Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Log-Analyse und Auswertung: Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.07.2014, 20:07   #1
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Hy erstmal

Bei meinen Eltern ihren Pc existiert plötzlich das problem das im Fierfox browser sehr viel grün unterstrichene Wörter mit werbung auftauchen
Dabei fällt es hauptsächlich bei "ebay" auf anscheinend verlangsamt dies da auch alles.

Was kann man da tun um das wieder weg zu bekommen hab es bei ihnen bereits mit addblocker probiert aber hat net geholfen

Alt 03.07.2014, 20:55   #2
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung




Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab.
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean bekommst.



Los geht's:

Schritt 1


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 04.07.2014, 13:51   #3
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Hy Jürgen

Hier die beiden txt



FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Mario (administrator) on MARIO-PC on 04-07-2014 14:43:35
Running from C:\Users\Mario\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() C:\Program Files (x86)\-best-markit\wdbest-markite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\-best-markit\best-markitaQ174.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ElbyCheckAnyDVD] => "C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: K - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {0f5e8a24-95d7-11e0-88b0-9bce2532dc71} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {150cadf7-187a-11e3-94f1-a1bb80db9c57} - E:\LGAutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {190240a2-051c-11e0-a32c-d993f403aa7a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {1bfc1b27-f58e-11df-95ee-ea8242c72d1a} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {2211e4a6-efc2-11df-87e0-b424b60a7e33} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {517d3034-efeb-11df-a374-f8ae6adb6b46} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22eded-0503-11e0-be56-89003f547270} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22edf7-0503-11e0-be56-89003f547270} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {8aff38f1-89ec-11e0-9dba-d15e43301347} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {92fc88c1-ea5a-11df-a673-97a87723c579} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {938908af-d149-11e0-88a1-fb3808ebba0c} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fb5-8931-11e0-995e-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fe4-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876ffd-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad877009-8931-11e0-995e-c22bca150f45} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48540-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48575-0507-11e0-b077-c85349b80e7b} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f4857e-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea23-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea29-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fda59519-8450-11e0-afa3-eac0ef9fe2de} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fefde87f-1759-11e0-9133-8687ea80ae45} - E:\setup_vmc_lite.exe /checkApplicationPresence
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14092;https=127.0.0.1:14092
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=2416a5f2000000000000002511665b71
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MABAEA12F-B77A-41CE-83BE-4CB395753519&SearchSource=58&CUI=&UM=5&UP=SP77CBA0E0-91AD-45E1-9E8A-1285E71DE207&q={searchTerms}&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=2416a5f2000000000000002511665b71
SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392
SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: best-markit - {F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA} - C:\Program Files (x86)\-best-markit\174.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\user.js
FF SearchPlugin: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: VideoDownloadConverter - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013-12-07]
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]
FF Extension: Babylon - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-06-18]
FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi
FF Extension: best-markit - C:\Program Files (x86)\-best-markit\174.xpi [2014-06-29]

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 best-markit; C:\Program Files (x86)\-best-markit\best-markitaQ174.exe [178688 2014-06-29] () [File not signed]
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)

==================== Drivers (Whitelisted) ====================

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2010-05-15] (ITE Technologies         )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 14:43 - 2014-07-04 14:44 - 00018744 _____ () C:\Users\Mario\Downloads\FRST.txt
2014-07-04 14:43 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST
2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe
2014-06-29 17:07 - 2014-06-29 21:08 - 00005294 _____ () C:\Windows\cdplayer.ini
2014-06-29 16:48 - 2014-07-04 14:37 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job
2014-06-29 16:48 - 2014-07-04 14:36 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-06-29 16:48 - 2014-06-29 17:27 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit
2014-06-29 16:42 - 2014-06-29 16:43 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe
2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi
2014-06-29 11:22 - 2014-06-29 11:30 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe
2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia
2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav
2014-06-29 09:30 - 2014-06-29 09:31 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav
2014-06-29 08:57 - 2014-06-29 08:58 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe
2014-06-18 21:43 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-04 14:44 - 2014-07-04 14:43 - 00018744 _____ () C:\Users\Mario\Downloads\FRST.txt
2014-07-04 14:43 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST
2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2014-07-04 14:42 - 2010-08-14 21:13 - 01620244 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 14:37 - 2014-06-29 16:48 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job
2014-07-04 14:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-04 14:36 - 2014-06-29 16:48 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-07-04 14:36 - 2011-07-08 16:51 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-04 14:36 - 2011-04-03 15:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-04 14:36 - 2010-08-21 17:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 14:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 14:36 - 2009-07-14 06:51 - 00262390 _____ () C:\Windows\setupact.log
2014-07-04 11:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 11:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 22:19 - 2013-10-23 09:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 22:10 - 2010-08-21 17:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 22:47 - 2011-02-20 11:55 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{896638E2-354A-4B96-AC64-F6A0AD177347}
2014-07-01 19:57 - 2010-08-15 06:15 - 00653928 _____ () C:\Windows\system32\perfh007.dat
2014-07-01 19:57 - 2010-08-15 06:15 - 00129800 _____ () C:\Windows\system32\perfc007.dat
2014-07-01 19:57 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:08 - 2014-06-29 17:07 - 00005294 _____ () C:\Windows\cdplayer.ini
2014-06-29 17:27 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe
2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit
2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-29 16:43 - 2014-06-29 16:42 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe
2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi
2014-06-29 11:30 - 2014-06-29 11:22 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe
2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia
2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:30 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:57 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe
2014-06-25 13:44 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Briefwechsel
2014-06-24 13:05 - 2010-08-21 17:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 13:05 - 2010-08-21 17:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 12:56 - 2013-08-05 13:28 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-20 17:38 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Witzige Texte, Animationen und Bilder
2014-06-20 16:03 - 2013-10-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-18 21:43 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-11 21:50 - 2014-05-03 20:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 21:48 - 2010-08-21 15:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 13:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\avgnt.exe
C:\Users\Mario\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Mario\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mario\AppData\Local\Temp\MSN9D40.exe
C:\Users\Mario\AppData\Local\Temp\nsa8C60.exe
C:\Users\Mario\AppData\Local\Temp\nsaDFB3.exe
C:\Users\Mario\AppData\Local\Temp\nsfC9DD.exe
C:\Users\Mario\AppData\Local\Temp\nsgB420.exe
C:\Users\Mario\AppData\Local\Temp\nsiB906.exe
C:\Users\Mario\AppData\Local\Temp\nslB7E8.exe
C:\Users\Mario\AppData\Local\Temp\nslCF2C.exe
C:\Users\Mario\AppData\Local\Temp\nsqDB30.exe
C:\Users\Mario\AppData\Local\Temp\nsv91BE.exe
C:\Users\Mario\AppData\Local\Temp\ResetDevice.exe
C:\Users\Mario\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Mario\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 12:16

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---





Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Mario at 2014-07-04 14:44:28
Running from C:\Users\Mario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - )
Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION
best-markit (HKLM-x32\...\DFD86481-D5B6-1330-4CB5-7D62FFEE1AB7) (Version:  - best-markit-software)
Biet-O-Matic v2.1.00 (HKLM-x32\...\Biet-O-Matic v2.1.00) (Version: Biet-O-Matic v2.1.00 - BOM Development Team)
Blood Ties Deluxe (HKCU\...\Blood Ties Deluxe) (Version: 1.0.0 - Zylom Games)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Can You See What I See Deluxe (HKCU\...\Can You See What I See Deluxe) (Version: 1.0.0 - Zylom Games)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Cooking Academy (HKCU\...\Cooking Academy) (Version: 1.0.0 - Zylom Games)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.4020 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.4020 - CyberLink Corp.) Hidden
Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Delicious 2 Deluxe (HKCU\...\Delicious 2 Deluxe) (Version: 1.0.0 - Zylom Games)
Delicious Deluxe (HKCU\...\Delicious Deluxe) (Version: 1.0.0 - Zylom Games)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dream Sleuth Deluxe (HKCU\...\Dream Sleuth Deluxe) (Version: 1.0.0 - Zylom Games)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender und Unternehmer 12.2.0.6412k) (Version: 15.2.13992 - )
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Farm Frenzy 3 - American Pie Deluxe (HKCU\...\Farm Frenzy 3 - American Pie Deluxe) (Version: 1.0.0 - Zylom Games)
Farm Frenzy 3 - Russian Roulette Deluxe (HKCU\...\Farm Frenzy 3 - Russian Roulette Deluxe) (Version: 1.0.0 - Zylom Games)
Farm Frenzy 3 Deluxe (HKCU\...\Farm Frenzy 3 Deluxe) (Version: 1.0.0 - Zylom Games)
Farm Frenzy Deluxe (HKCU\...\Farm Frenzy Deluxe) (Version: 1.0.0 - Zylom Games)
Farmer Deluxe (HKCU\...\Farmer Deluxe) (Version: 1.0.0 - Zylom Games)
First Class Flurry (HKCU\...\First Class Flurry) (Version: 1.0.0 - Zylom Games)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Fishing Craze Deluxe (HKCU\...\Fishing Craze Deluxe) (Version: 1.0.0 - Zylom Games)
Flower Shop - Big City Break Deluxe (HKCU\...\Flower Shop - Big City Break Deluxe) (Version: 1.0.0 - Zylom Games)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Hammer Heads Deluxe (HKCU\...\Hammer Heads Deluxe) (Version: 1.0.0 - Zylom Games)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hollywood - The Director's Cut Deluxe (HKCU\...\Hollywood - The Director's Cut Deluxe) (Version: 1.0.0 - Zylom Games)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{A7096369-9332-466C-8357-08770CDCE277}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Jane's Hotel Deluxe (HKCU\...\Jane's Hotel Deluxe) (Version: 1.0.0 - Zylom Games)
Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)
Little Shop - Road Trip Deluxe (HKCU\...\Little Shop - Road Trip Deluxe) (Version: 1.0.0 - Zylom Games)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60531.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Million Dollar Quest Deluxe (HKCU\...\Million Dollar Quest Deluxe) (Version: 1.0.0 - Zylom Games)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.06.01.500 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version:  - dtp)
Mystery Tales - Insel der Träume (HKLM-x32\...\{F6856F9B-881C-4BAF-8602-1E2DBA0EA8A7}_is1) (Version:  - cerasus.media GmbH)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nero 9 Essentials (HKLM-x32\...\{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PaperDesigner Plus (HKLM-x32\...\{9B773B11-1C9F-11D5-9B12-00201802CEF5}) (Version:  - )
Paradise Beach Deluxe (HKCU\...\Paradise Beach Deluxe) (Version: 1.0.0 - Zylom Games)
Pirateville Deluxe (HKCU\...\Pirateville Deluxe) (Version: 1.0.0 - Zylom Games)
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Rainbow Mystery Deluxe (HKCU\...\Rainbow Mystery Deluxe) (Version: 1.0.0 - Zylom Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Renault Media Nav Toolbox (HKLM-x32\...\Renault Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Restaurant Rush Deluxe (HKCU\...\Restaurant Rush Deluxe) (Version: 1.0.0 - Zylom Games)
Robinson Crusoe (HKLM-x32\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version:  - cerasus.media GmbH)
Spirit of Wandering Deluxe (HKCU\...\Spirit of Wandering Deluxe) (Version: 1.0.0 - Zylom Games)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{F76D4E7F-4AC6-48DC-9ABB-E9769DD24977}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Text Express 2 Deluxe (HKCU\...\Text Express 2 Deluxe) (Version: 1.0.0 - Zylom Games)
The Hidden Object Show Deluxe (HKCU\...\The Hidden Object Show Deluxe) (Version: 1.0.0 - Zylom Games)
The Tudors Deluxe (HKCU\...\The Tudors Deluxe) (Version: 1.0.0 - Zylom Games)
Video Grabber (HKLM-x32\...\{65C3253A-E984-4769-BC33-CBC8F059C408}) (Version: 1.00.0000 - dexatek)
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Restore Points  =========================

16-06-2014 19:09:17 Windows-Sicherung
17-06-2014 16:40:46 Windows Update
22-06-2014 17:14:30 Windows-Sicherung
24-06-2014 17:08:03 Windows Update
28-06-2014 05:59:46 Windows Update
29-06-2014 17:00:27 Windows-Sicherung
01-07-2014 17:00:49 Windows Update

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {24AF0EA1-E847-4BD0-B463-669A9335D60E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)
Task: {600BEA74-92F7-4378-8319-4017A9E81947} - System32\Tasks\{87F6D93F-5D2F-4D75-BDE6-A819CC2AF37B} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()
Task: {6CB3FF72-614E-478A-BE32-FE6FCE044F75} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
Task: {6DAE5EFB-6774-4BD4-871F-0803912BD423} - System32\Tasks\best-markit Update => C:\Program Files (x86)\-best-markit\appbest-markitf99.exe [2014-06-29] ()
Task: {7D8EFB1C-F8A7-45D4-AAC6-A08B142206B8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {82E67281-5910-4C04-A623-BE4F53903417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)
Task: {9DE04B1E-0285-4E71-90FB-FA1AE51DFC1D} - System32\Tasks\best-markit_wd => C:\Program Files (x86)\-best-markit\wdbest-markite.exe [2014-06-29] ()
Task: {9EAB0DBB-1B50-4DA8-AF7D-35A7E227FF6B} - System32\Tasks\{59900C70-4950-40B3-9291-206A1FCB7703} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()
Task: {AB414AD7-38CC-4A7C-AFBB-961D84A4613B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)
Task: {BDE4B03F-959F-4104-9C77-7375381F1B30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E52F25EC-6A1C-42AB-9A89-50136F157076} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FF8A7E7A-7A40-4365-8462-344AFD9A34DA} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\best-markit Update.job => C:\Program Files (x86)\-best-markit\appbest-markitf99.exe
Task: C:\Windows\Tasks\best-markit_wd.job => C:\Program Files (x86)\-best-markit\wdbest-markite.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-29 16:47 - 2014-06-29 16:47 - 00100864 _____ () C:\Program Files (x86)\-best-markit\wdbest-markite.exe
2014-06-29 16:47 - 2014-06-29 16:47 - 00178688 _____ () C:\Program Files (x86)\-best-markit\best-markitaQ174.exe
2013-03-02 11:30 - 2008-12-31 06:31 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-06-29 16:47 - 2014-06-29 16:47 - 00172544 _____ () C:\Program Files (x86)\-best-markit\best-markitaQ174.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Mario:zylomtest
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}
AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 4.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.4:5353   18 4.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/01/2014 07:27:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/01/2014 01:28:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.


System errors:
=============
Error: (07/04/2014 11:50:03 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/03/2014 10:30:19 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/03/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/02/2014 10:51:05 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/01/2014 10:53:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/01/2014 02:09:44 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/01/2014 00:00:52 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (06/30/2014 09:44:27 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (06/29/2014 09:09:20 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (06/29/2014 05:29:46 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32


Microsoft Office Sessions:
=========================
Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 4.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.4:5353   18 4.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/01/2014 07:27:44 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/01/2014 01:28:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.


==================== Memory info =========================== 

Percentage of memory in use: 40%
Total physical RAM: 3071.23 MB
Available physical RAM: 1829.37 MB
Total Pagefile: 6140.61 MB
Available Pagefile: 4648.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:917.41 GB) (Free:844.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 730E7791)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================
__________________
Alt 04.07.2014, 14:31   #4
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Hi, so geht's weiter...

Schritt 1

Bitte deinstalliere folgende Programme:

Java(TM) 6 Update 30
Babylon toolbar on IE


Versuche es bei Windows 7 zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhier herunter. Entpacke die zip-Datei auf den Desktop.
  • Starte die Revouninstaller.exe
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
    Klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Schritt 3



Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.07.2014, 15:11   #5
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Äm ist das richtig das bei den scan mit FRST diesmal nur eine txt datei kahm ?
jedanfals hier das was ich hab


AdwCleaner :

Code:
ATTFilter
# AdwCleaner v3.214 - Bericht erstellt am 04/07/2014 um 16:01:49
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzername : Mario - MARIO-PC
# Gestartet von : C:\Users\Mario\Downloads\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : best-markit

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\VideoDownloadConverter
Ordner Gelöscht : C:\Program Files (x86)\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\Users\Mario\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Mario\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Mario\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Mario\AppData\LocalLow\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Users\Mario\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\VideoDownloadConverter_4z
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\ask-web-search.xml
Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\user.js
Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\user.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConfigTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConfigTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16476


-\\ Mozilla Firefox v30.0 (de)

[ Datei : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":220737723,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":220737724,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=77fdc8cf&p2=^HJ^xpi000^FF26A^");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013120719");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^FF26A^");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "5.71.2.58327");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

*************************

AdwCleaner[R0].txt - [9129 octets] - [04/07/2014 16:01:12]
AdwCleaner[S0].txt - [8672 octets] - [04/07/2014 16:01:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8732 octets] ##########
FRST :


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Mario (administrator) on MARIO-PC on 04-07-2014 16:06:37
Running from C:\Users\Mario\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
() C:\Program Files (x86)\-best-markit\wdbest-markite.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ElbyCheckAnyDVD] => "C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: K - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {0f5e8a24-95d7-11e0-88b0-9bce2532dc71} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {150cadf7-187a-11e3-94f1-a1bb80db9c57} - E:\LGAutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {190240a2-051c-11e0-a32c-d993f403aa7a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {1bfc1b27-f58e-11df-95ee-ea8242c72d1a} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {2211e4a6-efc2-11df-87e0-b424b60a7e33} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {517d3034-efeb-11df-a374-f8ae6adb6b46} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22eded-0503-11e0-be56-89003f547270} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22edf7-0503-11e0-be56-89003f547270} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {8aff38f1-89ec-11e0-9dba-d15e43301347} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {92fc88c1-ea5a-11df-a673-97a87723c579} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {938908af-d149-11e0-88a1-fb3808ebba0c} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fb5-8931-11e0-995e-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fe4-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876ffd-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad877009-8931-11e0-995e-c22bca150f45} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48540-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48575-0507-11e0-b077-c85349b80e7b} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f4857e-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea23-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea29-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fda59519-8450-11e0-afa3-eac0ef9fe2de} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fefde87f-1759-11e0-9133-8687ea80ae45} - E:\setup_vmc_lite.exe /checkApplicationPresence
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392
SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: best-markit - {F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA} - C:\Program Files (x86)\-best-markit\174.dll ()
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: VideoDownloadConverter - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013-12-07]
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]
FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi
FF Extension: best-markit - C:\Program Files (x86)\-best-markit\174.xpi [2014-06-29]

==================== Services (Whitelisted) =================

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)

==================== Drivers (Whitelisted) ====================

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2010-05-15] (ITE Technologies         )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner
2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe
2014-07-04 14:44 - 2014-07-04 14:45 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt
2014-07-04 14:43 - 2014-07-04 16:06 - 00016021 _____ () C:\Users\Mario\Downloads\FRST.txt
2014-07-04 14:43 - 2014-07-04 16:06 - 00000000 ____D () C:\FRST
2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe
2014-06-29 17:07 - 2014-06-29 21:08 - 00005294 _____ () C:\Windows\cdplayer.ini
2014-06-29 16:48 - 2014-07-04 16:03 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job
2014-06-29 16:48 - 2014-07-04 16:03 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-06-29 16:48 - 2014-06-29 17:27 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit
2014-06-29 16:42 - 2014-06-29 16:43 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe
2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi
2014-06-29 11:22 - 2014-06-29 11:30 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe
2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia
2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav
2014-06-29 09:30 - 2014-06-29 09:31 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav
2014-06-29 08:57 - 2014-06-29 08:58 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe
2014-06-18 21:43 - 2014-07-04 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-04 16:07 - 2014-07-04 14:43 - 00016021 _____ () C:\Users\Mario\Downloads\FRST.txt
2014-07-04 16:06 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST
2014-07-04 16:03 - 2014-06-29 16:48 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job
2014-07-04 16:03 - 2014-06-29 16:48 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job
2014-07-04 16:03 - 2011-07-08 16:51 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-04 16:03 - 2011-04-03 15:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-04 16:03 - 2010-08-21 17:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 16:03 - 2009-10-29 08:40 - 00476454 _____ () C:\Windows\PFRO.log
2014-07-04 16:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 16:03 - 2009-07-14 06:51 - 00262502 _____ () C:\Windows\setupact.log
2014-07-04 16:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-04 16:02 - 2010-08-14 21:13 - 01649169 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner
2014-07-04 16:01 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 16:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 16:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe
2014-07-04 14:45 - 2014-07-04 14:44 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt
2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2014-07-03 22:19 - 2013-10-23 09:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-03 22:10 - 2010-08-21 17:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-02 22:47 - 2011-02-20 11:55 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{896638E2-354A-4B96-AC64-F6A0AD177347}
2014-07-01 19:57 - 2010-08-15 06:15 - 00653928 _____ () C:\Windows\system32\perfh007.dat
2014-07-01 19:57 - 2010-08-15 06:15 - 00129800 _____ () C:\Windows\system32\perfc007.dat
2014-07-01 19:57 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:08 - 2014-06-29 17:07 - 00005294 _____ () C:\Windows\cdplayer.ini
2014-06-29 17:27 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe
2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update
2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd
2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit
2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-29 16:43 - 2014-06-29 16:42 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe
2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi
2014-06-29 11:30 - 2014-06-29 11:22 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe
2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia
2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:30 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:57 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe
2014-06-25 13:44 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Briefwechsel
2014-06-24 13:05 - 2010-08-21 17:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 13:05 - 2010-08-21 17:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 12:56 - 2013-08-05 13:28 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-20 17:38 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Witzige Texte, Animationen und Bilder
2014-06-20 16:03 - 2013-10-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 21:50 - 2014-05-03 20:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 21:48 - 2010-08-21 15:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 13:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\avgnt.exe
C:\Users\Mario\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Mario\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mario\AppData\Local\Temp\MSN9D40.exe
C:\Users\Mario\AppData\Local\Temp\nsa8C60.exe
C:\Users\Mario\AppData\Local\Temp\nsaDFB3.exe
C:\Users\Mario\AppData\Local\Temp\nsfC9DD.exe
C:\Users\Mario\AppData\Local\Temp\nsgB420.exe
C:\Users\Mario\AppData\Local\Temp\nsiB906.exe
C:\Users\Mario\AppData\Local\Temp\nslB7E8.exe
C:\Users\Mario\AppData\Local\Temp\nslCF2C.exe
C:\Users\Mario\AppData\Local\Temp\nsqDB30.exe
C:\Users\Mario\AppData\Local\Temp\nsv91BE.exe
C:\Users\Mario\AppData\Local\Temp\Quarantine.exe
C:\Users\Mario\AppData\Local\Temp\ResetDevice.exe
C:\Users\Mario\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Mario\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 12:16

==================== End Of Log ============================
--- --- ---

--- --- ---


Alt 04.07.2014, 15:26   #6
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Hi, ja sonst hätte ich einen Haken bei Addition.txt setzen lassen...

Schritt 1

Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.


Schritt 2

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Schritt 3



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________
--> Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung

Alt 04.07.2014, 17:14   #7
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


muss mal zwischenfrage stellen
hab beim eset online scanner wie beschrieben verfahren (bis dahin wo scan fertig ) jetzt hat der aber ein paar eventuell unerwünschte anwendungen gefunden
muss ich da etwas anderes noch tun oder wie beschrieben fortfahren ? (also fertigstellen cklicken ,fenter schliesen ....)

Alt 04.07.2014, 17:15   #8
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Nö, die schauen wir uns an und löschen ggf. manuell...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 04.07.2014, 17:28   #9
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Ok dann hier die txt dateien

MBAM :

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 04.07.2014
Suchlauf-Zeit: 16:43:57
Logdatei: 
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.04.06
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7
CPU: x64
Dateisystem: NTFS
Benutzer: Mario

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 278346
Verstrichene Zeit: 14 Min, 3 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\wdbest-markite.exe, 1688, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22]

Module: 1
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.dll, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 

Registrierungsschlüssel: 7
PUP.Optional.BestMarkIt.A, HKU\S-1-5-21-2040411554-1652058355-27632440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\best_markit, Löschen bei Neustart, [53cf0d8e304b6cca03cf6e5cca38c63a], 
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{41B2E210-42A4-62A2-F0B9-948AB3700562}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9C501577-A144-4CF1-4DA2-A370D714E698}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{41B2E210-42A4-62A2-F0B9-948AB3700562}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DFD86481-D5B6-1330-4CB5-7D62FFEE1AB7, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 7
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 

Dateien: 47
PUP.Optional.SearchProtect.A, C:\Users\Mario\AppData\Local\Temp\nsa17CD.tmp, In Quarantäne, [9b879efddc9ff83e91df533faa571ee2], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsa8C60.exe, In Quarantäne, [c45ee1babcbf191daaa2c1c7996802fe], 
PUP.Optional.SearchProtect.A, C:\Users\Mario\AppData\Local\Temp\nsaA4CF.tmp, In Quarantäne, [bb672b70205b6acc79f74052dd24ef11], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsaDFB3.exe, In Quarantäne, [0c16e7b4473455e1ce7e4345ad549b65], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsfC9DD.exe, In Quarantäne, [49d938639fdccc6ad9739fe9808121df], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsgB420.exe, In Quarantäne, [d949faa19edd2a0cb993b5d3629fc33d], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsiB906.exe, In Quarantäne, [e53ddebdaccf44f2b19b196f57aa4eb2], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nslB7E8.exe, In Quarantäne, [958d0596e49740f690bc484018e9b848], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nslCF2C.exe, In Quarantäne, [65bdebb05526d363e4684048c8394eb2], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsqDB30.exe, In Quarantäne, [72b0abf0ee8da6901735a5e301000af6], 
PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsv91BE.exe, In Quarantäne, [f72bf8a34a31989e14382c5c936e9c64], 
PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\delicious2download.exe, In Quarantäne, [22000c8fe29911256529f7cdac543ec2], 
PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\deliciousdownload.exe, In Quarantäne, [0a185e3d99e273c3dcb27c48758b827e], 
PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\hammerheadsdownload.exe, In Quarantäne, [9b878d0e512a092dc3cbb41027d9c040], 
PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\rainbowmysterydownload.exe, In Quarantäne, [7ba7e8b3671437ff06889232d52b7987], 
PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\textexpress2download.exe, In Quarantäne, [061ce0bbf7842b0bc9c5685cd52b6b95], 
PUP.Optional.BestMarkIt.A, C:\Windows\System32\Tasks\best-markit Update, In Quarantäne, [73af44573e3d013510029421eb176f91], 
PUP.Optional.BestMarkIt.A, C:\Windows\System32\Tasks\best-markit_wd, In Quarantäne, [58cad8c32c4fbe7831e107aefe045ea2], 
PUP.Optional.BestMarkIt.A, C:\Windows\Tasks\best-markit Update.job, In Quarantäne, [3be7415aa3d84ee8804fecde0cf6d12f], 
PUP.Optional.BestMarkIt.A, C:\Windows\Tasks\best-markit_wd.job, In Quarantäne, [e240a7f4403b6ec8458ae1e9857d0ef2], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install.rdf, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome\4zffxtbr.jar, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\bootstrap.js, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome.manifest, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install.rdf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install_no_bootstrap.rdf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome\4zffxtbr.jar, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\manifest.mf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\zigbert.rsa, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\zigbert.sf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\EXEManager.dll, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\FF-NativeMessagingDispatcher.dll, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\Verify.dll, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.crx, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.dat, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.dll, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.xpi, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\a.db, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\appbest-markitf99.exe, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\b.db, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.bin, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.dll, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.exe, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.ini, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\Sqlite3.dll, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\Uninstall.exe, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\wdbest-markite.exe, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 

Physische Sektoren: 0
(No malicious items detected)


(end)
ESET Online Scanner:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=59a34991811a1b4e96b390b2442eb90e
# engine=19025
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-04 04:09:40
# local_time=2014-07-04 06:09:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7600 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 12444 156120030 0 0
# scanned=184966
# found=8
# cleaned=0
# scan_time=3545
sh=A823D4D557D4DEAFBE264CC8760DBFE85C24C4A0 ft=1 fh=c71c001189d1b3db vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\BExternal.dll.vir"
sh=E9966958672AFC5363CD47F153CA2ED0C87112DF ft=1 fh=a2f67e8360868780 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"
sh=40969E053E001937C71D74EA719F78BF9A5FEF2A ft=1 fh=9a76860661eadcce vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\MyBabylonTB.exe.vir"
sh=45D1104CA6BE51EDA80B5994403E9ABD523082A3 ft=1 fh=dc60180b3d8151a5 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\Setup.exe.vir"
sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H71HL6UC\spstub[1].exe"
sh=A84B46CCDC3F57029C711BE6275A760DD13AC913 ft=1 fh=15908f4a60c02694 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDFWVB45\SPSetup[2].exe"
sh=0EA8B6FF0D2DD92DE3EB3FD64BF7109D61AF4FC1 ft=1 fh=9094b160c121c80c vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe"
sh=17DE4EBD2BDD63571A61B49BDE5B1767A9FCFE84 ft=1 fh=cda42ca5ebca54a0 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe"



Und von FRST die zwei


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014
Ran by Mario (administrator) on MARIO-PC on 04-07-2014 18:24:54
Running from C:\Users\Mario\Downloads
Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ElbyCheckAnyDVD] => "C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: K - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {0f5e8a24-95d7-11e0-88b0-9bce2532dc71} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {150cadf7-187a-11e3-94f1-a1bb80db9c57} - E:\LGAutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {190240a2-051c-11e0-a32c-d993f403aa7a} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {1bfc1b27-f58e-11df-95ee-ea8242c72d1a} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {2211e4a6-efc2-11df-87e0-b424b60a7e33} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {517d3034-efeb-11df-a374-f8ae6adb6b46} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22eded-0503-11e0-be56-89003f547270} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22edf7-0503-11e0-be56-89003f547270} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {8aff38f1-89ec-11e0-9dba-d15e43301347} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {92fc88c1-ea5a-11df-a673-97a87723c579} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {938908af-d149-11e0-88a1-fb3808ebba0c} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fb5-8931-11e0-995e-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fe4-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876ffd-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad877009-8931-11e0-995e-c22bca150f45} - K:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48540-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48575-0507-11e0-b077-c85349b80e7b} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f4857e-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea23-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea29-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fda59519-8450-11e0-afa3-eac0ef9fe2de} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fefde87f-1759-11e0-9133-8687ea80ae45} - E:\setup_vmc_lite.exe /checkApplicationPresence
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392
SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]
FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi

==================== Services (Whitelisted) =================

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()
R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)

==================== Drivers (Whitelisted) ====================

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2010-05-15] (ITE Technologies         )
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-04 17:02 - 2014-07-04 17:02 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_deu.exe
2014-07-04 16:56 - 2014-07-04 16:56 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Avira
2014-07-04 16:55 - 2014-07-04 16:55 - 00002035 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 16:55 - 2014-07-04 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 16:54 - 2014-07-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 16:54 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-07-04 16:54 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-07-04 16:54 - 2014-06-24 20:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-04 16:54 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-07-04 16:32 - 2014-07-04 18:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 16:32 - 2014-07-04 16:32 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 16:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-04 16:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-04 16:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-04 16:29 - 2014-07-04 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 16:22 - 2014-07-04 16:35 - 157344328 _____ () C:\Users\Mario\Downloads\avira_antivirus_pro_de.exe
2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner
2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe
2014-07-04 14:44 - 2014-07-04 14:45 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt
2014-07-04 14:43 - 2014-07-04 18:25 - 00015769 _____ () C:\Users\Mario\Downloads\FRST.txt
2014-07-04 14:43 - 2014-07-04 18:25 - 00000000 ____D () C:\FRST
2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe
2014-06-29 17:07 - 2014-06-29 21:08 - 00005294 _____ () C:\Windows\cdplayer.ini
2014-06-29 16:48 - 2014-06-29 17:27 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-06-29 16:42 - 2014-06-29 16:43 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe
2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi
2014-06-29 11:22 - 2014-06-29 11:30 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe
2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia
2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav
2014-06-29 09:30 - 2014-06-29 09:31 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav
2014-06-29 08:57 - 2014-06-29 08:58 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe
2014-06-18 21:43 - 2014-07-04 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-04 18:25 - 2014-07-04 14:43 - 00015769 _____ () C:\Users\Mario\Downloads\FRST.txt
2014-07-04 18:25 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST
2014-07-04 18:19 - 2014-07-04 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-04 18:19 - 2013-10-23 09:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-04 18:10 - 2010-08-21 17:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-04 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-04 17:08 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 17:08 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-04 17:04 - 2010-08-14 21:13 - 01705381 _____ () C:\Windows\WindowsUpdate.log
2014-07-04 17:02 - 2014-07-04 17:02 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_deu.exe
2014-07-04 17:00 - 2011-07-08 16:51 - 00000000 ____D () C:\ProgramData\Kodak
2014-07-04 17:00 - 2011-04-03 15:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-07-04 17:00 - 2010-08-21 17:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-04 17:00 - 2009-10-29 08:40 - 00649688 _____ () C:\Windows\PFRO.log
2014-07-04 17:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-04 17:00 - 2009-07-14 06:51 - 00262670 _____ () C:\Windows\setupact.log
2014-07-04 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-07-04 16:56 - 2014-07-04 16:56 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Avira
2014-07-04 16:55 - 2014-07-04 16:55 - 00002035 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-07-04 16:55 - 2014-07-04 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-07-04 16:54 - 2014-07-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-04 16:54 - 2010-08-15 10:12 - 00000000 ____D () C:\ProgramData\Avira
2014-07-04 16:35 - 2014-07-04 16:22 - 157344328 _____ () C:\Users\Mario\Downloads\avira_antivirus_pro_de.exe
2014-07-04 16:32 - 2014-07-04 16:32 - 00001071 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-04 16:31 - 2014-07-04 16:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner
2014-07-04 16:01 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe
2014-07-04 14:45 - 2014-07-04 14:44 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt
2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe
2014-07-02 22:47 - 2011-02-20 11:55 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{896638E2-354A-4B96-AC64-F6A0AD177347}
2014-07-01 19:57 - 2010-08-15 06:15 - 00653928 _____ () C:\Windows\system32\perfh007.dat
2014-07-01 19:57 - 2010-08-15 06:15 - 00129800 _____ () C:\Windows\system32\perfc007.dat
2014-07-01 19:57 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 21:08 - 2014-06-29 17:07 - 00005294 _____ () C:\Windows\cdplayer.ini
2014-06-29 17:27 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Audiograbber
2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe
2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk
2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber
2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-06-29 16:43 - 2014-06-29 16:42 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe
2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi
2014-06-29 11:30 - 2014-06-29 11:22 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe
2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia
2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav
2014-06-29 09:31 - 2014-06-29 09:30 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav
2014-06-29 08:58 - 2014-06-29 08:57 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe
2014-06-25 13:44 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Briefwechsel
2014-06-24 20:39 - 2014-07-04 16:54 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-24 20:39 - 2014-07-04 16:54 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-24 20:39 - 2014-07-04 16:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-24 20:39 - 2014-07-04 16:54 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-24 13:05 - 2010-08-21 17:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 13:05 - 2010-08-21 17:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 17:38 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Witzige Texte, Animationen und Bilder
2014-06-20 16:03 - 2013-10-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-11 21:50 - 2014-05-03 20:32 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 21:48 - 2010-08-21 15:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-04 13:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\Mario\AppData\Local\Temp\avgnt.exe
C:\Users\Mario\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Mario\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mario\AppData\Local\Temp\MSN9D40.exe
C:\Users\Mario\AppData\Local\Temp\Quarantine.exe
C:\Users\Mario\AppData\Local\Temp\ResetDevice.exe
C:\Users\Mario\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe
C:\Users\Mario\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-29 12:16

==================== End Of Log ============================
--- --- ---

--- --- ---



Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014
Ran by Mario at 2014-07-04 18:25:57
Running from C:\Users\Mario\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - )
Biet-O-Matic v2.1.00 (HKLM-x32\...\Biet-O-Matic v2.1.00) (Version: Biet-O-Matic v2.1.00 - BOM Development Team)
Blood Ties Deluxe (HKCU\...\Blood Ties Deluxe) (Version: 1.0.0 - Zylom Games)
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Can You See What I See Deluxe (HKCU\...\Can You See What I See Deluxe) (Version: 1.0.0 - Zylom Games)
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)
Cooking Academy (HKCU\...\Cooking Academy) (Version: 1.0.0 - Zylom Games)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.4020 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 7.0.4020 - CyberLink Corp.) Hidden
Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
Delicious 2 Deluxe (HKCU\...\Delicious 2 Deluxe) (Version: 1.0.0 - Zylom Games)
Delicious Deluxe (HKCU\...\Delicious Deluxe) (Version: 1.0.0 - Zylom Games)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dream Sleuth Deluxe (HKCU\...\Dream Sleuth Deluxe) (Version: 1.0.0 - Zylom Games)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender und Unternehmer 12.2.0.6412k) (Version: 15.2.13992 - )
eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)
eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)
eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)
eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Farm Frenzy 3 - American Pie Deluxe (HKCU\...\Farm Frenzy 3 - American Pie Deluxe) (Version: 1.0.0 - Zylom Games)
Farm Frenzy 3 - Russian Roulette Deluxe (HKCU\...\Farm Frenzy 3 - Russian Roulette Deluxe) (Version: 1.0.0 - Zylom Games)
Farm Frenzy 3 Deluxe (HKCU\...\Farm Frenzy 3 Deluxe) (Version: 1.0.0 - Zylom Games)
Farm Frenzy Deluxe (HKCU\...\Farm Frenzy Deluxe) (Version: 1.0.0 - Zylom Games)
Farmer Deluxe (HKCU\...\Farmer Deluxe) (Version: 1.0.0 - Zylom Games)
First Class Flurry (HKCU\...\First Class Flurry) (Version: 1.0.0 - Zylom Games)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
Fishing Craze Deluxe (HKCU\...\Fishing Craze Deluxe) (Version: 1.0.0 - Zylom Games)
Flower Shop - Big City Break Deluxe (HKCU\...\Flower Shop - Big City Break Deluxe) (Version: 1.0.0 - Zylom Games)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Hammer Heads Deluxe (HKCU\...\Hammer Heads Deluxe) (Version: 1.0.0 - Zylom Games)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hollywood - The Director's Cut Deluxe (HKCU\...\Hollywood - The Director's Cut Deluxe) (Version: 1.0.0 - Zylom Games)
HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{A7096369-9332-466C-8357-08770CDCE277}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Jane's Hotel Deluxe (HKCU\...\Jane's Hotel Deluxe) (Version: 1.0.0 - Zylom Games)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden
KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)
Little Shop - Road Trip Deluxe (HKCU\...\Little Shop - Road Trip Deluxe) (Version: 1.0.0 - Zylom Games)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60531.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Million Dollar Quest Deluxe (HKCU\...\Million Dollar Quest Deluxe) (Version: 1.0.0 - Zylom Games)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.06.01.500 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version:  - dtp)
Mystery Tales - Insel der Träume (HKLM-x32\...\{F6856F9B-881C-4BAF-8602-1E2DBA0EA8A7}_is1) (Version:  - cerasus.media GmbH)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)
Nero 9 Essentials (HKLM-x32\...\{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}) (Version:  - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PaperDesigner Plus (HKLM-x32\...\{9B773B11-1C9F-11D5-9B12-00201802CEF5}) (Version:  - )
Paradise Beach Deluxe (HKCU\...\Paradise Beach Deluxe) (Version: 1.0.0 - Zylom Games)
Pirateville Deluxe (HKCU\...\Pirateville Deluxe) (Version: 1.0.0 - Zylom Games)
PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
Rainbow Mystery Deluxe (HKCU\...\Rainbow Mystery Deluxe) (Version: 1.0.0 - Zylom Games)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
Renault Media Nav Toolbox (HKLM-x32\...\Renault Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)
Restaurant Rush Deluxe (HKCU\...\Restaurant Rush Deluxe) (Version: 1.0.0 - Zylom Games)
Robinson Crusoe (HKLM-x32\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version:  - cerasus.media GmbH)
Spirit of Wandering Deluxe (HKCU\...\Spirit of Wandering Deluxe) (Version: 1.0.0 - Zylom Games)
Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{F76D4E7F-4AC6-48DC-9ABB-E9769DD24977}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
Text Express 2 Deluxe (HKCU\...\Text Express 2 Deluxe) (Version: 1.0.0 - Zylom Games)
The Hidden Object Show Deluxe (HKCU\...\The Hidden Object Show Deluxe) (Version: 1.0.0 - Zylom Games)
The Tudors Deluxe (HKCU\...\The Tudors Deluxe) (Version: 1.0.0 - Zylom Games)
Video Grabber (HKLM-x32\...\{65C3253A-E984-4769-BC33-CBC8F059C408}) (Version: 1.00.0000 - dexatek)
Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Restore Points  =========================

16-06-2014 19:09:17 Windows-Sicherung
17-06-2014 16:40:46 Windows Update
22-06-2014 17:14:30 Windows-Sicherung
24-06-2014 17:08:03 Windows Update
28-06-2014 05:59:46 Windows Update
29-06-2014 17:00:27 Windows-Sicherung
01-07-2014 17:00:49 Windows Update
04-07-2014 13:57:30 Removed Java(TM) 6 Update 30

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {24AF0EA1-E847-4BD0-B463-669A9335D60E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)
Task: {600BEA74-92F7-4378-8319-4017A9E81947} - System32\Tasks\{87F6D93F-5D2F-4D75-BDE6-A819CC2AF37B} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()
Task: {6CB3FF72-614E-478A-BE32-FE6FCE044F75} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe
Task: {7D8EFB1C-F8A7-45D4-AAC6-A08B142206B8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {82E67281-5910-4C04-A623-BE4F53903417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)
Task: {9EAB0DBB-1B50-4DA8-AF7D-35A7E227FF6B} - System32\Tasks\{59900C70-4950-40B3-9291-206A1FCB7703} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()
Task: {AB414AD7-38CC-4A7C-AFBB-961D84A4613B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)
Task: {BDE4B03F-959F-4104-9C77-7375381F1B30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E52F25EC-6A1C-42AB-9A89-50136F157076} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FF8A7E7A-7A40-4365-8462-344AFD9A34DA} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-03-02 11:30 - 2008-12-31 06:31 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-06-18 21:43 - 2014-06-18 21:43 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Mario:zylomtest
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}
AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2014 06:24:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/04/2014 06:18:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/04/2014 05:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/04/2014 05:03:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/04/2014 04:12:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avcenter.exe, Version 14.0.5.396 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: c60

Startzeit: 01cf9791f4842210

Endzeit: 11107

Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avcenter.exe

Berichts-ID: 3a943291-0385-11e4-83e5-de56822c177f

Error: (07/04/2014 04:05:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avcenter.exe, Version 14.0.5.396 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 103c

Startzeit: 01cf9790d7e26910

Endzeit: 4430

Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avcenter.exe

Berichts-ID: 3a000df1-0384-11e4-83e5-de56822c177f


System errors:
=============
Error: (07/04/2014 04:59:44 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/04/2014 04:41:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/04/2014 04:12:44 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/04/2014 04:02:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/04/2014 02:53:41 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/04/2014 11:50:03 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/03/2014 10:30:19 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/03/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/02/2014 10:51:05 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32

Error: (07/01/2014 10:53:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32


Microsoft Office Sessions:
=========================
Error: (07/04/2014 06:24:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Mario\Downloads\esetsmartinstaller_deu.exe

Error: (07/04/2014 06:18:05 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (07/04/2014 05:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Mario\Downloads\esetsmartinstaller_deu.exe

Error: (07/04/2014 05:03:01 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Mario\Downloads\esetsmartinstaller_deu.exe

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.

Error: (07/04/2014 04:12:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avcenter.exe14.0.5.396c6001cf9791f484221011107C:\program files (x86)\avira\antivir desktop\avcenter.exe3a943291-0385-11e4-83e5-de56822c177f

Error: (07/04/2014 04:05:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avcenter.exe14.0.5.396103c01cf9790d7e269104430C:\program files (x86)\avira\antivir desktop\avcenter.exe3a000df1-0384-11e4-83e5-de56822c177f


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 3071.23 MB
Available physical RAM: 1511.67 MB
Total Pagefile: 6140.61 MB
Available Pagefile: 4416.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (eMachines) (Fixed) (Total:917.41 GB) (Free:844.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 730E7791)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)

==================== End Of Log ============================

PS : hab grad mal nachgeschaut die grünen unterstrichenen wörter mit der werbung sind schon mal weg (grade mal auf den seiten geschaut wo sie aufgefallen sind)

Alt 04.07.2014, 20:22   #10
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Hi,

Schritt 1



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
ATTFilter
AlternateDataStreams: C:\Users\Mario:zylomtest
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}
AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392
SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2
Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.



Schritt 3
Windows 7 Service Pack 1 installieren.

Hier findest Du nähere Informationen dazu.
Meiner Meinung nach, ist das Runterladen und direkte Installieren des Service Pack empfehlenswert. Hier kannst Du Dir den SP1 für Windows herunterladen. In Deinem Fall: windows6.1-KB976932-X64.exe
Falls es Probleme gibt, dann installiere Dir bitte dieses Tool.
Sollte die Installation erfolgreich gewesen sein, stelle anschließend sicher, dass die Windows Update-Funktion aktiviert ist. Eine Anleitung dazu findest Du hier. Installiere damit alle verfügbaren Updates.

Wenn erledigt dann:

Von hier bitte den neuesten Internet Explorer installieren.


Java installieren.

Flash-Link mit allen Browsern aufrufen. Flash aktualisieren. Optionale Angebote ablehnen.

Schritt 4



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 08.07.2014, 17:19   #11
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


so erstmal sry das meine antwort so lang auf sich warten lies

fixlog.txt :

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01
Ran by Mario at 2014-07-07 17:21:39 Run:1
Running from C:\Users\Mario\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Users\Mario:zylomtest
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}
AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}
AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}
AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}
AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}
AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}
AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}
AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0
AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2
AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F
AlternateDataStreams: C:\ProgramData\TEMP:93DE1838
AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA
AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE
AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW
SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392
SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315
         
*****************

C:\Users\Mario => ":zylomtest" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}" ADS removed successfully.
C:\Users\Mario => ":zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}" ADS removed successfully.
C:\ProgramData\TEMP => ":0B9176C0" ADS removed successfully.
C:\ProgramData\TEMP => ":4D066AD2" ADS removed successfully.
C:\ProgramData\TEMP => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\TEMP => ":93DE1838" ADS removed successfully.
C:\ProgramData\TEMP => ":AB689DEA" ADS removed successfully.
C:\ProgramData\TEMP => ":ABE89FFE" ADS removed successfully.
C:\ProgramData\TEMP => ":E1F04E8D" ADS removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D855293-8F32-4CED-810A-7104C471F70C}' => Key deleted successfully.
'HKCR\CLSID\{1D855293-8F32-4CED-810A-7104C471F70C}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41AB09FE-0A87-4418-B327-2E4EF29A59F2}' => Key deleted successfully.
'HKCR\CLSID\{41AB09FE-0A87-4418-B327-2E4EF29A59F2}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}' => Key deleted successfully.
'HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70F7F677-A369-4AC6-8052-D87A791205CA}' => Key deleted successfully.
'HKCR\CLSID\{70F7F677-A369-4AC6-8052-D87A791205CA}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9}' => Key deleted successfully.
'HKCR\CLSID\{7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36B6AB2-9C86-4C46-97E2-104C7530E06D}' => Key deleted successfully.
'HKCR\CLSID\{D36B6AB2-9C86-4C46-97E2-104C7530E06D}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4999632-68A8-441D-97E1-8E371D9982A1}' => Key deleted successfully.
'HKCR\CLSID\{E4999632-68A8-441D-97E1-8E371D9982A1}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.


The system needed a reboot. 

==== End of Fixlog ====
irgendwie meint die seite das text zu lang ist geht auch als anhang posten die .txt dateien ?

Alt 08.07.2014, 19:28   #12
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Ja, kannst auch als Anhang posten...
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Alt 15.07.2014, 15:42   #13
koerni
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


irgendwie hab ichs derzeit mit den extrem langsamen reagieren XD

Alt 15.07.2014, 21:55   #14
deeprybka
/// TB-Ausbilder
/// Anleitungs-Guru
 
Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Standard

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


Bitte mal frische Logs, die sind ja schon ne Woche alt...

Schritt 1



Bitte starte FRST erneut, markiere auch die checkbox und drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________
Gruß
deeprybka

Lob, Kritik, Wünsche?

Spende fürs trojaner-board?
_______________________________________________
„Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer

Antwort

Themen zu Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung
conduit.search, conduit.search entfernen, problem, pup.downloader.zyl, pup.optional.bestmarkit.a, pup.optional.conduit.a, pup.optional.mindspark.a, pup.optional.searchprotect.a, unterstrichene wörter, verlangsamt, wieder weg, win32/conduit.searchprotect.h, win32/conduit.searchprotect.n, win32/downloadguide.a, win32/toolbar.babylon, win32/toolbar.babylon.e, win32/toolbar.babylon.f, win32/toolbar.babylon.h, windows, windows 7


« Windows7/64bit: extrem langsam | Adware Problem! »


Ähnliche Themen: Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung


  1. grün unterstrichene Wörter - viel Werbung - Aufbau von Seiten verschoben
    Plagegeister aller Art und deren Bekämpfung - 05.06.2014 (8)
  2. Werbeseiten, Grün unterstrichene Wörter und Werbebanner
    Plagegeister aller Art und deren Bekämpfung - 01.06.2014 (29)
  3. grün unterstrichene Wörter + Werbung trotz Adblocker
    Plagegeister aller Art und deren Bekämpfung - 26.05.2014 (17)
  4. Grün unterstrichene Wörter auf jeder Webseite
    Plagegeister aller Art und deren Bekämpfung - 16.05.2014 (30)
  5. Doppelt grün unterstrichene Wörter (Win7 Google Chrome)
    Log-Analyse und Auswertung - 01.04.2014 (5)
  6. Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet und unkontrollierte Öffnung von Werbefenstern
    Plagegeister aller Art und deren Bekämpfung - 26.03.2014 (5)
  7. Doppelt grün unterstrichene Wörter mit Verlinkung
    Log-Analyse und Auswertung - 23.03.2014 (52)
  8. Windows 7 (64bit) - doppelt grün unterstrichene Wörter im Internet
    Plagegeister aller Art und deren Bekämpfung - 22.03.2014 (17)
  9. Win8: Grün unterstrichene Wörter mit Werbelinks und Pop-Ups
    Plagegeister aller Art und deren Bekämpfung - 03.03.2014 (13)
  10. Firefox Werbung am Rand und doppelt grün unterstrichene Wörter
    Log-Analyse und Auswertung - 03.03.2014 (3)
  11. Windows 7: Grün unterstrichene Wörter-links öffnen sich unerwünscht/ und langsames System
    Log-Analyse und Auswertung - 06.02.2014 (11)
  12. Pop-Up öffnet sich unerlaubt und grün unterstrichene Wörter ganz Plötzlich
    Log-Analyse und Auswertung - 24.01.2014 (15)
  13. Windows 8: Im Browser erscheinen grün Doppelt unterstrichene Wörter, die mich umleiten wollen
    Log-Analyse und Auswertung - 29.12.2013 (17)
  14. Seit kurzem im Browser plötzlich Werbung und grün unterstrichene Wörter, die mit Popup-Werbung hinterlegt sind
    Log-Analyse und Auswertung - 13.12.2013 (7)
  15. Windows 8 Spyware-Meldung, grün unterstrichene Links auf Websites, Werbung
    Log-Analyse und Auswertung - 03.12.2013 (7)
  16. Plötzlich vermehrt aufgetretene Werbung im Browser und unterstrichene Wörter
    Log-Analyse und Auswertung - 04.11.2013 (5)
  17. Doppelt grün unterstrichene Wörter mit Link auf externe Webseiten
    Log-Analyse und Auswertung - 05.09.2013 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung - Hy erstmal Bei meinen Eltern ihren Pc existiert plötzlich das problem das im Fierfox browser sehr viel grün unterstrichene Wörter mit werbung auftauchen Dabei fällt es hauptsächlich bei "ebay" auf - Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung...
Archiv
Du betrachtest: Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131