:06 - 2014-05-31 20:06 - 00001442 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk
2014-05-31 20:06 - 2014-05-31 20:06 - 00001198 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Mozilla Firefox.lnk
2014-05-31 19:52 - 2014-05-31 19:52 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-31 19:52 - 2014-05-31 19:52 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== One Month Modified Files and Folders =======

2014-06-23 14:08 - 2014-06-23 14:08 - 00000000 ____D () C:\FRST
2014-06-23 14:03 - 2009-07-14 06:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-23 14:03 - 2009-07-14 06:45 - 00022368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-23 13:59 - 2014-03-31 00:47 - 01642927 _____ () C:\Windows\WindowsUpdate.log
2014-06-23 13:57 - 2014-04-21 22:02 - 00000000 ____D () C:\Users\Rosa\Documents\Outlook-Dateien
2014-06-23 13:56 - 2014-03-31 01:21 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 13:55 - 2014-05-31 20:40 - 00002464 _____ () C:\Windows\setupact.log
2014-06-23 13:55 - 2014-03-31 11:38 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-23 13:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-23 13:54 - 2014-03-31 11:41 - 01645874 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-06-23 13:54 - 2011-02-21 20:57 - 00702326 _____ () C:\Windows\system32\perfh007.dat
2014-06-23 13:54 - 2011-02-21 20:57 - 00149910 _____ () C:\Windows\system32\perfc007.dat
2014-06-23 13:47 - 2014-03-31 01:22 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 13:43 - 2014-06-23 13:43 - 00000000 ____D () C:\Windows\ERUNT
2014-06-23 13:41 - 2014-06-23 13:41 - 00961360 _____ (Chip Digital GmbH) C:\Users\Rosa\Downloads\Junkware Removal Tool - CHIP-Installer.exe
2014-06-23 13:39 - 2014-04-01 21:24 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-23 13:37 - 2014-05-03 21:56 - 00000000 ____D () C:\AdwCleaner
2014-06-23 12:08 - 2014-03-31 15:30 - 00000000 ____D () C:\Users\Rosa\AppData\Roaming\ClassicShell
2014-06-23 11:38 - 2014-06-23 11:38 - 00602112 _____ (OldTimer Tools) C:\Users\Rosa\Downloads\OTL.exe
2014-06-23 11:34 - 2014-04-04 23:09 - 00000000 ____D () C:\Users\Rosa\Documents\CLeaner Sicherungen
2014-06-23 11:11 - 2014-06-21 07:55 - 00007286 _____ () C:\Windows\PFRO.log
2014-06-23 11:01 - 2014-06-23 11:01 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 11:01 - 2014-06-23 10:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 11:01 - 2014-06-23 10:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-23 10:26 - 2014-06-23 10:26 - 00000000 ____D () C:\Users\Rosa\Desktop\Alte Firefox-Daten
2014-06-23 10:19 - 2014-06-23 10:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 10:18 - 2014-06-23 10:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rosa\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-23 10:18 - 2014-06-23 10:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rosa\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-23 07:20 - 2014-04-21 17:29 - 00000000 ____D () C:\Users\Rita Admin 2014\AppData\Roaming\ClassicShell
2014-06-23 03:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 02:52 - 2014-06-23 02:52 - 01342659 _____ () C:\Users\Rosa\Downloads\adwcleaner_3.213.exe
2014-06-23 02:33 - 2014-03-31 13:48 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-23 02:28 - 2014-06-23 02:02 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-23 02:28 - 2014-06-23 02:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-23 02:28 - 2014-06-12 11:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-23 02:28 - 2014-04-21 16:57 - 00000000 ____D () C:\Program Files (x86)\ScreenshotCaptor
2014-06-23 02:28 - 2014-04-21 16:40 - 00000000 ____D () C:\Users\Rita Admin 2014
2014-06-23 02:28 - 2014-04-01 21:24 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-06-23 02:28 - 2014-04-01 21:24 - 00000000 ____D () C:\Windows\system32\Macromed
2014-06-23 02:28 - 2014-03-31 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-06-23 02:28 - 2014-03-31 03:04 - 00000000 ____D () C:\Users\Rosa\AppData\Roaming\IrfanView
2014-06-23 02:28 - 2014-03-31 01:00 - 00000000 ____D () C:\Users\Rosa
2014-06-23 02:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-23 02:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-20 07:20 - 2014-04-21 21:42 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-12 22:11 - 2014-03-31 01:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-12 14:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 08:42 - 2014-03-31 01:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 08:41 - 2014-03-31 01:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-10 22:43 - 2014-03-31 01:22 - 00002181 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-08 19:14 - 2014-03-31 14:04 - 00000432 _____ () C:\Windows\BRWMARK.INI
2014-06-01 09:45 - 2014-06-01 09:45 - 00002096 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2014-06-01 09:45 - 2014-03-31 11:57 - 00002108 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-06-01 09:45 - 2014-03-31 11:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-05-31 20:40 - 2014-05-31 20:40 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-31 20:37 - 2014-05-31 20:37 - 00000000 ____D () C:\Users\Rita Admin 2014\AppData\Roaming\Mozilla
2014-05-31 20:37 - 2014-03-31 12:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-31 20:08 - 2014-05-31 20:08 - 00001717 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Windows Media Player.lnk
2014-05-31 20:08 - 2014-05-31 20:08 - 00001664 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Sidebar.lnk
2014-05-31 20:08 - 2014-05-31 20:08 - 00001428 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Memory Diagnostics Tool.lnk
2014-05-31 20:08 - 2014-05-31 20:08 - 00001394 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Paint.lnk
2014-05-31 20:06 - 2014-05-31 20:06 - 00001442 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Explorer.lnk
2014-05-31 20:06 - 2014-05-31 20:06 - 00001198 _____ () C:\Users\Rosa\AppData\Roaming\Microsoft\Windows\Start Menu\Mozilla Firefox.lnk
2014-05-31 19:52 - 2014-05-31 19:52 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-31 19:52 - 2014-05-31 19:52 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-31 18:53 - 2009-01-29 15:09 - 00000000 ___RD () C:\Programme alt XP
2014-05-30 12:21 - 2014-06-12 08:39 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 08:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 08:39 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 08:39 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 08:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 08:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 08:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 08:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 08:39 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 08:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 08:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 08:39 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 08:39 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 08:39 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 08:39 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 08:39 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 08:39 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 08:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 08:39 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 08:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 08:39 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 08:39 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 08:39 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 08:39 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 08:39 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 08:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 08:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 08:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 08:39 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 08:39 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 08:39 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 08:39 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 08:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 08:39 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 08:39 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 08:39 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 08:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 08:39 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 08:39 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 08:39 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 08:39 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 08:39 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 08:39 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 08:39 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 08:39 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 08:39 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 08:39 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 08:39 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 08:39 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 08:39 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 08:39 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-24 12:59 - 2014-03-31 16:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by Rosa at 2014-06-23 14:09:04
Running from C:\Users\Rosa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ3O179S
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Brother MFL-Pro Suite MFC-7320 (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Classic Shell (HKLM\...\{2368907C-E8F6-4750-A023-254C3E2B5E8D}) (Version: 4.0.4 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MailStore Home 8.2.0.9316 (HKLM-x32\...\MailStore Home_universal1) (Version: 8.2.0.9316 - MailStore Software GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2013 - de-de (HKLM\...\ProfessionalRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Screenshot Captor 4.8 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - )
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Restore Points =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Rosa\Documents\Publikationsversand_ Ihre Bestellung.eml:OECustomProperty
AlternateDataStreams: C:\Users\Rosa\Documents\Wichtige emails speichern wie siehe unten.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2014 01:57:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 01:53:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:24.153]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:22.609]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:21.002]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:19 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:19.458]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:17 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:17.913]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:16 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:16.369]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:14.825]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:13 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:13.280]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:11 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMW BrtWDLMW: [2014/06/23 13:53:11.736]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (06/23/2014 01:57:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/23/2014 01:53:24 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:24.153]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:22.609]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:21 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:21.002]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:19 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:19.458]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:17 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:17.913]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:16 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:16.369]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:14 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:14.825]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:13 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:13.280]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Error: (06/23/2014 01:53:11 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: WDLMWBrtWDLMW: [2014/06/23 13:53:11.736]: [00004564]: lperrcode->api = 1 , lperrcode->code = 2

Alt 23.06.2014, 15:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Zitat:
Running from C:\Users\Rosa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ3O179S
Anleitungen richtig lesen und umsetzen bevor du losschimpfst. Unsere Tools aus dem Temp-Ordner auszuführen ist Unfug, su findest du später die Logs nicht wieder und das Scripten wird mega umständlich.

Zitat:
ownload funktioniert weder im Internet Explorer noch im firefox. Wird geblockt obwohl "freigeschaltet".
Ich habe jetzt kein Vertrauen mehr in all diese tools.
Sry aber da kann ja die FRST.exe nichts für.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.06.2014, 22:30   #9
alexam
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Danke für das feedback.

Ich bin kein Pc Profi - leider.
Habe ich alle Daten, die ich hier eingefügt habe, falsch erstellt? falsch hier eingefügt?
Sind in den Daten denn "misteriöse Eigenartigekeiten" auffällig?
Eigentlich weiß ich nicht, was ich falsch gemacht habe.

Alt 24.06.2014, 08:21   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internet Explorer und Firefox rdir.de - Standard

Internet Explorer und Firefox rdir.de



Hab dir extra ne Zeile aus den Log kopiert. Nochmal:

Zitat:
Running from C:\Users\Rosa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JQ3O179S
Bedeutet, du führst die Datei ohne auf dem Desktop zu speichern aus. Der IE packt das dann erstmal in einen temporären Pfad und Windows führt diese Datei aus. In den Anleitungen steht aber du sollst alle Tools auf den Desktop speichern und dann ausführen, nicht einfach irgendwie. Aus dem Tempordner ist das einfach nur schiete...

Zitat:
Ich bin kein Pc Profi - leider.
Deswegen haben wir in unseren Anleitungen auch alles haarklein beschrieben. Du musst sie nur richtig lesen und 1:1 umsetzen. Außerdem habe ich darum gebeten alle Logs in CODE-Tags zu posten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Internet Explorer und Firefox rdir.de
adresszeile, adwcleaner, angezeigt, browser, durchgeführt, geändert, immer wieder, internet explorer, malwarebytes, nicht angezeigt, pup.optional.adpeak.a, pup.optional.installcore.a, pup.optional.optimuminstaller.a, pup.optional.savingsbull.a, pup.optional.superfish.a, quara, seitenaufbau, webseite, webseiten



Ähnliche Themen: Internet Explorer und Firefox rdir.de


  1. internet explorer durch firefox ersetzen
    Alles rund um Windows - 03.11.2015 (11)
  2. Plötzliche Werbung in Firefox und Internet Explorer
    Log-Analyse und Auswertung - 11.09.2014 (9)
  3. Malware auf Internet Explorer und Firefox
    Plagegeister aller Art und deren Bekämpfung - 03.02.2014 (5)
  4. serchnu.com/410 erscheint bei Firefox und Internet-Explorer
    Log-Analyse und Auswertung - 07.12.2013 (12)
  5. Firefox zu Internet Explorer machen?
    Alles rund um Windows - 03.12.2013 (1)
  6. Windows 7 64-bit : QVO6 bei Firefox und Internet Explorer
    Log-Analyse und Auswertung - 19.10.2013 (7)
  7. Internet Explorer und Mozilla Firefox Dauerabsturz
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (46)
  8. Avast Web Schutz verhindert Internet-Zugang über Firefox/Internet Explorer
    Antiviren-, Firewall- und andere Schutzprogramme - 27.05.2011 (7)
  9. Internet Explorer und Firefox kommen nicht ins Internet
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (71)
  10. Internet Explorer/Mozilla Firefox?
    Alles rund um Windows - 28.08.2009 (68)
  11. Internet Explorer und Firefox gehen nicht!
    Log-Analyse und Auswertung - 28.01.2009 (19)
  12. Firefox läuft, Internet Explorer nicht
    Alles rund um Windows - 26.08.2008 (6)
  13. Internet Explorer - Firefox
    Alles rund um Windows - 13.08.2008 (5)
  14. Firefox, Internet Explorer Problem -> Adware
    Plagegeister aller Art und deren Bekämpfung - 07.01.2008 (3)
  15. Popups von Internet Explorer trotz Firefox
    Log-Analyse und Auswertung - 31.08.2007 (3)
  16. Von Firefox zu Internet Explorer umsteigen !
    Alles rund um Windows - 12.06.2006 (8)
  17. Internet Explorer deinstallieren und Firefox installieren....
    Überwachung, Datenschutz und Spam - 02.08.2005 (4)

Zum Thema Internet Explorer und Firefox rdir.de - Immer wieder können webseiten über einen link in einem email nicht geöffnet werden oder der Seitenaufbau dauert lange. z.B. focus-online öffnet per link aus dem newsletter. Dann ist nur ganz - Internet Explorer und Firefox rdir.de...
Archiv
Du betrachtest: Internet Explorer und Firefox rdir.de auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.