Proxy-Server verweigert die Verbindung

Alessia · 16.08.2014, 08:28

Fehler: Proxy-Server verweigert die Verbindung

Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist.

Überprüfen Sie bitte, ob die Proxy-Einstellungen korrekt sind
Kontaktieren Sie bitte Ihren Netzwerk-Administrator, um sicherzustellen, dass der Proxy-Server funktioniert

Der folgende Problem ist letzte Woche aufgetreten; nicht nur in Firefox, sondern auch in Chrome und so was wie Steam konnte auch kein Up-Date machen, bevor die Einstellungen nicht wieder geändert worden sind. Dann war zwei, drei Tage und Ruhe und ist heute wieder aktuell.

Avast konnte nichts finden und Malwarebytes Anti-Malware hatte im ersten Scan was gefunden; bei einem zweiten Scan (nachdem das Problem erst mal weg war nichts)

Ich hab schon mitbekommen, dass man bestimmte Scans machen soll und das dann posten, ich weiß nur nicht genau welche.

M-K-D-B · 16.08.2014, 09:34

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Alessia · 16.08.2014, 10:03

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014
Ran by Sarah (administrator) on SARAH-PC on 16-08-2014 10:47:53
Running from C:\Users\Sarah\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Acer Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Farbar) C:\Users\Sarah\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [306472 2009-11-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [C:\Users\Sarah\AppData\Local\Temp\tmpA88E.tmp.exe] => C:\Users\Sarah\AppData\Local\Temp\tmpA88E.tmp.exe /exenoupdates  /exelang 1031 /prereqs "0"  <===== ATTENTION
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [C:\Users\Sarah\AppData\Local\Temp\tmp5C37.tmp.exe] => C:\Users\Sarah\AppData\Local\Temp\tmp5C37.tmp.exe /exenoupdates  /exelang 1031 /prereqs "0"  <===== ATTENTION
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-16] ()
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {4E881FB6-E906-43DE-AC2D-4C458ADB6F50} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3156026
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE425
SearchScopes: HKCU - {90A988B0-6C3F-4000-A612-9180A1343E3A} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE662&p={SearchTerms}
SearchScopes: HKCU - {B30555FA-1F31-4702-B7E4-E375BE9F7706} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=W3I4&o=15996&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^A9Q&apn_dtid=^YYYYYY^YY^DE&apn_uid=B2230236-EBD4-454D-98C8-66DF6AC4823F&apn_sauid=531847C2-3223-4897-B211-8AA4BDAF05BA
SearchScopes: HKCU - {E7DF5465-0FF5-401F-9F7E-060B22C6C6B8} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3067892
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Windows\system32\d3dyueev6.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sarah\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
S2 Search; C:\Program Files (x86)\Search\WebSearch.exe [435696 2014-08-07] ()
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [File not signed]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-09] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-09] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
S3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0; \??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0; \??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 10:43 - 2014-08-16 10:44 - 00049653 ____C () C:\Users\Sarah\Desktop\Addition.txt
2014-08-16 10:39 - 2014-08-16 10:47 - 00023275 ____C () C:\Users\Sarah\Desktop\FRST.txt
2014-08-16 10:38 - 2014-08-16 10:38 - 02100736 ____C (Farbar) C:\Users\Sarah\Desktop\FRST64(1).exe
2014-08-12 17:00 - 2014-08-16 10:48 - 00000000 ___DC () C:\FRST
2014-08-12 15:10 - 2014-08-12 15:12 - 00002528 ____C () C:\Users\Sarah\Desktop\Rkill.txt
2014-08-12 14:39 - 2014-08-16 09:03 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 14:39 - 2014-08-12 14:39 - 00001110 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 14:39 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 14:39 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 14:11 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 14:11 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 14:11 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 14:11 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 14:10 - 2014-08-12 14:11 - 00004250 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-12 14:07 - 2014-08-12 14:07 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Sun
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\ProgramData\PlayFirst
2014-08-11 08:07 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-10 16:42 - 2014-08-10 16:42 - 00000683 ____C () C:\Users\Sarah\Sarah - Verknüpfung.lnk
2014-08-10 16:32 - 2014-08-10 16:32 - 00002966 ____C () C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}
2014-08-10 16:31 - 2014-08-10 16:31 - 00001167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 16:31 - 2014-08-10 16:31 - 00001155 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 16:18 - 2014-08-10 16:18 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-10 16:14 - 2014-08-10 16:14 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0.exe
2014-08-07 08:51 - 2014-08-07 08:51 - 00000000 ___DC () C:\Program Files (x86)\Search
2014-07-26 18:14 - 2014-07-26 18:14 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\{F88E4982-E2E3-4059-BB5A-E24A698BB323}
2014-07-25 10:21 - 2014-07-25 10:22 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\{72946EDC-C139-4ACB-8614-3FBF043EF90E}
2014-07-17 18:19 - 2014-07-17 18:19 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Divine
2014-07-17 13:47 - 2014-07-17 18:19 - 00000000 ___DC () C:\Divine

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 10:48 - 2014-08-16 10:39 - 00023275 ____C () C:\Users\Sarah\Desktop\FRST.txt
2014-08-16 10:48 - 2014-08-12 17:00 - 00000000 ___DC () C:\FRST
2014-08-16 10:44 - 2014-08-16 10:43 - 00049653 ____C () C:\Users\Sarah\Desktop\Addition.txt
2014-08-16 10:38 - 2014-08-16 10:38 - 02100736 ____C (Farbar) C:\Users\Sarah\Desktop\FRST64(1).exe
2014-08-16 10:37 - 2011-03-29 12:51 - 00001110 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 10:34 - 2013-12-06 15:28 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 10:20 - 2012-09-25 19:13 - 00000000 ___DC () C:\Program Files (x86)\Marble Mouse Wheel
2014-08-16 09:23 - 2011-03-28 12:09 - 01080384 ____C () C:\Windows\WindowsUpdate.log
2014-08-16 09:21 - 2012-11-16 01:20 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\PMB Files
2014-08-16 09:03 - 2014-08-12 14:39 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 09:02 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 09:02 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 08:55 - 2013-10-06 16:57 - 00000000 ___DC () C:\Program Files (x86)\Steam
2014-08-16 08:50 - 2014-06-10 12:17 - 00018256 ____C () C:\Windows\setupact.log
2014-08-16 08:50 - 2011-03-29 12:51 - 00001106 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 08:50 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-08-14 22:26 - 2013-03-21 13:46 - 00004182 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-14 17:59 - 2011-08-23 18:12 - 00000452 ___HC () C:\Windows\Tasks\Norton Security Scan for Sarah.job
2014-08-12 17:42 - 2014-06-13 19:06 - 00014570 ____C () C:\Windows\PFRO.log
2014-08-12 17:41 - 2013-12-05 11:39 - 00000000 ___DC () C:\AdwCleaner
2014-08-12 15:12 - 2014-08-12 15:10 - 00002528 ____C () C:\Users\Sarah\Desktop\Rkill.txt
2014-08-12 14:39 - 2014-08-12 14:39 - 00001110 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 14:12 - 2011-03-28 12:13 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\Google
2014-08-12 14:12 - 2009-11-03 06:22 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-08-12 14:11 - 2014-08-12 14:10 - 00004250 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-12 14:11 - 2012-03-23 12:29 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-12 14:07 - 2014-08-12 14:07 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Sun
2014-08-12 13:47 - 2009-11-03 06:23 - 00000000 ___DC () C:\ProgramData\McAfee
2014-08-12 13:47 - 2009-11-03 06:23 - 00000000 ___DC () C:\Program Files (x86)\McAfee
2014-08-12 13:34 - 2013-02-07 10:24 - 00000000 ___DC () C:\Program Files\McAfee
2014-08-12 13:34 - 2012-09-25 14:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-12 13:34 - 2012-09-25 14:46 - 00000000 ___DC () C:\ProgramData\LogiShrd
2014-08-12 13:34 - 2012-09-25 14:46 - 00000000 ___DC () C:\Program Files\Common Files\Logishrd
2014-08-12 13:33 - 2014-06-16 17:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\ProgramData\PlayFirst
2014-08-10 22:49 - 2013-05-24 15:51 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-08-10 22:49 - 2013-05-24 15:50 - 00000000 ___DC () C:\Program Files (x86)\Purplehills
2014-08-10 16:53 - 2011-03-28 12:17 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Mozilla
2014-08-10 16:42 - 2014-08-10 16:42 - 00000683 ____C () C:\Users\Sarah\Sarah - Verknüpfung.lnk
2014-08-10 16:42 - 2011-03-28 12:09 - 00000000 ___DC () C:\Users\Sarah
2014-08-10 16:32 - 2014-08-10 16:32 - 00002966 ____C () C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}
2014-08-10 16:31 - 2014-08-10 16:31 - 00001167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 16:31 - 2014-08-10 16:31 - 00001155 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 16:31 - 2013-08-17 10:58 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 16:18 - 2014-08-10 16:18 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-10 16:14 - 2014-08-10 16:14 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0.exe
2014-08-10 15:51 - 2013-10-25 17:44 - 00000000 ___DC () C:\Users\Sarah\Desktop\Alte Firefox-Daten
2014-08-10 15:37 - 2012-04-13 08:58 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Malwarebytes
2014-08-10 15:36 - 2012-04-13 08:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-08-10 15:36 - 2012-04-13 08:57 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-07 08:51 - 2014-08-07 08:51 - 00000000 ___DC () C:\Program Files (x86)\Search
2014-08-05 09:20 - 2011-07-09 08:49 - 00270496 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-28 19:29 - 2011-03-28 21:55 - 00709186 ____C () C:\Windows\system32\perfh007.dat
2014-07-28 19:29 - 2011-03-28 21:55 - 00153786 ____C () C:\Windows\system32\perfc007.dat
2014-07-28 19:29 - 2009-07-14 07:13 - 01641884 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 21:28 - 2011-06-12 16:10 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-26 18:14 - 2014-07-26 18:14 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\{F88E4982-E2E3-4059-BB5A-E24A698BB323}
2014-07-25 12:55 - 2014-08-12 14:11 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-12 14:11 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-12 14:11 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-12 14:11 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-25 10:22 - 2014-07-25 10:21 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\{72946EDC-C139-4ACB-8614-3FBF043EF90E}
2014-07-17 18:19 - 2014-07-17 18:19 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Divine
2014-07-17 18:19 - 2014-07-17 13:47 - 00000000 ___DC () C:\Divine

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\dj_unifysw.exe
C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 11:15

==================== End Of Log ============================

--- --- ---

--- --- ---

Additonal:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014
Ran by Sarah at 2014-08-16 10:43:38
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Abenteuer Hawaii - Pearl Harbor (HKLM-x32\...\Abenteuer Hawaii - Pearl Harbor) (Version:  - )
Abenteuer Hawaii 2 - Die Verborgene Insel (HKLM-x32\...\Abenteuer Hawaii 2 - Die Verborgene Insel) (Version:  - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7029 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7029 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.0 - Atomi Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.209 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Babylonia (HKLM-x32\...\Babylonia) (Version:  - )
calibre (HKLM-x32\...\{779EB69C-6DD9-4CB0-B316-2BEE4361755A}) (Version: 1.2.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
City Style (HKLM-x32\...\City Style) (Version:  - )
ClipGrab 3.2.0.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cultures Gold Edition (HKLM-x32\...\Cultures - Die Entdeckung Vinlands) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DANGER ZONE! (HKLM-x32\...\DANGER ZONE!) (Version:  - )
Das rätselhafte Kristall-Portal (HKLM-x32\...\Das rätselhafte Kristall-Portal) (Version:  - )
Der Schatz Persiens (HKLM-x32\...\Der Schatz Persiens_is1) (Version:  - Contendo Media GmbH)
Der zerstreute Pharao (HKLM-x32\...\Der zerstreute Pharao_is1) (Version:  - tewi publishing GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version:  - )
D-Fend Reloaded 1.3.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.2 - Alexander Herzog)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Die Sage von Odysseus (HKLM-x32\...\Die Sage von Odysseus_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Die Supertalent-Agentur (HKLM-x32\...\Die Supertalent-Agentur) (Version:  - )
DINO DEFENDER (HKLM-x32\...\DINO DEFENDER) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
Drakensang (HKLM-x32\...\Drakensang_is1) (Version:  - dtp)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dunkle Schatten 2.04 (HKLM-x32\...\{47588300-ECCC-4E3A-919A-9AE01A34C5AC}_is1) (Version: Dunkle Schatten 2.04 - Brianum/Dawnatic)
DupDetector (HKLM-x32\...\{9604876E-6DF3-11D9-9526-CC60569E6209}) (Version: 3.2.0.1 - Prismatic Software)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Enchanted Katya (HKLM-x32\...\Enchanted Katya) (Version: 1.00 - phenomedia publishing gmbh)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fallout 2 (HKLM-x32\...\Fallout 2) (Version:  - )
Fallout 2 Unofficial Patch 1.02.22 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version:  - killap Inc)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
FilePanther 1.21.259.372 (HKLM-x32\...\FilePanther 1.21.259.372) (Version:  - )
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
FO2 Restoration Project 2.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version:  - killap)
Frankenstein (HKLM-x32\...\Frankenstein_is1) (Version: v1.1 - Play)
Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
Germany's next Topmodel 2011 (HKLM-x32\...\Germany's next Topmodel 2011) (Version: 1.0.0.1 - Sevengames)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gourmania (HKLM-x32\...\Gourmania) (Version:  - )
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.308 - Happy Cloud, Inc.)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper's Knot (HKLM-x32\...\Junipers_Knot) (Version:  - Dischan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version:  - Daniel Manger)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Legend of the Piper Girl Version 1.3 (HKLM-x32\...\{AD9BBA69-4691-44AB-98EF-D62D0D6E34E0}_is1) (Version: 1.3 - Unbroken Hours)
LibreOffice 3.4 (HKLM-x32\...\{D64833F8-860D-4216-8EDC-DD08AD68C0B5}) (Version: 3.4.402 - LibreOffice)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Lost Chronicles of Zerzura (HKLM-x32\...\Lost Chronicles of Zerzura_is1) (Version:  - dtp)
Luka und der verborgene Schatz (HKCU\...\Luka und der verborgene Schatz) (Version:  - )
Luxor Amun Rising with Luxor (HKLM-x32\...\Luxor Amun Rising with Luxor) (Version:  - MumboJumbo, LLC)
Magicians Handbook (HKLM-x32\...\{6850696D-FC0A-48A7-9097-7EB301FB0FEA}) (Version: 1.00.0000 - Purplehills)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Master Wu (HKLM-x32\...\Master Wu) (Version:  - )
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Minefield 4.2a1pre (x64 en-US) (HKLM\...\Minefield 4.2a1pre (x64 en-US)) (Version: 4.2a1pre - Mozilla)
Mord im Laufrad (HKLM-x32\...\{1A8BADF4-9D45-4574-9C3A-47A98442F10E}) (Version: 1.00.0000 - Mord im Laufrad)
Morrowind (HKLM-x32\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version:  - )
Mouse Recorder Pro 1.3 (HKLM-x32\...\{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1) (Version:  - Nemex)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My beautiful vacation (HKLM-x32\...\{487E15A0-83FF-45E9-86FF-67355FE65A7D}_is1) (Version:  - UIG GmbH)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )
Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version:  - dtp)
MyVideoConverter Pro 3.14 (HKLM-x32\...\MyVideoConverter Pro) (Version: 3.14 - MySoft, Inc.)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pizzadude 1.0 (HKLM-x32\...\Pizzadude) (Version: 1.0 - Team6 game studios)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RE: Alistair++ (HKLM-x32\...\RE: Alistair++) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
RM2K Mp3 Patch v1.1 (HKLM-x32\...\{37A58B85-C98F-11D5-B694-00E07D72A995}) (Version:  - )
Robin Hood TsoSF (HKLM-x32\...\Robin Hood TsoSF) (Version:  - )
RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version:  - )
RPG Maker 2000 1.07b (HKLM-x32\...\RPG Maker 2000 1.07b) (Version:  - )
RPG Maker Fonts (HKLM-x32\...\{5A96225D-A3B7-4535-AE49-3BF217999669}) (Version: 1.0.0 - <no manufacturer>)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Schlag den Raab - Das 2. Spiel (HKLM-x32\...\SDR2) (Version: 1.0 - Sproing Interactive GmbH)
Scrabble3D (HKLM-x32\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
Simple Adblock (HKLM-x32\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Sleepless Night (HKLM-x32\...\Sleepless Night) (Version:  - )
Sleepless Night 2 (HKLM-x32\...\Sleepless Night 2) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Soulmates (HKLM-x32\...\Soulmates) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stolz und Vorurteil (HKLM-x32\...\Stolz und Vorurteil) (Version:  - )
Stray Souls - Das Haus der Puppen (HKLM-x32\...\Stray Souls - Das Haus der Puppen) (Version:  - )
Strike Ball 3 (HKLM-x32\...\Strike Ball 3) (Version:  - )
Sven 004 XS (HKLM-x32\...\{4D43D5AF-A393-463D-8C78-8E6C4FA2CEE9}) (Version:  - )
Sven 2 XXL (HKLM-x32\...\{AF507761-0AD4-4BCC-A636-42DB38E689B0}) (Version:  - )
Sven Bømwøllen (HKLM-x32\...\{E24AECDA-101F-11D6-986D-00500443CF9F}) (Version:  - )
Sven XXX - XXL (HKLM-x32\...\{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version:  - )
This Is Where I Want To Die (HKLM-x32\...\This Is Where I Want To Die) (Version:  - )
TreeSize Personal V5.5.5 (HKLM-x32\...\TreeSize Personal_is1) (Version: 5.5.5 - JAM Software)
TubeBox (HKLM-x32\...\{dfba3ed5-70d7-4801-8429-7e77a5fb11ea}) (Version: 5.0.0.0 - Freetec)
TubeBox (x32 Version: 5.0.0.0 - Freetec) Hidden
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vampires Dawn: Reign of Blood (HKLM-x32\...\{CF55095E-07AA-432E-8376-CEF71D70746A}_is1) (Version: Vampires Dawn: Reign of Blood 1.31 - Brianum)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Wild Earth - Africa (HKLM-x32\...\{9D56D5FF-9B49-4435-B23C-E6FE1D4C708C}) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wordpool 2.7.7 (HKLM-x32\...\Wordpool_is1) (Version:  - Thorsten Gottlob)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xvid 1.1.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {032860FB-E501-499A-973C-526E9973849D} - System32\Tasks\{908628FC-D33F-4F87-872D-124767B41DBA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {0A6F3F4D-7B3D-48D8-8DAB-5DBCE1A7B153} - System32\Tasks\{1E175039-0B33-4334-BE0B-C5EAEC15FC62} => C:\Program Files\BlackIsle\Fallout2\fallout2.exe [2013-12-04] ()
Task: {15DE84B3-5007-4948-A9DF-2414EE23DAB0} - System32\Tasks\{B68316D6-EBE5-403C-A1CB-C3E3559BA30C} => C:\Users\Sarah\Pictures\Comics\Biber\f2patch-gr.exe [2013-11-24] ()
Task: {16C1E7AC-21F5-4F82-A71B-02BAE87CFAE8} - System32\Tasks\{B4A6BEFD-3AD7-4DD7-BE6C-41283E631407} => D:\Setup.exe
Task: {1908BECC-26A8-4F19-95CA-41A5F509C207} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {1C95CEBC-5FAF-4EB0-A17D-B6A3EE68B6C7} - System32\Tasks\{F019608E-FA9B-4289-8426-129E3CBAC1E3} => D:\Setup.exe
Task: {25B8EA26-CB76-4D38-B1E5-B0FE6C725967} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {2FF5F493-B6E1-4FE2-8D81-08E0B99D55D6} - System32\Tasks\{DB0BDB56-F6C3-47A3-8F87-E5E31ED77A76} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\DieSupertalentAgenturCD\DieSupertalentAgentur_og.exe [2009-09-01] ()
Task: {33E45341-BBD4-4CA2-B44C-9A5876329EAF} - System32\Tasks\{62B07373-AF3E-4138-B329-55735F88B046} => C:\Phenomedia AG\Sven zwo XXL\Sven2.exe [2002-11-13] ()
Task: {3A3B68E4-D617-45A4-98E1-986695FD188C} - System32\Tasks\{EE0971F9-6E65-45BA-B759-211ABDE53ECE} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {49D9D5A3-37A6-4553-B746-1472C5CAAE13} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {50AA2405-6723-43BA-AD0A-1FB3D32904E3} - System32\Tasks\{6E901973-4519-4ADC-A2A7-F48C624E9451} => Firefox.exe 
Task: {518F6E86-0B51-4B4F-9BDA-1B2A84A6E535} - System32\Tasks\{0FE207D0-2C83-44E5-BC1A-3E97F80D63C1} => C:\Program Files (x86)\Sevengames\GNTM2011\bin\Gntm11.exe [2011-01-27] (Independent Arts Software GmbH)
Task: {532F08A1-4680-49E1-9CA6-2EAC32D127E1} - System32\Tasks\{686E36BE-4A86-4736-95EE-9EAFD0EB6769} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {5341D64B-2A79-4438-81C4-83D39E6F13C6} - System32\Tasks\{5A76323A-75B2-4AAC-8F47-ABE32592F040} => C:\Users\Sarah\Downloads\scrnsav1.exe [2012-05-18] ()
Task: {55C44F49-416A-4316-871C-8E33D21CB280} - System32\Tasks\{61B2A627-7F9B-4197-91F4-169590D8A7CB} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {59BD72F5-2380-4121-ABEF-80D4A70216E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29] (Google Inc.)
Task: {5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {6174608E-DBA3-49B4-96F5-A6FB9237AD3F} - System32\Tasks\{F5F002CB-F043-4E25-AE2E-5AA53F2DFB57} => C:\Program Files (x86)\MyMDb\MyMDb.exe
Task: {758133FC-63B4-4782-B92C-0B6C07F5A692} - System32\Tasks\{A092F01D-4E70-4133-AEE6-4C2E3AC56788} => C:\Phenomedia AG\Sven zwo XXL\Sven2.exe [2002-11-13] ()
Task: {76A842BD-8423-442E-A0A9-FC99E244A606} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {790A861E-D518-4B43-B050-9462B9D945AF} - System32\Tasks\{CBA65AA1-0BDE-4084-AB61-3AECF3AD327C} => C:\Program Files (x86)\rondomedia\Beyond the Legend Mysteries of Olympus\MysteriesOfOlympus.exe
Task: {798D4C86-E220-4169-9013-614B706AF5FC} - System32\Tasks\Norton Security Scan for Sarah => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {7A9BDD88-25FE-47C2-B773-6339AB6F3744} - System32\Tasks\{8A06A33B-EA19-4496-91E4-0560988D5C84} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {7D2FC61A-6732-458F-B221-5FB39E3D3113} - System32\Tasks\{539BD50E-C683-4AB4-9916-B5BEA62E0FC9} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {843BA38A-4DD0-4D37-8EBD-E0F3D878647B} - System32\Tasks\{9A4BFED0-5FE2-4871-AD24-F1C852C23C49} => C:\Program Files (x86)\Team6\Pizzadude\Pizza.exe [2005-08-25] ()
Task: {86D33314-72C1-4CAF-8EAB-C672D9B44B28} - System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494} => Firefox.exe 
Task: {88E7727E-1F92-49D9-ACC7-B1C9D4CCC8E7} - System32\Tasks\{BF6FB462-6206-4FD3-9236-0D9FFBCF6CFB} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\DieSupertalentAgenturCD\DieSupertalentAgentur_og.exe [2009-09-01] ()
Task: {8B447F9D-703A-4311-B874-A0F67DBCC625} - System32\Tasks\{B92031EA-A95C-4776-8EDE-7E16DBAFFD8D} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {9B182628-6F30-4D56-AB6D-43A9D18FCFFD} - System32\Tasks\{6900BB4E-F314-4347-841C-A323397E3D0C} => C:\Program Files (x86)\MyMDb\MyMDb.exe
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe 
Task: {9EF8973A-2D5A-4B63-81C3-9BC632F2D327} - System32\Tasks\{A3551CEC-8D2F-46A7-81D0-1BD9CF882D6B} => C:\Users\Sarah\Downloads\scrnsav1.exe [2012-05-18] ()
Task: {AD8BDF11-AF96-4B6C-A286-563101F7A122} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {B39F013C-0DDE-47EA-8A4A-8AC2DB52E8EC} - System32\Tasks\{391CFB0D-5B64-41D5-BACE-152703C23AE8} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {B6325D1F-6D6F-411F-B7FD-005FC97EDD3E} - System32\Tasks\{E2F737C3-FA56-4B6E-AE7A-BE997D130442} => Firefox.exe 
Task: {BC9DC276-AD8E-44EE-A536-09BFAD120BDC} - System32\Tasks\{49AF0BDB-6CCA-4DA3-802C-0020BB11EEAD} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3ng.exe [2008-09-18] (Bethesda Softworks)
Task: {C32E871F-3DF7-4DED-A2FD-54C009DBD23A} - System32\Tasks\{0A1CEB46-F3C4-465D-8356-E411496995AD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {C677707C-9037-478F-B9EE-BCEBFA73BA30} - System32\Tasks\{520D3F34-33DC-4F0A-AE94-4C3C8C178FA6} => C:\Program Files (x86)\The Witcher Enhanced Edition\launcher.exe
Task: {C7A6ED93-7FB0-4128-B7B6-DB0AAF28F1F3} - System32\Tasks\{60F25028-D646-44ED-A6B3-EC96896C988C} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3ng.exe [2008-09-18] (Bethesda Softworks)
Task: {CBA67A05-C8FD-40B1-BB3F-D72DD75B23B2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {CD03EBE0-A313-4474-A7BB-26EACE9D5F98} - System32\Tasks\{B8C0B267-3CB9-45C0-91D2-936BD12C96CF} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {D093D724-59A1-4E17-B7B7-5979AE6EF319} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D3401B57-D134-4616-86D6-F6EDC3C4DD9E} - System32\Tasks\{2865776C-9E68-49AC-AB19-0A2A705AF765} => C:\Program Files\BlackIsle\Fallout2\fallout2.exe [2013-12-04] ()
Task: {D511EB43-D12C-4D49-B290-99298C351A0E} - System32\Tasks\{F3A6F751-33E3-440A-B18B-2100CB8FE1BF} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {D8BB4043-2506-410A-A4FF-3F528F44E809} - System32\Tasks\{B3902843-EE73-4FB9-930E-361668657EB1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {D9720FC7-A84C-4DA5-8CC9-14EB02850863} - System32\Tasks\{E9A7E957-A966-426F-847F-09043B276C0B} => Firefox.exe 
Task: {DD668C30-66EF-45DA-AE36-E022B68D2CEE} - System32\Tasks\{5A0832CF-D018-4774-8324-C79A9319B224} => C:\Users\Sarah\Pictures\Comics\Biber\f2patch-gr.exe [2013-11-24] ()
Task: {E4BBB579-5103-4493-8B3C-D8DE0AA583DF} - System32\Tasks\{FFE47AAB-83DC-4B60-9A66-A62A4CF2F202} => C:\Program Files (x86)\Team6\Pizzadude\Pizza.exe [2005-08-25] ()
Task: {ECF2E370-A09A-4DAB-90AE-F6626721DE88} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {F40C7E67-6DCC-44D7-A63D-A1B38D6372DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29] (Google Inc.)
Task: {F69A26A3-5170-4CBD-943B-A24C78CBEEA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {F7CACCBB-2712-4E97-AAFD-702CB6225AF2} - System32\Tasks\{B595A3E7-CBC3-4A5F-B182-4D0967A4E6EC} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {FE4427D0-4F9B-48DC-8DEE-B4F29830E401} - System32\Tasks\{66F1581B-1426-4E85-8767-A1DAF02F1AB3} => C:\Program Files (x86)\JoWood\Hotel Gigant\Hotel.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Sarah.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2011-06-12 16:09 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-12-09 20:20 - 2011-02-28 09:39 - 00211456 ____C () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2012-09-25 14:47 - 2009-07-20 12:35 - 00018960 ____C () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2012-09-25 14:47 - 2009-07-20 04:00 - 00077824 ____C () C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 ____C () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2011-03-21 23:10 - 2011-03-21 23:10 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-07-09 06:54 - 2014-07-09 06:54 - 00301152 ____C () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-15 12:44 - 2014-08-15 12:44 - 02797568 ____C () C:\Program Files\AVAST Software\Avast\defs\14081500\algo.dll
2014-08-16 08:51 - 2014-08-16 08:51 - 02797568 ____C () C:\Program Files\AVAST Software\Avast\defs\14081502\algo.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 ____C () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2011-03-21 23:10 - 2011-03-21 23:10 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-07-09 06:54 - 2014-07-09 06:55 - 19329904 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-10 16:30 - 2014-07-17 07:42 - 03800688 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-09 18:34 - 2014-07-09 18:34 - 17029808 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/15/2014 11:20:04 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/14/2014 09:31:28 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/10/2014 09:02:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm start.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1044

Startzeit: 01cfb4cd91764030

Endzeit: 20

Anwendungspfad: D:\start.exe

Berichts-ID: e58f86e2-20c0-11e4-af4f-705ab638947e

Error: (08/10/2014 06:36:29 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/08/2014 11:20:19 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/06/2014 00:25:57 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/05/2014 06:45:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 06:39:46 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/03/2014 03:34:08 PM) (Source: UpdateService) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen

Error: (08/03/2014 03:34:07 PM) (Source: LaunchSystemStore) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen


System errors:
=============
Error: (08/16/2014 10:39:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 10:39:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 10:39:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1062

Error: (08/16/2014 10:39:37 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 10:39:37 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 10:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 10:37:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 10:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 10:37:29 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 10:37:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 51%
Total physical RAM: 4025.98 MB
Available physical RAM: 1948.76 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 6105.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:286.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4760A999)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 16.08.2014, 10:10

Servus,

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
ProxyServer: http=127.0.0.1:8897;https=127.0.0.1:8897
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von MBAM,
die beiden neuen Logdateien von FRST.

Alessia · 16.08.2014, 15:38

Bei FRST kommt eine Fehlermeldung:

Line 6489 (File ""):

Error: "EndIf" statement with no matching "If" statement

AdwCleaner

Code:

ATTFilter

# AdwCleaner v3.306 - Bericht erstellt am 16/08/2014 um 12:25:37
# Aktualisiert 15/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Sarah - SARAH-PC
# Gestartet von : C:\Users\Sarah\Documents\Downloads\adwcleaner_3.306.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16446


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [2578 octets] - [05/12/2013 11:39:49]
AdwCleaner[R1].txt - [2638 octets] - [05/12/2013 11:48:49]
AdwCleaner[R2].txt - [1671 octets] - [05/12/2013 11:55:55]
AdwCleaner[R3].txt - [3413 octets] - [11/08/2014 08:05:52]
AdwCleaner[R4].txt - [1297 octets] - [12/08/2014 17:05:32]
AdwCleaner[R5].txt - [301 octets] - [16/08/2014 11:22:38]
AdwCleaner[R6].txt - [1519 octets] - [16/08/2014 11:42:35]
AdwCleaner[R7].txt - [1579 octets] - [16/08/2014 12:21:30]
AdwCleaner[R8].txt - [1639 octets] - [16/08/2014 12:24:20]
AdwCleaner[S0].txt - [2595 octets] - [05/12/2013 11:50:28]
AdwCleaner[S1].txt - [3428 octets] - [11/08/2014 08:07:33]
AdwCleaner[S2].txt - [1312 octets] - [12/08/2014 17:41:53]
AdwCleaner[S3].txt - [1560 octets] - [16/08/2014 12:25:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1620 octets] ##########

Mbam:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 16.08.2014
Suchlauf-Zeit: 12:33:49
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.08.16.02
Rootkit Datenbank: v2014.08.15.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sarah

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 301279
Verstrichene Zeit: 24 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

JRT:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Sarah on 16.08.2014 at 14:56:53,34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4E881FB6-E906-43DE-AC2D-4C458ADB6F50}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B30555FA-1F31-4702-B7E4-E375BE9F7706}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E7DF5465-0FF5-401F-9F7E-060B22C6C6B8}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{00BEADEE-32B5-445E-9F78-3CF183DFED0F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{047AB5AB-90DF-44CE-AA65-32F3A016A697}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0515093C-3F18-4FC8-B592-5DAFAB35DFD4}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0572671C-100B-4D33-8593-B4FD256B29A7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{07ECBC93-9045-4E56-AB2D-D506AC12662C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{08F0D9ED-0098-476A-85E5-8BDB024E67F1}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{097A19E5-7846-4BD5-A820-75D338A22E6B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{09D97F40-FCD7-4DC6-94DF-AD6F4E43BC08}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0C6D8202-E067-42F8-87A0-4044BBEB18C5}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0CBCE4BD-6E2F-44B9-ABF3-1E10CDE0D17E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0D9F8C6B-1AD9-407E-ACA2-4E08406D726C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{0E5CFB99-4AED-4E27-BF01-A248583C820D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{117C5C1D-9B66-45FD-A966-FFD893218D8A}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1202B3C6-F339-43B5-8AE5-625527736616}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{123FAF0B-D8CC-42EB-9C72-0A8B404C1AB1}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{12737806-D526-4537-A971-81E6B8E2EB2E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{12C35E8E-6CA1-4D76-9652-8FE2F172FC73}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{13275F38-ED5B-4696-ABF4-5D5B3013474D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{17D69630-99A1-4B69-8143-66A08723F735}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{18BC2415-C3B1-46B5-BB64-2C2C2460673D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1A939231-0C9D-4959-94ED-F2B270134455}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1AD38172-0350-4ADD-9FDE-65AA9847D618}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1ADB5814-6E2E-4227-9847-56B4FA87569C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1CB76596-688F-4843-BBC8-8FC44418D3EF}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1D6268C5-2815-4E99-B6D5-7B642647B4A6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{1DF21787-A24F-4BFB-9D63-51D17DAABED3}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2141881C-042C-4509-8012-6F85C7DADA6F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{21946E58-14F5-488F-88B1-30F83C73F9CA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{226241E7-AF62-444A-A824-91A0699B5F66}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{233A5485-B1A3-42B2-AC70-90DAB63D1BA6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{234744BF-0D63-456D-B477-466B4879926D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{24C78FE4-A21D-4AFE-94FA-E87918941BE2}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{26CC897B-3C0F-4482-A97E-242DC2FAC0C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{274C2EC5-0CB7-478B-8453-E6553439DB23}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{279184F9-91AC-4BB9-B7A8-F82CA0B7998C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2794C362-0DFE-444B-BA33-A76D45BF2698}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{28FDDBE1-29B0-490C-9F28-8A493D2AAA6F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{29C50A21-BE65-426E-B1B8-E496FADD5C94}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{29D4961D-7B60-4735-B11F-B09E5B2F6B3F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2A3F2126-11A7-47AF-907D-E4615C8A5F52}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2CA8E237-E50A-4D5B-8078-26CCB582F0E9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2CECB724-3840-4A60-841B-2A196F10D969}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2D3A410E-5DE0-4BE5-9C44-880B14B9BDA6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2E4948D0-A636-43FE-8341-9BB8A45EDE3C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{2F8A5081-2135-483F-ACBA-651D30673A86}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3115ED6A-C745-4738-8D61-B5B758754234}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{31E914FD-AB63-40AB-B093-0897FCD5B614}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{338B3FE0-E110-40CC-8B8F-F1611A4C0F18}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{33A88EC7-E8DA-425E-A966-5A3D917702E1}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{33F6E0CE-DA19-4630-9145-B19C98894FC3}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{34300BB1-8DF4-41F8-84B9-1D4383BD664B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3553D17A-98D7-45B9-A5D1-F82E7E0A357B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{35F68655-A63A-48FE-96EB-58AC0ACCB34C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{36EF1A3E-650E-43A4-A82F-8C74A9480F35}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3798E813-4240-449F-A168-BFBEC4CA2028}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3827064F-6D02-4301-92BA-EE6BF69D4BCF}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{38445033-6138-4C4E-80F9-FB0F8AFBC433}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{38D6AC5E-F1B9-44BA-BA11-913F557712F6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3918201A-350A-4366-941B-00ADF0AC052D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{39BDACE8-173D-4521-955C-A7392101EE6E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3BA42AB9-30E9-4AC2-A67B-B034EAD3136F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3BCA1862-D395-496A-99CE-5E577AD55037}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3DC2973E-88B8-4E31-95FA-0642F6C07018}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{3F4904CF-E77D-412D-B742-37A5100D4622}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{407AD8EF-5BC7-4C26-B99B-0035F612DCCB}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{41899A10-F5FA-4D2C-AD55-0A5FDD0B99EC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{43EE0AA1-C874-41DA-95D3-85018411BABC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{43F8BA88-B2F5-4382-AA94-216E36320DAC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{445FC11B-F36B-4CB3-9B93-6EF121661235}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{45BAA443-790D-406D-BC2C-EAA639FD6E21}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{46379947-8354-4F69-98AB-387E6C3A280C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{46E536B4-6F2F-40F9-9F7A-B38F10F23AD0}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{47227F9D-F487-4B74-8D13-A845BC4A2ECD}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{49A27078-A08E-4AD9-98D2-E0BD090C7E3B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4A9661BF-06A5-484D-9F17-8DF5C285BABA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4AAF05E7-4951-4500-9B78-401B42B67486}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4B814F8A-A143-45C2-BBFB-FAA560902ED9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4BFD3B20-0FE7-4C79-B990-0CC131B3D629}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4C367052-667F-4D49-A5D2-071494C0D0FB}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4D744127-ACE2-4A0B-9ECF-FBEC98D74D2F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{4F30DEAB-3DD6-4167-9F76-9BB214772B10}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5097AB3B-B527-450F-9CDB-1106CB9F5334}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{52EEF19C-3E8C-42CF-BFBC-04AB40E77F76}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5306FEB7-7EAE-40D3-882C-67322EED1F12}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{546B0562-2825-45B9-9D30-4B964018CC76}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{54F22084-1250-4A43-B73F-C1CE9CC727E4}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{576E6680-6612-4452-A2D1-922AC68FDF58}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5887CA15-B9DC-4E25-BBFD-04D2757A04C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{58B46338-3746-429C-A9C8-8776C9FD87A9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5A3886EC-F0BB-4D9D-90B8-D34BE37106CA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5A9B31C6-5F82-4A6C-9984-BDF18B61A00E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5C069AF2-68E2-4E7B-B410-273832246BD6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{5D4F7634-EC64-402B-95AE-A90F9AD7E871}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{604E3A5F-6AF0-4F9F-8473-CEBBC6D96EA8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{61D42EA0-D88A-4C4B-A48F-65C54FE3E98E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{62F9F402-5F10-4634-8998-5019E7DEE8B7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6369F2EE-FDCB-4D37-B1B3-0420121374C2}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{66AA8091-D591-4717-ACF6-BE09BE2C170B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6934A5A1-B454-4375-84C9-CC881B024B43}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{693BD2AD-D50C-412C-944E-35DF89D09A21}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{69B3CE71-AE5E-4F79-A77B-F94E35708592}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6A36B530-B5DC-463C-A43E-481943C32622}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6A64D8E0-D49E-4641-80C9-781C130F3AE8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6BA5C935-020C-420C-9DDC-4680E6CA2AAA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6D404F2F-82F7-45FB-8BBD-C309912B6157}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{6E90791A-1869-45A6-B495-D6615DC15DB4}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{7054D466-044C-496D-9621-CDD6FA89A539}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{70C6E4A8-D10E-48F3-A7CC-3F54D1565EBA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{72946EDC-C139-4ACB-8614-3FBF043EF90E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{72F2B970-FD4A-4472-B934-12F1A5B8EFA0}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{73F739EC-637A-42BE-892D-1489DCB7C89D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{742E2FA1-4968-4259-A614-B4D887BE67F9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{76BBC613-5767-4D84-8612-E5DD048D7D93}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{77F58102-57F7-49C1-BFBF-450EBDDA3417}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{80AF4FA3-291D-496B-B1FD-4AA9C3594CAB}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{81926FCB-4318-4BCD-9169-D5E964764AC6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8195B8A2-1C5F-4D20-9416-654236C90ABA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8338B355-40EB-4652-BBDA-DE7EEEDABCD8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{83D1B4BA-6396-4290-A8AB-AA1FB97BE244}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{853B5399-3A97-412B-9C4A-C0DC051E1BF4}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{88FBC75C-38D6-49F9-A57D-F2777F38C5F6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{88FD271F-5609-4E58-B942-0031E277421D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{89BF88AE-2FCF-48AF-8015-8099F73A264B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8C982F22-E44E-4EE7-B89D-483BD93880A8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8D5AC05B-5354-44F1-B4E8-DEC07C803A99}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8DF0D6B8-A27C-4E79-8188-EFA34E3C0DE3}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8E50FB3A-DF37-4A4C-B4D6-4821CC47B011}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8EA92683-FB24-41B1-A3D3-703B67BA2779}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8F1D7F31-B130-4A40-BEFD-6E5DDB293E55}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{8F7C1BE1-B836-4907-9B09-AFE5B7616FE0}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{90DBDE73-3929-4042-A58F-F4174844884B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{935FE3B8-99CD-4774-8C9D-F8ACC03703A7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{935FFE26-BBFE-4E2F-A69B-4833A4CAD8FE}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{93F622D8-05DD-4D7B-8FB4-2FF4B2C82A9C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{942AA830-A467-4721-A621-B145D87E9370}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{94AAAC2B-D87D-42F3-AB56-0E2C2D050441}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{95C4066C-0F66-4047-B2E0-A73002FC0F5A}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9AEC4A66-0853-4058-9386-B814821F717E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9C4AFFCC-6FD4-40F6-82CA-6C36B33FDA47}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9C7AB64F-C3F6-4170-8B25-2858D8EAE9B7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9D27F2D7-1358-447B-83E3-E495AE6A3E88}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9D995713-4F9F-431C-9239-AEF3887A0798}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{9FEE4CC8-3C48-428F-800E-F1029DA722CF}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A41C4079-ED40-43F9-A5DA-F3320E7D2E19}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A4BFAFFB-9324-4B62-BC71-BC8349E0BF97}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A5E53CC0-ADF3-4F25-A149-C6D711CB776A}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A70DC97A-05E0-4626-BF1F-5594EB9591A6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A735B415-6178-46C8-904A-D89B8D814191}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A9E88664-6395-4FF2-8911-A62A993098C8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{A9F4FCF5-E1D0-41EA-A08C-B80671EDF339}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{AA4DF3D7-B08B-44CD-B467-C0FAAE0190BC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{AC253300-C3B5-4DD5-879A-4BA6DC84C6BC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{ACB200E7-9A5C-486B-8D6A-311B1C8DE4C3}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{ADE716A1-22E1-4623-BF10-4A770B6DEC64}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{AEE453C2-6CF2-4377-92F1-90B3F11DDE82}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{AFCE2E7F-8C03-447A-AEFF-1DD7FB1103EC}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B12FA45B-C356-430F-BB89-EAB6C2284A9F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B4E9E801-5BBA-4632-82BB-57933FEFF95C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B55EA8EE-9313-48A6-82A0-26482F4AFFA0}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B5752BEE-11C7-4D68-B43F-F6AE5EF7F810}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B6DCF5E3-CC92-4115-A2FB-8C70C506E58D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B70981BD-996E-4E4D-A0FE-2E05D137D01C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{B78258B7-947D-4B34-9E09-985E2F9591A2}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BA055998-925B-48AA-88D6-E16E103BB515}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BA99DFD2-9459-4175-B4BB-C23C1D98ADE6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BA9FF1DB-FCC1-40A0-8CDF-BA363B707187}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BB0B200C-C083-4343-922B-2778E899A15C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BB63BDD2-61B5-4D48-A273-07DDE56EFDF6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BD25FC07-C277-4493-84E4-4E61680D5015}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BEA9FF37-DAFF-4F48-A1F6-A219965B6321}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BEC71A35-94D2-463A-A126-AEBE3EE439F9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{BF880A62-8C2B-49A9-8C23-B7C35D09816D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C053192D-2777-426C-8CF7-12C43973D4DE}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C0C8D082-3EC6-4020-A1AF-B7B3BA363FA2}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C121A03B-F788-4934-97FB-9F82F1B830F5}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C235B8DD-E22A-4A04-8031-FB0380756F68}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C291BFFA-CCCE-41B6-A4FC-F1D88B6672E7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C369A4B9-C76C-400A-A741-60A0CEF8138D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C40E7F33-42D7-48B9-BA7D-B0FFB3C3FF2E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C48E382C-A7E5-442E-82BD-69BBB6D1B15D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C54125E7-3C3B-425F-97F5-E11F8888DAE3}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C624F5D2-BF37-4CD5-A4E1-4BD75412FA7F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C6CDA782-3ED9-4712-A233-B52C67EDEDF5}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C7DA835D-B83D-4E2E-99BE-36B31308884C}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{C849682E-C628-455F-81BC-A775EF7CF38E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{CBB51375-EEC2-4B0C-B0CB-3F7CFDB6374E}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{CBD9F4F4-FAD2-48E9-A960-7CDDF98FDB76}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{CBDA510E-7DF7-4844-BDA5-8440533035C9}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{CD5D4C25-9A92-4FC4-8826-F4EADBBEE8B0}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{CE16E95F-4BDD-4934-89B3-6E3C03F5A288}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{CFE0D227-128F-4745-9333-847AB69CCD30}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D4ADA110-084C-474D-87FF-62187859CF8A}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D564A775-6240-4071-B504-D012EA6A15AD}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D5732C10-7C4F-4462-B2BA-86A39452020A}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D6ACA9C7-8B53-481F-A406-1DD863742E72}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D7534480-1597-409D-8034-FE0EC7E1CEA4}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D7EF83CA-E2A1-4DC9-9D0F-AC7E94DAA2D6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D7FEEBD1-FE65-4B61-8130-556D78BC8241}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{D9AFEDD0-4DA3-45BD-A793-0DBEA4B21286}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{DA9F690C-7E88-4F76-967C-B8F58F5CD0EF}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{DB6733C6-4BAE-44C9-B9F0-68A234DED2CB}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{DFB873B2-4214-4A0D-82C4-24BC05EA8120}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E1DDE7DB-A001-4949-AA1F-2F36EBD3C506}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E230837C-2982-42FC-AAED-D2662004D7EE}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E2887E1B-1501-4082-AFC0-7B392C966AE6}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E35E5597-A5C5-4A4B-964D-D45E0AAE4384}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E38857C9-4EF8-461E-8D15-EF82CE5191AD}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E3AE10D8-B8F2-4CB7-9E4B-670C01351774}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E3E53248-B55D-43B7-93A7-F1691719DA76}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E3FBE413-84BD-43F0-A4A0-166CF848DAB2}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E6BEF266-0B0D-482D-90D2-851EC6899C03}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E72A6027-E5AA-4612-8C08-E947801AD62F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E86ADCB0-8230-47DF-8AA9-681B8FFFE038}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E89B4931-F2BA-44DD-9669-9C4806301468}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{E8E17517-6DE4-4991-A94D-AE3E63C927E1}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{EA6FEA93-0FF5-4EB0-BC50-B56B71276A7F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{EB5BF26F-45C3-4FDF-8148-0CE777B1A42F}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{ED9760CD-3807-47CB-8EE8-89156E0DC4FA}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{EFCDF81A-B7D6-44EA-A6E0-38CC621088A7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F06BA7B1-9818-4B7B-9A48-139FBC22E67D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F0D46682-C01F-40E5-8148-88A15AB22DFE}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F170B83A-2058-4C5F-B0FA-39BAC569A350}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F21E3800-F578-4F87-987E-A4569E346CF1}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F2B68100-96F7-4D4B-913E-76055EFA282D}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F387C2C1-68EB-4BF9-B5DA-F7C7D73B98A8}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F573F7EC-9E4B-4DF9-BC56-436F561E3BEE}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F7EF5622-11BB-4E9C-A791-1DA19F0420EF}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F88E4982-E2E3-4059-BB5A-E24A698BB323}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F8D85C39-6270-4FAE-A3C7-BC024E2A39C4}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{F981BDB3-56CE-4A93-83AA-A1C034CBCDE7}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{FAE6F906-4CBF-44FA-8659-48ACA41A0C5A}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{FBB63E26-6019-4873-B960-7E8012D2F332}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{FC437383-6E22-4004-8312-E21660E40954}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{FD884486-5A3A-4CF7-BE39-B362C5F2957B}
Successfully deleted: [Empty Folder] C:\Users\Sarah\appdata\local\{FF44098B-1A36-464E-BBC8-12EE5D764981}



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\sb4n51z4.default\minidumps [20 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.08.2014 at 15:26:19,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

M-K-D-B · 16.08.2014, 15:50

Servus,

führe bitte mal den FRST-Scan (Schritt 4) wie beschrieben aus und poste mir die neuen beiden Logdateien.

Alessia · 16.08.2014, 15:53

Habe ich versucht, jedoch kommt jedes mal nur die folgende Meldung:

Line 6489 (File ""):

Error: "EndIf" statement with no matching "If" statement

M-K-D-B · 16.08.2014, 15:56

Servus,

ok... ich habe die Fehlermeldung an den Entwickler weitergeleitet.

Dann machen wir anders weiter:

Bitte auch dieses Tools auf dem Desktop abspeichern und von dort ausführen...

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Alessia · 16.08.2014, 16:25

ComboFix

Code:

ATTFilter

ComboFix 14-08-15.01 - Sarah 16.08.2014  17:02:57.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4026.2223 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\users\Sarah\AppData\Roaming\.#
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Legacy_NPF
-------\Service_acedrv11
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-16 bis 2014-08-16  ))))))))))))))))))))))))))))))
.
.
2014-08-16 15:13 . 2014-08-16 15:13	--------	dc----w-	c:\users\Default\AppData\Local\temp
2014-08-16 11:03 . 2014-08-16 11:03	--------	dc----w-	c:\windows\ERUNT
2014-08-12 15:00 . 2014-08-16 14:24	--------	dc----w-	C:\FRST
2014-08-12 12:39 . 2014-08-16 14:14	122584	-c--a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 12:39 . 2014-08-12 12:39	--------	dc----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 12:39 . 2014-05-12 05:26	91352	-c--a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 12:39 . 2014-05-12 05:25	25816	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-12 12:11 . 2014-08-12 12:11	--------	dc----w-	c:\program files (x86)\Common Files\Java
2014-08-12 12:11 . 2014-07-25 10:55	98216	-c--a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-11 08:25 . 2014-08-11 08:25	--------	dc----w-	c:\users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 08:25 . 2014-08-11 08:25	--------	dc----w-	c:\programdata\PlayFirst
2014-08-11 06:07 . 2010-08-30 06:34	536576	-c--a-w-	c:\windows\SysWow64\sqlite3.dll
2014-08-07 06:51 . 2014-08-07 06:51	--------	dc----w-	c:\program files (x86)\Search
2014-07-17 16:19 . 2014-07-17 16:19	--------	dc----w-	c:\users\Sarah\AppData\Roaming\Divine
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 14:19 . 2010-06-24 09:33	23256	-c--a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-05 07:20 . 2011-07-09 06:49	270496	-c----w-	c:\windows\system32\MpSigStub.exe
2014-07-14 02:12 . 2014-08-12 11:30	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F64CCA3A-A19C-4500-827F-1806A3ED0F1D}\mpengine.dll
2014-07-09 16:34 . 2013-12-06 13:28	71344	-c--a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:34 . 2013-12-06 13:28	699056	-c--a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 04:56 . 2013-03-21 11:46	427360	-c--a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-09 04:55 . 2013-12-31 23:57	92008	-c--a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-09 04:55 . 2013-03-21 11:46	224896	-c--a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-09 04:55 . 2013-03-21 11:46	1041168	-c--a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-09 04:55 . 2013-03-21 11:46	65776	-c--a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 04:55 . 2013-03-21 11:46	79184	-c--a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 04:55 . 2014-04-30 05:37	29208	-c--a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-09 04:55 . 2013-03-21 11:46	307344	-c--a-w-	c:\windows\system32\aswBoot.exe
2014-07-09 04:55 . 2013-03-21 11:46	93568	-c--a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 04:55 . 2014-07-09 04:55	43152	-c--a-w-	c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-15 3093624]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-21 1814440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0;PCDSRVC{EDD8E36B-450E27F9-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0;PCDSRVC{EDD8E36B-AED7022D-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 Search;Search;c:\program files (x86)\Search\WebSearch.exe;c:\program files (x86)\Search\WebSearch.exe [x]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Update-Service-Installer-Service	REG_MULTI_SZ   	Update-Service-Installer-Service
DailytoolsInstallerService	REG_MULTI_SZ   	DailytoolsInstallerService
DailytoolsUpdateService	REG_MULTI_SZ   	DailytoolsUpdateService
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 16:34]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 10:51]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 10:51]
.
2014-08-14 c:\windows\Tasks\Norton Security Scan for Sarah.job
- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-04-11 06:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 04:55	634872	-c--a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-11-13 306472]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;www.joosoft.com
uInternet Settings,ProxyServer = http=127.0.0.1:8897;https=127.0.0.1:8897
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-c:\users\Sarah\AppData\Local\Temp\tmpA88E.tmp.exe - c:\users\Sarah\AppData\Local\Temp\tmpA88E.tmp.exe
Wow6432Node-HKCU-Run-c:\users\Sarah\AppData\Local\Temp\tmp5C37.tmp.exe - c:\users\Sarah\AppData\Local\Temp\tmp5C37.tmp.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe
Toolbar-Locked - (no file)
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-Fallout 2 Restoration Project_is1 - c:\users\Sarah\Pictures\Furcht\Fallout2\unins000.exe
AddRemove-Fallout 2 Unofficial Patch_is1 - c:\users\Sarah\Pictures\Anime - Avatare\BlackIsle\Fallout2\New Folder\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1 - c:\program files (x86)\Kalenderchen\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-450E27F9-06020101}_0]
"ImagePath"="\??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-AED7022D-06020101}_0]
"ImagePath"="\??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\SecuROM\License information*]
"datasecu"=hex:ed,15,7d,56,d7,57,1f,e9,d2,ba,e0,f2,c5,d9,5b,a8,de,5d,80,1d,3f,
   1b,f1,07,fe,9f,f4,2b,2f,63,91,52,c9,34,bb,b4,b3,b9,3c,8e,de,6e,b7,13,68,54,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-16  17:22:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-16 15:22
.
Vor Suchlauf: 17 Verzeichnis(se), 308.060.196.864 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 308.336.689.152 Bytes frei
.
- - End Of File - - 5AC079085B912DCF03640DB5134C0FB8
A36C5E4F47E84449FF07ED3517B43A31

M-K-D-B · 16.08.2014, 21:55

Servus,

es gibt eine neue Version von FRST, daher sollte auch Schritt 2 klappen.

Schritt 1
Combofix-Skript

WARNUNG für die MITLESER:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von folgenden Download-Spiegel neu herunter: Link

Speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> notepad (hinein schreiben) --> OK
Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
Driver::
Search

Folder::
c:\program files (x86)\Search

Registry::
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
"Update-Service-Installer-Service"=-

DDS::
uInternet Settings,ProxyOverride = <-loopback>;www.joosoft.com
uInternet Settings,ProxyServer = http=127.0.0.1:8897;https=127.0.0.1:8897
         
Speichere dies als CFScript.txt auf deinem Desktop.

Wichtig: Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!

Schließe alle laufenden Programme damit ComboFix ungehindert arbeiten kann.

Ziehe CFScript.txt in die ComboFix.exe wie in diesem Bild:

Mache nichts am Computer, bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.

Wenn ComboFix fertig ist wird es ein Log erstellen: C:\ComboFix.txt
Bitte füge es hier als Antwort (in CODE-Tags mit dem #-Button des Editors) ein.
Hinweis:
Suspect:: und Collect::
Falls im Skript diese Anweisungen enthalten sind, sollen Dateien zur Analyse eingeschickt werden. Es erscheint eine Message-Box, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen. Teile mir unbedingt mit, ob der Upload geklappt hat!

Schritt 2

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Alessia · 16.08.2014, 22:50

CombiFix

Code:

ATTFilter

ComboFix 14-08-15.01 - Sarah 16.08.2014  23:25:54.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4026.2214 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sarah\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search
c:\program files (x86)\Search\HtmlAgilityPack.dll
c:\program files (x86)\Search\makecert.exe
c:\program files (x86)\Search\Newtonsoft.Json.dll
c:\program files (x86)\Search\WebSearch.exe
c:\program files (x86)\Search\WebSearch.exe.config
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Search
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-07-16 bis 2014-08-16  ))))))))))))))))))))))))))))))
.
.
2014-08-16 11:03 . 2014-08-16 11:03	--------	dc----w-	c:\windows\ERUNT
2014-08-12 15:00 . 2014-08-16 14:24	--------	dc----w-	C:\FRST
2014-08-12 12:39 . 2014-08-16 14:14	122584	-c--a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 12:39 . 2014-08-12 12:39	--------	dc----w-	c:\program files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 12:39 . 2014-05-12 05:26	91352	-c--a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 12:39 . 2014-05-12 05:25	25816	-c--a-w-	c:\windows\system32\drivers\mbam.sys
2014-08-12 12:11 . 2014-08-12 12:11	--------	dc----w-	c:\program files (x86)\Common Files\Java
2014-08-12 12:11 . 2014-07-25 10:55	98216	-c--a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-11 08:25 . 2014-08-11 08:25	--------	dc----w-	c:\users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 08:25 . 2014-08-11 08:25	--------	dc----w-	c:\programdata\PlayFirst
2014-08-11 06:07 . 2010-08-30 06:34	536576	-c--a-w-	c:\windows\SysWow64\sqlite3.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 14:19 . 2010-06-24 09:33	23256	-c--a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-05 07:20 . 2011-07-09 06:49	270496	-c----w-	c:\windows\system32\MpSigStub.exe
2014-07-14 02:12 . 2014-08-12 11:30	10924376	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F64CCA3A-A19C-4500-827F-1806A3ED0F1D}\mpengine.dll
2014-07-09 16:34 . 2013-12-06 13:28	71344	-c--a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:34 . 2013-12-06 13:28	699056	-c--a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 04:56 . 2013-03-21 11:46	427360	-c--a-w-	c:\windows\system32\drivers\aswsp.sys
2014-07-09 04:55 . 2013-12-31 23:57	92008	-c--a-w-	c:\windows\system32\drivers\aswstm.sys
2014-07-09 04:55 . 2013-03-21 11:46	224896	-c--a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-07-09 04:55 . 2013-03-21 11:46	1041168	-c--a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-07-09 04:55 . 2013-03-21 11:46	65776	-c--a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 04:55 . 2013-03-21 11:46	79184	-c--a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 04:55 . 2014-04-30 05:37	29208	-c--a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-07-09 04:55 . 2013-03-21 11:46	307344	-c--a-w-	c:\windows\system32\aswBoot.exe
2014-07-09 04:55 . 2013-03-21 11:46	93568	-c--a-w-	c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 04:55 . 2014-07-09 04:55	43152	-c--a-w-	c:\windows\avastSS.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-15 3093624]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-21 1814440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0;PCDSRVC{EDD8E36B-450E27F9-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0;PCDSRVC{EDD8E36B-AED7022D-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DailytoolsInstallerService	REG_MULTI_SZ   	DailytoolsInstallerService
DailytoolsUpdateService	REG_MULTI_SZ   	DailytoolsUpdateService
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 16:34]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 10:51]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 10:51]
.
2014-08-14 c:\windows\Tasks\Norton Security Scan for Sarah.job
- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-04-11 06:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 04:55	634872	-c--a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-11-13 306472]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-Fallout 2 Restoration Project_is1 - c:\users\Sarah\Pictures\Furcht\Fallout2\unins000.exe
AddRemove-Fallout 2 Unofficial Patch_is1 - c:\users\Sarah\Pictures\Anime - Avatare\BlackIsle\Fallout2\New Folder\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1 - c:\program files (x86)\Kalenderchen\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-450E27F9-06020101}_0]
"ImagePath"="\??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-AED7022D-06020101}_0]
"ImagePath"="\??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\SecuROM\License information*]
"datasecu"=hex:ed,15,7d,56,d7,57,1f,e9,d2,ba,e0,f2,c5,d9,5b,a8,de,5d,80,1d,3f,
   1b,f1,07,fe,9f,f4,2b,2f,63,91,52,c9,34,bb,b4,b3,b9,3c,8e,de,6e,b7,13,68,54,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-16  23:44:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-08-16 21:44
ComboFix2.txt  2014-08-16 15:22
.
Vor Suchlauf: 22 Verzeichnis(se), 308.160.163.840 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 308.353.060.864 Bytes frei
.
- - End Of File - - 4F9A68FD9F4D3F0FF541E72FEA0EA6C5
A36C5E4F47E84449FF07ED3517B43A31

FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Sarah (administrator) on SARAH-PC on 16-08-2014 23:46:27
Running from C:\Users\Sarah\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [306472 2009-11-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-16] ()
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE425
SearchScopes: HKCU - {90A988B0-6C3F-4000-A612-9180A1343E3A} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE662&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Windows\system32\d3dyueev6.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sarah\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [File not signed]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-09] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-09] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0; \??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0; \??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 23:46 - 2014-08-16 23:46 - 02101760 ____C (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2014-08-16 23:46 - 2014-08-16 23:46 - 00019549 ____C () C:\Users\Sarah\Desktop\FRST.txt
2014-08-16 23:44 - 2014-08-16 23:44 - 00020912 ____C () C:\ComboFix.txt
2014-08-16 23:22 - 2014-08-16 23:22 - 05571320 ___RC (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-08-16 23:09 - 2014-08-16 23:09 - 00001605 ____C () C:\Users\Sarah\Desktop\ComboFix - Verknüpfung.lnk
2014-08-16 16:59 - 2014-08-16 23:44 - 00000000 ___DC () C:\Qoobox
2014-08-16 16:59 - 2011-06-26 08:45 - 00256000 ____C () C:\Windows\PEV.exe
2014-08-16 16:59 - 2010-11-07 19:20 - 00208896 ____C () C:\Windows\MBR.exe
2014-08-16 16:59 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00098816 ____C () C:\Windows\sed.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00080412 ____C () C:\Windows\grep.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00068096 ____C () C:\Windows\zip.exe
2014-08-16 16:58 - 2014-08-16 23:35 - 00000000 ___DC () C:\Windows\erdnt
2014-08-16 16:23 - 2014-08-16 16:23 - 00002974 ____C () C:\Windows\System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75}
2014-08-16 16:15 - 2014-08-16 16:15 - 00001156 ____C () C:\mbam.txt
2014-08-16 15:26 - 2014-08-16 15:26 - 00026147 ____C () C:\Users\Sarah\Desktop\JRT.txt
2014-08-16 13:03 - 2014-08-16 13:03 - 00000000 ___DC () C:\Windows\ERUNT
2014-08-16 10:43 - 2014-08-16 10:44 - 00049653 ____C () C:\Users\Sarah\Desktop\Addition.txt
2014-08-12 17:00 - 2014-08-16 23:46 - 00000000 ___DC () C:\FRST
2014-08-12 15:10 - 2014-08-12 15:12 - 00002528 ____C () C:\Users\Sarah\Desktop\Rkill.txt
2014-08-12 14:39 - 2014-08-16 16:14 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 14:39 - 2014-08-12 14:39 - 00001110 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 14:39 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 14:39 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 14:11 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 14:11 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 14:11 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 14:11 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 14:10 - 2014-08-12 14:11 - 00004250 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-12 14:07 - 2014-08-12 14:07 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Sun
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\ProgramData\PlayFirst
2014-08-11 08:07 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-10 16:42 - 2014-08-10 16:42 - 00000683 ____C () C:\Users\Sarah\Sarah - Verknüpfung.lnk
2014-08-10 16:32 - 2014-08-10 16:32 - 00002966 ____C () C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}
2014-08-10 16:31 - 2014-08-10 16:31 - 00001167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 16:31 - 2014-08-10 16:31 - 00001155 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 16:18 - 2014-08-10 16:18 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-10 16:14 - 2014-08-10 16:14 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0.exe
2014-07-17 18:19 - 2014-07-17 18:19 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Divine
2014-07-17 13:47 - 2014-07-17 18:19 - 00000000 ___DC () C:\Divine

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-16 23:46 - 2014-08-16 23:46 - 02101760 ____C (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2014-08-16 23:46 - 2014-08-16 23:46 - 00019549 ____C () C:\Users\Sarah\Desktop\FRST.txt
2014-08-16 23:46 - 2014-08-12 17:00 - 00000000 ___DC () C:\FRST
2014-08-16 23:44 - 2014-08-16 23:44 - 00020912 ____C () C:\ComboFix.txt
2014-08-16 23:44 - 2014-08-16 16:59 - 00000000 ___DC () C:\Qoobox
2014-08-16 23:42 - 2011-03-28 12:09 - 01182795 ____C () C:\Windows\WindowsUpdate.log
2014-08-16 23:39 - 2013-03-21 13:46 - 00004182 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-16 23:37 - 2011-03-29 12:51 - 00001110 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 23:37 - 2011-03-29 12:51 - 00001106 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 23:37 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-08-16 23:37 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini
2014-08-16 23:36 - 2014-06-13 19:06 - 00016434 ____C () C:\Windows\PFRO.log
2014-08-16 23:36 - 2014-06-10 12:17 - 00018648 ____C () C:\Windows\setupact.log
2014-08-16 23:36 - 2009-07-14 04:34 - 68730880 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 00466944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-08-16 23:35 - 2014-08-16 16:58 - 00000000 ___DC () C:\Windows\erdnt
2014-08-16 23:34 - 2013-12-06 15:28 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 23:22 - 2014-08-16 23:22 - 05571320 ___RC (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-08-16 23:09 - 2014-08-16 23:09 - 00001605 ____C () C:\Users\Sarah\Desktop\ComboFix - Verknüpfung.lnk
2014-08-16 20:12 - 2012-11-16 01:20 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\PMB Files
2014-08-16 19:51 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 19:51 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 19:46 - 2013-10-06 16:57 - 00000000 ___DC () C:\Program Files (x86)\Steam
2014-08-16 17:22 - 2009-07-14 05:20 - 00000000 _RHDC () C:\Users\Default
2014-08-16 16:23 - 2014-08-16 16:23 - 00002974 ____C () C:\Windows\System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75}
2014-08-16 16:15 - 2014-08-16 16:15 - 00001156 ____C () C:\mbam.txt
2014-08-16 16:14 - 2014-08-12 14:39 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 15:26 - 2014-08-16 15:26 - 00026147 ____C () C:\Users\Sarah\Desktop\JRT.txt
2014-08-16 13:09 - 2012-02-24 10:54 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\CrashDumps
2014-08-16 13:03 - 2014-08-16 13:03 - 00000000 ___DC () C:\Windows\ERUNT
2014-08-16 12:25 - 2013-12-05 11:39 - 00000000 ___DC () C:\AdwCleaner
2014-08-16 10:44 - 2014-08-16 10:43 - 00049653 ____C () C:\Users\Sarah\Desktop\Addition.txt
2014-08-16 10:20 - 2012-09-25 19:13 - 00000000 ___DC () C:\Program Files (x86)\Marble Mouse Wheel
2014-08-14 17:59 - 2011-08-23 18:12 - 00000452 ___HC () C:\Windows\Tasks\Norton Security Scan for Sarah.job
2014-08-12 15:12 - 2014-08-12 15:10 - 00002528 ____C () C:\Users\Sarah\Desktop\Rkill.txt
2014-08-12 14:39 - 2014-08-12 14:39 - 00001110 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-08-12 14:12 - 2011-03-28 12:13 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\Google
2014-08-12 14:12 - 2009-11-03 06:22 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-08-12 14:11 - 2014-08-12 14:10 - 00004250 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-12 14:11 - 2012-03-23 12:29 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-12 14:07 - 2014-08-12 14:07 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Sun
2014-08-12 13:47 - 2009-11-03 06:23 - 00000000 ___DC () C:\ProgramData\McAfee
2014-08-12 13:47 - 2009-11-03 06:23 - 00000000 ___DC () C:\Program Files (x86)\McAfee
2014-08-12 13:34 - 2013-02-07 10:24 - 00000000 ___DC () C:\Program Files\McAfee
2014-08-12 13:34 - 2012-09-25 14:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-12 13:34 - 2012-09-25 14:46 - 00000000 ___DC () C:\ProgramData\LogiShrd
2014-08-12 13:34 - 2012-09-25 14:46 - 00000000 ___DC () C:\Program Files\Common Files\Logishrd
2014-08-12 13:33 - 2014-06-16 17:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\ProgramData\PlayFirst
2014-08-10 22:49 - 2013-05-24 15:51 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-08-10 22:49 - 2013-05-24 15:50 - 00000000 ___DC () C:\Program Files (x86)\Purplehills
2014-08-10 16:53 - 2011-03-28 12:17 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Mozilla
2014-08-10 16:42 - 2014-08-10 16:42 - 00000683 ____C () C:\Users\Sarah\Sarah - Verknüpfung.lnk
2014-08-10 16:42 - 2011-03-28 12:09 - 00000000 ___DC () C:\Users\Sarah
2014-08-10 16:32 - 2014-08-10 16:32 - 00002966 ____C () C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}
2014-08-10 16:31 - 2014-08-10 16:31 - 00001167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 16:31 - 2014-08-10 16:31 - 00001155 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 16:31 - 2013-08-17 10:58 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 16:18 - 2014-08-10 16:18 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-10 16:14 - 2014-08-10 16:14 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0.exe
2014-08-10 15:51 - 2013-10-25 17:44 - 00000000 ___DC () C:\Users\Sarah\Desktop\Alte Firefox-Daten
2014-08-10 15:37 - 2012-04-13 08:58 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Malwarebytes
2014-08-10 15:36 - 2012-04-13 08:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-08-10 15:36 - 2012-04-13 08:57 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-05 09:20 - 2011-07-09 08:49 - 00270496 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-28 19:29 - 2011-03-28 21:55 - 00709186 ____C () C:\Windows\system32\perfh007.dat
2014-07-28 19:29 - 2011-03-28 21:55 - 00153786 ____C () C:\Windows\system32\perfc007.dat
2014-07-28 19:29 - 2009-07-14 07:13 - 01641884 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 21:28 - 2011-06-12 16:10 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-25 12:55 - 2014-08-12 14:11 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-12 14:11 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-12 14:11 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-12 14:11 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 18:19 - 2014-07-17 18:19 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Divine
2014-07-17 18:19 - 2014-07-17 13:47 - 00000000 ___DC () C:\Divine

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-08 11:15

==================== End Of Log ============================

--- --- ---

--- --- ---

Addition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Sarah at 2014-08-16 23:47:30
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version:  - Microsoft) Hidden
Abenteuer Hawaii - Pearl Harbor (HKLM-x32\...\Abenteuer Hawaii - Pearl Harbor) (Version:  - )
Abenteuer Hawaii 2 - Die Verborgene Insel (HKLM-x32\...\Abenteuer Hawaii 2 - Die Verborgene Insel) (Version:  - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7029 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7029 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.0 - Atomi Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.209 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Babylonia (HKLM-x32\...\Babylonia) (Version:  - )
calibre (HKLM-x32\...\{779EB69C-6DD9-4CB0-B316-2BEE4361755A}) (Version: 1.2.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
City Style (HKLM-x32\...\City Style) (Version:  - )
ClipGrab 3.2.0.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cultures Gold Edition (HKLM-x32\...\Cultures - Die Entdeckung Vinlands) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DANGER ZONE! (HKLM-x32\...\DANGER ZONE!) (Version:  - )
Das rätselhafte Kristall-Portal (HKLM-x32\...\Das rätselhafte Kristall-Portal) (Version:  - )
Der Schatz Persiens (HKLM-x32\...\Der Schatz Persiens_is1) (Version:  - Contendo Media GmbH)
Der zerstreute Pharao (HKLM-x32\...\Der zerstreute Pharao_is1) (Version:  - tewi publishing GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version:  - )
D-Fend Reloaded 1.3.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.2 - Alexander Herzog)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
Die Sage von Odysseus (HKLM-x32\...\Die Sage von Odysseus_is1) (Version:  - rondomedia Marketing & Vertriebs GmbH)
Die Supertalent-Agentur (HKLM-x32\...\Die Supertalent-Agentur) (Version:  - )
DINO DEFENDER (HKLM-x32\...\DINO DEFENDER) (Version:  - )
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
Drakensang (HKLM-x32\...\Drakensang_is1) (Version:  - dtp)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
Dunkle Schatten 2.04 (HKLM-x32\...\{47588300-ECCC-4E3A-919A-9AE01A34C5AC}_is1) (Version: Dunkle Schatten 2.04 - Brianum/Dawnatic)
DupDetector (HKLM-x32\...\{9604876E-6DF3-11D9-9526-CC60569E6209}) (Version: 3.2.0.1 - Prismatic Software)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Enchanted Katya (HKLM-x32\...\Enchanted Katya) (Version: 1.00 - phenomedia publishing gmbh)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fallout 2 (HKLM-x32\...\Fallout 2) (Version:  - )
Fallout 2 Unofficial Patch 1.02.22 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version:  - killap Inc)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
FilePanther 1.21.259.372 (HKLM-x32\...\FilePanther 1.21.259.372) (Version:  - )
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
FO2 Restoration Project 2.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version:  - killap)
Frankenstein (HKLM-x32\...\Frankenstein_is1) (Version: v1.1 - Play)
Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
Germany's next Topmodel 2011 (HKLM-x32\...\Germany's next Topmodel 2011) (Version: 1.0.0.1 - Sevengames)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gourmania (HKLM-x32\...\Gourmania) (Version:  - )
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.308 - Happy Cloud, Inc.)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper's Knot (HKLM-x32\...\Junipers_Knot) (Version:  - Dischan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version:  - Daniel Manger)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Legend of the Piper Girl Version 1.3 (HKLM-x32\...\{AD9BBA69-4691-44AB-98EF-D62D0D6E34E0}_is1) (Version: 1.3 - Unbroken Hours)
LibreOffice 3.4 (HKLM-x32\...\{D64833F8-860D-4216-8EDC-DD08AD68C0B5}) (Version: 3.4.402 - LibreOffice)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Lost Chronicles of Zerzura (HKLM-x32\...\Lost Chronicles of Zerzura_is1) (Version:  - dtp)
Luka und der verborgene Schatz (HKCU\...\Luka und der verborgene Schatz) (Version:  - )
Luxor Amun Rising with Luxor (HKLM-x32\...\Luxor Amun Rising with Luxor) (Version:  - MumboJumbo, LLC)
Magicians Handbook (HKLM-x32\...\{6850696D-FC0A-48A7-9097-7EB301FB0FEA}) (Version: 1.00.0000 - Purplehills)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Master Wu (HKLM-x32\...\Master Wu) (Version:  - )
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE  (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Minefield 4.2a1pre (x64 en-US) (HKLM\...\Minefield 4.2a1pre (x64 en-US)) (Version: 4.2a1pre - Mozilla)
Mord im Laufrad (HKLM-x32\...\{1A8BADF4-9D45-4574-9C3A-47A98442F10E}) (Version: 1.00.0000 - Mord im Laufrad)
Morrowind (HKLM-x32\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version:  - )
Mouse Recorder Pro 1.3 (HKLM-x32\...\{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1) (Version:  - Nemex)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My beautiful vacation (HKLM-x32\...\{487E15A0-83FF-45E9-86FF-67355FE65A7D}_is1) (Version:  - UIG GmbH)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version:  - )
Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version:  - dtp)
MyVideoConverter Pro 3.14 (HKLM-x32\...\MyVideoConverter Pro) (Version: 3.14 - MySoft, Inc.)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pizzadude 1.0 (HKLM-x32\...\Pizzadude) (Version: 1.0 - Team6 game studios)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RE: Alistair++ (HKLM-x32\...\RE: Alistair++) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version:  - Piranha Bytes)
RM2K Mp3 Patch v1.1 (HKLM-x32\...\{37A58B85-C98F-11D5-B694-00E07D72A995}) (Version:  - )
Robin Hood TsoSF (HKLM-x32\...\Robin Hood TsoSF) (Version:  - )
RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version:  - )
RPG Maker 2000 1.07b (HKLM-x32\...\RPG Maker 2000 1.07b) (Version:  - )
RPG Maker Fonts (HKLM-x32\...\{5A96225D-A3B7-4535-AE49-3BF217999669}) (Version: 1.0.0 - <no manufacturer>)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version:  - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version:  - )
Schlag den Raab - Das 2. Spiel (HKLM-x32\...\SDR2) (Version: 1.0 - Sproing Interactive GmbH)
Scrabble3D (HKLM-x32\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
Simple Adblock (HKLM-x32\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Sleepless Night (HKLM-x32\...\Sleepless Night) (Version:  - )
Sleepless Night 2 (HKLM-x32\...\Sleepless Night 2) (Version:  - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Soulmates (HKLM-x32\...\Soulmates) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stolz und Vorurteil (HKLM-x32\...\Stolz und Vorurteil) (Version:  - )
Stray Souls - Das Haus der Puppen (HKLM-x32\...\Stray Souls - Das Haus der Puppen) (Version:  - )
Strike Ball 3 (HKLM-x32\...\Strike Ball 3) (Version:  - )
Sven 004 XS (HKLM-x32\...\{4D43D5AF-A393-463D-8C78-8E6C4FA2CEE9}) (Version:  - )
Sven 2 XXL (HKLM-x32\...\{AF507761-0AD4-4BCC-A636-42DB38E689B0}) (Version:  - )
Sven Bømwøllen (HKLM-x32\...\{E24AECDA-101F-11D6-986D-00500443CF9F}) (Version:  - )
Sven XXX - XXL (HKLM-x32\...\{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version:  - )
This Is Where I Want To Die (HKLM-x32\...\This Is Where I Want To Die) (Version:  - )
TreeSize Personal V5.5.5 (HKLM-x32\...\TreeSize Personal_is1) (Version: 5.5.5 - JAM Software)
TubeBox (HKLM-x32\...\{dfba3ed5-70d7-4801-8429-7e77a5fb11ea}) (Version: 5.0.0.0 - Freetec)
TubeBox (x32 Version: 5.0.0.0 - Freetec) Hidden
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Vampires Dawn: Reign of Blood (HKLM-x32\...\{CF55095E-07AA-432E-8376-CEF71D70746A}_is1) (Version: Vampires Dawn: Reign of Blood 1.31 - Brianum)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Wild Earth - Africa (HKLM-x32\...\{9D56D5FF-9B49-4435-B23C-E6FE1D4C708C}) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wordpool 2.7.7 (HKLM-x32\...\Wordpool_is1) (Version:  - Thorsten Gottlob)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version:  - )
Xvid 1.1.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version:  - DOSBox Team)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version:  - Zylom Games)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2014-08-16 23:37 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {032860FB-E501-499A-973C-526E9973849D} - System32\Tasks\{908628FC-D33F-4F87-872D-124767B41DBA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {0A6F3F4D-7B3D-48D8-8DAB-5DBCE1A7B153} - System32\Tasks\{1E175039-0B33-4334-BE0B-C5EAEC15FC62} => C:\Program Files\BlackIsle\Fallout2\fallout2.exe [2013-12-04] ()
Task: {15DE84B3-5007-4948-A9DF-2414EE23DAB0} - System32\Tasks\{B68316D6-EBE5-403C-A1CB-C3E3559BA30C} => C:\Users\Sarah\Pictures\Comics\Biber\f2patch-gr.exe [2013-11-24] ()
Task: {16C1E7AC-21F5-4F82-A71B-02BAE87CFAE8} - System32\Tasks\{B4A6BEFD-3AD7-4DD7-BE6C-41283E631407} => D:\Setup.exe
Task: {1908BECC-26A8-4F19-95CA-41A5F509C207} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {1C95CEBC-5FAF-4EB0-A17D-B6A3EE68B6C7} - System32\Tasks\{F019608E-FA9B-4289-8426-129E3CBAC1E3} => D:\Setup.exe
Task: {25B8EA26-CB76-4D38-B1E5-B0FE6C725967} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {2FF5F493-B6E1-4FE2-8D81-08E0B99D55D6} - System32\Tasks\{DB0BDB56-F6C3-47A3-8F87-E5E31ED77A76} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\DieSupertalentAgenturCD\DieSupertalentAgentur_og.exe [2009-09-01] ()
Task: {33E45341-BBD4-4CA2-B44C-9A5876329EAF} - System32\Tasks\{62B07373-AF3E-4138-B329-55735F88B046} => C:\Phenomedia AG\Sven zwo XXL\Sven2.exe [2002-11-13] ()
Task: {3A3B68E4-D617-45A4-98E1-986695FD188C} - System32\Tasks\{EE0971F9-6E65-45BA-B759-211ABDE53ECE} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {49D9D5A3-37A6-4553-B746-1472C5CAAE13} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {50AA2405-6723-43BA-AD0A-1FB3D32904E3} - System32\Tasks\{6E901973-4519-4ADC-A2A7-F48C624E9451} => Firefox.exe 
Task: {518F6E86-0B51-4B4F-9BDA-1B2A84A6E535} - System32\Tasks\{0FE207D0-2C83-44E5-BC1A-3E97F80D63C1} => C:\Program Files (x86)\Sevengames\GNTM2011\bin\Gntm11.exe [2011-01-27] (Independent Arts Software GmbH)
Task: {532F08A1-4680-49E1-9CA6-2EAC32D127E1} - System32\Tasks\{686E36BE-4A86-4736-95EE-9EAFD0EB6769} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {5341D64B-2A79-4438-81C4-83D39E6F13C6} - System32\Tasks\{5A76323A-75B2-4AAC-8F47-ABE32592F040} => C:\Users\Sarah\Downloads\scrnsav1.exe [2012-05-18] ()
Task: {55C44F49-416A-4316-871C-8E33D21CB280} - System32\Tasks\{61B2A627-7F9B-4197-91F4-169590D8A7CB} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {59BD72F5-2380-4121-ABEF-80D4A70216E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29] (Google Inc.)
Task: {5D216631-7729-474B-9995-E49990FE9A01} - System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75} => C:\Users\Sarah\Desktop\FRST-OlderVersion\FRST64(1).exe
Task: {5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {6174608E-DBA3-49B4-96F5-A6FB9237AD3F} - System32\Tasks\{F5F002CB-F043-4E25-AE2E-5AA53F2DFB57} => C:\Program Files (x86)\MyMDb\MyMDb.exe
Task: {758133FC-63B4-4782-B92C-0B6C07F5A692} - System32\Tasks\{A092F01D-4E70-4133-AEE6-4C2E3AC56788} => C:\Phenomedia AG\Sven zwo XXL\Sven2.exe [2002-11-13] ()
Task: {76A842BD-8423-442E-A0A9-FC99E244A606} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {790A861E-D518-4B43-B050-9462B9D945AF} - System32\Tasks\{CBA65AA1-0BDE-4084-AB61-3AECF3AD327C} => C:\Program Files (x86)\rondomedia\Beyond the Legend Mysteries of Olympus\MysteriesOfOlympus.exe
Task: {798D4C86-E220-4169-9013-614B706AF5FC} - System32\Tasks\Norton Security Scan for Sarah => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {7A9BDD88-25FE-47C2-B773-6339AB6F3744} - System32\Tasks\{8A06A33B-EA19-4496-91E4-0560988D5C84} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {7D2FC61A-6732-458F-B221-5FB39E3D3113} - System32\Tasks\{539BD50E-C683-4AB4-9916-B5BEA62E0FC9} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {843BA38A-4DD0-4D37-8EBD-E0F3D878647B} - System32\Tasks\{9A4BFED0-5FE2-4871-AD24-F1C852C23C49} => C:\Program Files (x86)\Team6\Pizzadude\Pizza.exe [2005-08-25] ()
Task: {86D33314-72C1-4CAF-8EAB-C672D9B44B28} - System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494} => Firefox.exe 
Task: {88E7727E-1F92-49D9-ACC7-B1C9D4CCC8E7} - System32\Tasks\{BF6FB462-6206-4FD3-9236-0D9FFBCF6CFB} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\DieSupertalentAgenturCD\DieSupertalentAgentur_og.exe [2009-09-01] ()
Task: {8B447F9D-703A-4311-B874-A0F67DBCC625} - System32\Tasks\{B92031EA-A95C-4776-8EDE-7E16DBAFFD8D} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {9B182628-6F30-4D56-AB6D-43A9D18FCFFD} - System32\Tasks\{6900BB4E-F314-4347-841C-A323397E3D0C} => C:\Program Files (x86)\MyMDb\MyMDb.exe
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe 
Task: {9EF8973A-2D5A-4B63-81C3-9BC632F2D327} - System32\Tasks\{A3551CEC-8D2F-46A7-81D0-1BD9CF882D6B} => C:\Users\Sarah\Downloads\scrnsav1.exe [2012-05-18] ()
Task: {AD8BDF11-AF96-4B6C-A286-563101F7A122} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {B39F013C-0DDE-47EA-8A4A-8AC2DB52E8EC} - System32\Tasks\{391CFB0D-5B64-41D5-BACE-152703C23AE8} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {B6325D1F-6D6F-411F-B7FD-005FC97EDD3E} - System32\Tasks\{E2F737C3-FA56-4B6E-AE7A-BE997D130442} => Firefox.exe 
Task: {BC9DC276-AD8E-44EE-A536-09BFAD120BDC} - System32\Tasks\{49AF0BDB-6CCA-4DA3-802C-0020BB11EEAD} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3ng.exe [2008-09-18] (Bethesda Softworks)
Task: {C32E871F-3DF7-4DED-A2FD-54C009DBD23A} - System32\Tasks\{0A1CEB46-F3C4-465D-8356-E411496995AD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {C677707C-9037-478F-B9EE-BCEBFA73BA30} - System32\Tasks\{520D3F34-33DC-4F0A-AE94-4C3C8C178FA6} => C:\Program Files (x86)\The Witcher Enhanced Edition\launcher.exe
Task: {C7A6ED93-7FB0-4128-B7B6-DB0AAF28F1F3} - System32\Tasks\{60F25028-D646-44ED-A6B3-EC96896C988C} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3ng.exe [2008-09-18] (Bethesda Softworks)
Task: {CBA67A05-C8FD-40B1-BB3F-D72DD75B23B2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {CD03EBE0-A313-4474-A7BB-26EACE9D5F98} - System32\Tasks\{B8C0B267-3CB9-45C0-91D2-936BD12C96CF} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {D093D724-59A1-4E17-B7B7-5979AE6EF319} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D3401B57-D134-4616-86D6-F6EDC3C4DD9E} - System32\Tasks\{2865776C-9E68-49AC-AB19-0A2A705AF765} => C:\Program Files\BlackIsle\Fallout2\fallout2.exe [2013-12-04] ()
Task: {D511EB43-D12C-4D49-B290-99298C351A0E} - System32\Tasks\{F3A6F751-33E3-440A-B18B-2100CB8FE1BF} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {D8BB4043-2506-410A-A4FF-3F528F44E809} - System32\Tasks\{B3902843-EE73-4FB9-930E-361668657EB1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {D9720FC7-A84C-4DA5-8CC9-14EB02850863} - System32\Tasks\{E9A7E957-A966-426F-847F-09043B276C0B} => Firefox.exe 
Task: {DD668C30-66EF-45DA-AE36-E022B68D2CEE} - System32\Tasks\{5A0832CF-D018-4774-8324-C79A9319B224} => C:\Users\Sarah\Pictures\Comics\Biber\f2patch-gr.exe [2013-11-24] ()
Task: {E4BBB579-5103-4493-8B3C-D8DE0AA583DF} - System32\Tasks\{FFE47AAB-83DC-4B60-9A66-A62A4CF2F202} => C:\Program Files (x86)\Team6\Pizzadude\Pizza.exe [2005-08-25] ()
Task: {ECF2E370-A09A-4DAB-90AE-F6626721DE88} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {F40C7E67-6DCC-44D7-A63D-A1B38D6372DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29] (Google Inc.)
Task: {F69A26A3-5170-4CBD-943B-A24C78CBEEA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {F7CACCBB-2712-4E97-AAFD-702CB6225AF2} - System32\Tasks\{B595A3E7-CBC3-4A5F-B182-4D0967A4E6EC} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {FE4427D0-4F9B-48DC-8DEE-B4F29830E401} - System32\Tasks\{66F1581B-1426-4E85-8767-A1DAF02F1AB3} => C:\Program Files (x86)\JoWood\Hotel Gigant\Hotel.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Sarah.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe

==================== Loaded Modules (whitelisted) =============

2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 ____C () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2014-07-09 06:54 - 2014-07-09 06:54 - 00301152 ____C () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-16 19:43 - 2014-08-16 19:43 - 02797568 ____C () C:\Program Files\AVAST Software\Avast\defs\14081601\algo.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 ____C () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2014-08-10 16:30 - 2014-07-17 07:42 - 03800688 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2

Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%2

Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet: 
%%2


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-08-16 23:34:28.215
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-16 23:34:28.168
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-16 23:34:28.121
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-16 23:34:28.074
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-16 17:12:45.508
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-08-16 17:12:45.461
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 4025.98 MB
Available physical RAM: 2491.48 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 6553.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:287.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4760A999)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

M-K-D-B · 17.08.2014, 08:38

Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern.
Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0; \??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0; \??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
Task: {1908BECC-26A8-4F19-95CA-41A5F509C207} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {49D9D5A3-37A6-4553-B746-1472C5CAAE13} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {5D216631-7729-474B-9995-E49990FE9A01} - System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75} => C:\Users\Sarah\Desktop\FRST-OlderVersion\FRST64(1).exe
Task: {5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {50AA2405-6723-43BA-AD0A-1FB3D32904E3} - System32\Tasks\{6E901973-4519-4ADC-A2A7-F48C624E9451} => Firefox.exe 
Task: {86D33314-72C1-4CAF-8EAB-C672D9B44B28} - System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494} => Firefox.exe 
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe 
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe 
Task: {AD8BDF11-AF96-4B6C-A286-563101F7A122} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {B6325D1F-6D6F-411F-B7FD-005FC97EDD3E} - System32\Tasks\{E2F737C3-FA56-4B6E-AE7A-BE997D130442} => Firefox.exe 
Task: {D9720FC7-A84C-4DA5-8CC9-14EB02850863} - System32\Tasks\{E9A7E957-A966-426F-847F-09043B276C0B} => Firefox.exe 
Task: {ECF2E370-A09A-4DAB-90AE-F6626721DE88} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Alessia · 17.08.2014, 15:25

FRST Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2014 04
Ran by Sarah at 2014-08-17 09:49:03 Run:2
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
S3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0; \??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0; \??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
Task: {1908BECC-26A8-4F19-95CA-41A5F509C207} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {49D9D5A3-37A6-4553-B746-1472C5CAAE13} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {5D216631-7729-474B-9995-E49990FE9A01} - System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75} => C:\Users\Sarah\Desktop\FRST-OlderVersion\FRST64(1).exe
Task: {5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {50AA2405-6723-43BA-AD0A-1FB3D32904E3} - System32\Tasks\{6E901973-4519-4ADC-A2A7-F48C624E9451} => Firefox.exe 
Task: {86D33314-72C1-4CAF-8EAB-C672D9B44B28} - System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494} => Firefox.exe 
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe 
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe 
Task: {AD8BDF11-AF96-4B6C-A286-563101F7A122} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {B6325D1F-6D6F-411F-B7FD-005FC97EDD3E} - System32\Tasks\{E2F737C3-FA56-4B6E-AE7A-BE997D130442} => Firefox.exe 
Task: {D9720FC7-A84C-4DA5-8CC9-14EB02850863} - System32\Tasks\{E9A7E957-A966-426F-847F-09043B276C0B} => Firefox.exe 
Task: {ECF2E370-A09A-4DAB-90AE-F6626721DE88} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
EmptyTemp:
end
         
*****************

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
"HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
PCDSRVC{EDD8E36B-450E27F9-06020101}_0 => Service deleted successfully.
PCDSRVC{EDD8E36B-AED7022D-06020101}_0 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1908BECC-26A8-4F19-95CA-41A5F509C207}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1908BECC-26A8-4F19-95CA-41A5F509C207}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49D9D5A3-37A6-4553-B746-1472C5CAAE13}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49D9D5A3-37A6-4553-B746-1472C5CAAE13}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D216631-7729-474B-9995-E49990FE9A01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D216631-7729-474B-9995-E49990FE9A01}" => Key deleted successfully.
C:\Windows\System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C176B42-A2C2-40B5-9582-812109898D75}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50AA2405-6723-43BA-AD0A-1FB3D32904E3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50AA2405-6723-43BA-AD0A-1FB3D32904E3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6E901973-4519-4ADC-A2A7-F48C624E9451} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6E901973-4519-4ADC-A2A7-F48C624E9451}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86D33314-72C1-4CAF-8EAB-C672D9B44B28}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86D33314-72C1-4CAF-8EAB-C672D9B44B28}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BBD5199-DB01-4942-88D0-BF37F4CBC939}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBD5199-DB01-4942-88D0-BF37F4CBC939}" => Key deleted successfully.
C:\Windows\System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43AFED53-2E0A-4812-BF70-9775779216B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BBD5199-DB01-4942-88D0-BF37F4CBC939}" => Key not found.
C:\Windows\System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43AFED53-2E0A-4812-BF70-9775779216B0}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AD8BDF11-AF96-4B6C-A286-563101F7A122}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD8BDF11-AF96-4B6C-A286-563101F7A122}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-chromeinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6325D1F-6D6F-411F-B7FD-005FC97EDD3E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6325D1F-6D6F-411F-B7FD-005FC97EDD3E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E2F737C3-FA56-4B6E-AE7A-BE997D130442} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2F737C3-FA56-4B6E-AE7A-BE997D130442}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9720FC7-A84C-4DA5-8CC9-14EB02850863}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9720FC7-A84C-4DA5-8CC9-14EB02850863}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E9A7E957-A966-426F-847F-09043B276C0B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E9A7E957-A966-426F-847F-09043B276C0B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ECF2E370-A09A-4DAB-90AE-F6626721DE88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECF2E370-A09A-4DAB-90AE-F6626721DE88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Plus-HD-3.8-enabler" => Key deleted successfully.
C:\ProgramData\Temp => ":93DE1838" ADS removed successfully.
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
EmptyTemp: => Removed 493.4 MB temporary data.


The system needed a reboot. 

==== End of Fixlog ====

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1c97fc72b08bf646bcb4dc698a9ebe19
# engine=19697
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-08-17 01:53:12
# local_time=2014-08-17 03:53:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 1408592 172704082 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 81529 159913442 0 0
# scanned=367433
# found=86
# cleaned=0
# scan_time=14910
sh=83BB986E40DDC0574137E703AE46360EFD58AEC8 ft=1 fh=4eacabcddf74ac25 vn="Variante von Win32/Injected.F Trojaner" ac=I fn="C:\Users\Sarah\AppData\Local\PMB Files\Upgrade41270\PMB_update.exe"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js"
sh=91A6607DBD508E202138D84D346DE82921F06C9B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js"
sh=5C5A008E55F177D6F69D40492574390E4EADCF7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js"
sh=2CAA8A9B9F1D7D41CAD7CD1DE9C253EF4411A15E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js"
sh=4E356A3537E9A4B3814169EBE549D1C2AB3EC78F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js"
sh=E254E0BD5C202A441B4F7415C762F7D537A79E24 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js"
sh=5B79E1012732BA64F2D1FDF7DBF44CAD28FE7CDD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js"
sh=786B0C8D3A9F6EFBCDB103B0FA7F9460D38C5D7B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js"
sh=CB95B247FABF95831A2974B87B334DBE4597CEB2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js"
sh=9200578E0A1027E0EE00111B9545601BC953C1A7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\101_cortica_m.js"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\102_dealply_m.js"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\103_intext_5_m.js"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\104_jollywallet_m.js"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\105_corticas_m.js"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\107_coupish_m.js"
sh=6FD52BE8732402A681159484442B6AA0351C4243 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\108_icm_m.js"
sh=F0D9BB17EC343592F74C53A4E3E5E460B90DD3E2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\116_ads_only_5_m.js"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\117_coupons_intext_ads_5_m.js"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\119_similar_web_m.js"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\120_luck_m.js"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\123_intext_adv_m.js"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\124_superfish_no_search_no_coupons_m.js"
sh=62B063E0D121966E9A83C9AB518DADAE47423555 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\125_arcadi2_m.js"
sh=C21C6121D5A11EC0786BFEACA62CAB5697C9266F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\126_revizer_ws_m.js"
sh=FBCA935E295A6F9DD0A6118DAE63ADB15EC5F2DD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\127_revizer_p_m.js"
sh=4A86247BDE5D2225473389037FA942819FD677CF ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\128_superfish_pricora_m.js"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\129_widdit_m.js"
sh=B9CFC11B067C54952D592C618BD391AA26B3393B ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\135_arcadi3_m.js"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\138_getdeal_m.js"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\141_corticas_ru_m.js.js"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\142_intext_fa_m.js"
sh=5925EABD04108D9E7E0BF8A0ECBAEC38DE8BFFEC ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\155_ibario_pops_m.js"
sh=A28CB6571CE8071F7AC0A6BA249259A684E96292 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\158_50onred_ads_only_no_fb_m.js"
sh=18C46AE5CB67274764D17F8A40975EEB5C67F795 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\159_cortica_rollover_m.js"
sh=83049A36E01F304F22C9A582B5826457E2B8BF0F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\170_icm1_5_m.js"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\171_arcadi2_sourceID_m.js"
sh=FAD5F9E3F4DA8ED3ACC760906893EC897A53D622 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js"
sh=92DD07C2421C2C5A4996E399DB6707B4707488F7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\92_superfish_m.js"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com\extensionData\plugins\93_superfish_no_coupons_m.js"
sh=6FFC7D3F13E82AD48357E2ACAB1397924510E4B2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\prefs.js"
sh=37EA4EE202576F21632103FEB7C1AF19CBB1C2D0 ft=1 fh=9657e017f09cb1d4 vn="Variante von Win32/Toolbar.Iminent.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\Diverses\Bootstrapper_0-uvdhqmaP_.exe"
sh=F2907B7FDACA0AB5447B00A5530F0B034C129013 ft=1 fh=1284513a150259ce vn="Variante von Win32/KBM.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Desktop\TubeBox_Setup_Eng.exe"
sh=80CDA6760D5E3F8A55FAB2676B9BE057D4FE6978 ft=1 fh=129f263301e56cfa vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\aTubeCatcher-3.1.1462.exe"
sh=EE9717AD935A15AB07DD2E226398C2D9082D8E82 ft=1 fh=b775fe24c08839c1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\avira_free_antivirus_de(1).exe"
sh=EE9717AD935A15AB07DD2E226398C2D9082D8E82 ft=1 fh=b775fe24c08839c1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\avira_free_antivirus_de(2).exe"
sh=982957D10AF32267196D3837D4F1003D5A2C3C9F ft=1 fh=7689509a05c58463 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\avira_free_antivirus_de-13.0.0.3185.exe"
sh=9ED22B17AF956934B73F176C0AEB87AFA2F2B5B3 ft=1 fh=f57fa58ae860c262 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\avira_free_antivirus_de.exe"
sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\ccsetup413.exe"
sh=CECE6F3E9885AC15BD399B5E20D8551BC08A11F9 ft=1 fh=7411c1bb971f5c3b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\FreemakeYoutubeMp3ConverterSetup_3.5.4.0.exe"
sh=BEB2872C5EE9890C656B293C5EFBAD0220B4E538 ft=1 fh=3852d8d68dbe73c3 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\FreeYouTubeToMP3Converter31014.exe"
sh=E8CD33623287C08C7CC3662A042E45522654BB30 ft=1 fh=7cd3b160b0dbd4bd vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\FreeYouTubeToMP3Converter37.exe"
sh=07CF040FEFA25DFDA4287BAB632EAB806E294695 ft=1 fh=0db8f293d4a19d8f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\FreeYouTubeToMP3Converter_3.11.22.exe"
sh=0FDB8BA2A848B308E15B606D1345536043F3D2F7 ft=1 fh=e29788444ac6019f vn="Variante von Win32/Downloader.JooSoft.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\IE9-Windows7-x64-deu.exe"
sh=8AF1FBF0DDB3F17E4B38755D5A4533D605713B41 ft=1 fh=87a52e74e7f7d58b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Downloads\IZArc4.1.6.exe"
sh=79DA2FDB39E1839B1F1CE227D1E9F09712AAB646 ft=1 fh=6b8e9e437fa8d47b vn="Variante von Win32/InstallShare.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\proxtube-chrome.exe"
sh=3F5FC213362FC6D053004527B8299C8F14D897CD ft=1 fh=6f9ca6945f4d30c3 vn="Variante von Win32/InstallCore.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\TubeBox_Setup(4).exe"
sh=41AAF09FD0E4D3BAB6ACEF2665D4E635725D9567 ft=1 fh=aaa682b2b3fc7ee7 vn="Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\youtube-dlm_1.0_de-DE.exe"
sh=EBA62C89C6BF7FB5536A06DD03D15187BBACFF2A ft=1 fh=23353f56fb4a75a9 vn="Variante von MSIL/DownloadGuide.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\youtube-dlm_1.0_en-US.exe"
sh=84A641B313F1FAA471CB5B4E3390ECB76DD44D4A ft=1 fh=5a7474dd277f4d4f vn="Variante von Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Downloads\YouTubeDownloaderSetup33.exe"
sh=05B0F58D50FA0DC230E086E2CC4ED3C50C4D2E45 ft=1 fh=29694a66a3827e54 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\ActivePresenter Free Edition - CHIP-Downloader.exe"
sh=F087CD71F0FCAF34B35AAF3DFF2EF13779727F7A ft=1 fh=c71c0011e48792bc vn="Win32/InstallCore.MF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\COMPUTER_BILD-Download-Manager_fuer_ccsetup413.exe"
sh=93BE8B03F87776877C0B049B59119D1248FD3AF7 ft=1 fh=c71c0011a7df4c29 vn="Variante von Win32/InstallCore.OO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\COMPUTER_BILD-Download-Manager_fuer_MyMDb_Setup-3.6_dir_scan_fix.exe"
sh=0F3DE1BAF760DF30CF25B51EED3C4ED2D73C8E84 ft=1 fh=f36e453a3dab78b0 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\filepanther-1-21.exe"
sh=23069A7B5521BCDB446CCE06FFE44CF90E05099B ft=1 fh=1faa6a81dc68889c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\FreeDailymotionDownload.exe"
sh=BE2F8A758E879641AC8BB4869E95765C03DC6F3E ft=1 fh=e64f2bf99183e692 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\MyMDb - CHIP-Downloader.exe"
sh=5A32835A66ACF5C53C699A1E2FF7A9D1F770A850 ft=1 fh=e66ce2eaefbcd808 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\tubebox5.exe"
sh=8FCF97C2F1FE60E407CCEB0E19CF28B0C96C8CC1 ft=1 fh=35272a6e1d023cfd vn="Variante von Win32/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sarah\Pictures\Comics\Biber\YTD471Setup.exe"

SecurityCheck

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.145  
 Adobe Reader 10.1.8 Adobe Reader out of Date!  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

M-K-D-B · 18.08.2014, 08:22

Sehr viele deiner heruntergeladenen Programme sind mit Adware infiziert, d. h. wenn du dir die Programme installierst, bekommst du automatisch Werbesoftware auf den Rechner und hast die gleichen Probleme bald wieder.

Lade Software bitte nur beim Hersteller/Entwickler, sonst nirgends!

Reste entfernen
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
C:\Users\Sarah\AppData\Local\PMB Files\Upgrade41270\PMB_update.exe
C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\extensions\staged\c17236e8-fd66-44bc-aeef-1e00981cbb64@0a4ee0fe-5356-4fd3-b37c-5cd5671a315c.com
C:\Users\Sarah\Desktop\Alte Firefox-Daten\yjrjytcw.default\prefs.js
C:\Users\Sarah\Desktop\Diverses\Bootstrapper_0-uvdhqmaP_.exe
C:\Users\Sarah\Desktop\TubeBox_Setup_Eng.exe
C:\Users\Sarah\Downloads\*.exe
C:\Users\Sarah\Pictures\Comics\Biber\ActivePresenter Free Edition - CHIP-Downloader.exe
C:\Users\Sarah\Pictures\Comics\Biber\COMPUTER_BILD-Download-Manager_fuer_ccsetup413.exe
C:\Users\Sarah\Pictures\Comics\Biber\COMPUTER_BILD-Download-Manager_fuer_MyMDb_Setup-3.6_dir_scan_fix.exe
C:\Users\Sarah\Pictures\Comics\Biber\filepanther-1-21.exe
C:\Users\Sarah\Pictures\Comics\Biber\FreeDailymotionDownload.exe
C:\Users\Sarah\Pictures\Comics\Biber\MyMDb - CHIP-Downloader.exe
C:\Users\Sarah\Pictures\Comics\Biber\tubebox5.exe
C:\Users\Sarah\Pictures\Comics\Biber\YTD471Setup.exe
Reboot:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren.
Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren.
Deinstalliere die folgenden Programme von deinem Rechner:

Adobe Flash Player
Adobe Reader

Starte deinen Rechner nach der Deinstallation neu auf.
Downloade und installiere dir bitte nun:

Adobe Flash Player
Adobe Reader (Entferne vor dem Download den Haken bei McAfee Security Scan)

Starte deinen Rechner nach der Installation neu auf.

Schritt 2
Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Schritt 3
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.

Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti-Viren-Programm und zusätzlicher Schutz

Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist! Ein kostenloses Anti-Viren Programm, das wir empfehlen, wäre z. B. Avast! Free Antivirus oder Microsoft Security Essentials.
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt. Du kannst es zusätzlich zu deinem Anti-Viren Programm verwenden.
Update das Tool und lasse es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
AdwCleaner
Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwünschten Programmen (PUPs).
Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt von der Herstellerseite auf den Desktop herunterladen. Auch dieses Programm kann parallel zu deinem Anti-Viren Programm verwendet werden.
SpywareBlaster
Eine kurze Einführung findest du Hier

Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox

Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzuzufügen reicht und dieser wird nicht mehr geladen.
Es spart außerdem Downloadkapazität.

Performance

Halte dich fern von Registry Cleanern.
Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
Miekemoes Blogspot ( MVP )

Was du vermeiden solltest:

Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..).
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!

Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alessia · 18.08.2014, 19:32

Das Problem ist gelöst, nur nach dem Adobe Flash Player neuinstalliert habe, funktioniert dieser nicht mehr richtig. Manche Dinge werden nicht geladen und beim Mauszeiger flackert das Kreissymbol, dass dann auftaucht.

16.08.2014, 15:50	#6
M-K-D-B /// TB-Ausbilder	Proxy-Server verweigert die Verbindung Servus, führe bitte mal den FRST-Scan (Schritt 4) wie beschrieben aus und poste mir die neuen beiden Logdateien.

Proxy-Server verweigert die Verbindung

Plagegeister aller Art und deren Bekämpfung: Proxy-Server verweigert die Verbindung