Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Proxyserver als Zwischenspeicher

Proxyserver als Zwischenspeicher


Plagegeister aller Art und deren Bekämpfung: Proxyserver als Zwischenspeicher

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.03.2015, 17:46   #1
streichwurst
 
Proxyserver als Zwischenspeicher - Standard

Proxyserver als Zwischenspeicher


Hallo,

Ich hoffe ich hab das richtige Unterforum erwischt und ihr könnt mir bei meinem Problem weiterhelfen:

Ich habe die Vermutung, dass mir von Dritten eine Art Proxyserver auf dem Laptop installiert wurde, ähnlich dem Proxy Fiddler.
Anzeichen dafür sind u.a. veränderte Porteinstellungen (8888) oder die Fehlermneldung des Browsers 'Verbindung zum Proxyserver konnte nicht hergestellt werden'

Nun zu meiner Frage:
Woran und Wie erkenne ich das meine Datenkommunikation zwischen Browser und Webserver zusätzlich über einen Proxyserver geleitet wird?
Dies müsste doch im Task Host sowie in anderen Programmen ersichtlich sein ebenso wie die Adresse, wo die Mitschnitte gespeichert werden (sollte es Sie denn überhautpt geben)


Würden euch in diesem Falle die Logfiles/Infos von Defogger, Frst und GMER weiterhelfen?

Der Laptop wird nur von mir privat genutzt.



Über Hilfe würde ich mich sehr freuen

PS: Da ich in Computerdingen nicht sonderlich versiert bin, würde eine Prüfung von externer Seite Sinn machen. Kann mir jmd einen PC-Spezialisten im Raum München empfehlen, welcher sich in o.g. Bereich auskennt?

Alt 17.03.2015, 18:24   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Proxyserver als Zwischenspeicher - Standard

Proxyserver als Zwischenspeicher


hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Alt 11.04.2015, 10:17   #3
streichwurst
 
Proxyserver als Zwischenspeicher - Standard

Proxyserver als Zwischenspeicher


So besser spät als nie
Habs geschafft das Logfile zu erstellen:

FRST.text
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Karina (administrator) on KARINA-PC on 06-04-2015 15:37:45
Running from C:\Users\Karina\Downloads
Loaded Profiles: Karina (Available profiles: Karina & Stefanie & Christine)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
( ) C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Karina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Karina\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [RadioRage Home Page Guard 64 bit] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\AppIntegrator64.exe [485448 2013-12-16] ( )
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-07-11] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [RegKillElbyCheck] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe [45056 2002-11-02] (Elaborate Bytes AG)
HKLM-x32\...\Run: [RegKillTray] => C:\Program Files (x86)\Elaborate Bytes\DVD Region Killer\RegKillTray.exe [49152 2002-11-27] (Elaborate Bytes)
HKLM-x32\...\Run: [RadioRage EPM Support] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jmedint.exe [12872 2013-12-16] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [RadioRage Search Scope Monitor] => C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jSrchMn.exe [55368 2013-12-16] (Mindspark)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\Run: [Spotify Web Helper] => C:\Users\Karina\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\Run: [GoogleChromeAutoLaunch_1F4BC05B2A76D245A460E104DA4D2093] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Karina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360411l315l0304z115t4872c895
HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
URLSearchHook: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE427
SearchScopes: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> {5A2B9405-8D69-44DA-9374-4B15A30B2E34} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0F23FA04-A182-4E48-A002-D3D5EFEEAE22&apn_sauid=B4FADEF7-4781-411F-B226-1DB2B7DD7FA8
SearchScopes: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE427
SearchScopes: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> {88AA7A1B-6B6A-4909-B0CF-4F4D99A7B547} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Hotspot Shield Class -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default
FF DefaultSearchEngine: Ask Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask Web Search
FF Homepage: hxxp://home.tb.ask.com/index.jhtml?ptb=A2E40047-6FC3-429A-B8AB-8040DD81E367&n=780c4f87&p2=^ZX^stu238^YYA^de
FF Keyword.URL: hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=A2E40047-6FC3-429A-B8AB-8040DD81E367&n=780c4f87&ind=2014072711&p2=^ZX^stu238^YYA^de&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-02-20] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @RadioRage_4j.com/Plugin -> C:\Program Files (x86)\RadioRage_4j\bar\1.bin\NP4jStub.dll [2013-12-16] (Mindspark)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-15] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\user.js [2011-12-24]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2013-03-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2011-07-11] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\ask-web-search.xml [2014-07-27]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\askcom.xml [2012-11-17]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-1.xml [2012-11-17]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-10.xml [2011-09-08]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-11.xml [2011-10-31]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-12.xml [2012-01-28]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-13.xml [2012-05-01]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-14.xml [2012-08-20]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-15.xml [2012-08-22]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-16.xml [2012-10-01]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-17.xml [2012-10-20]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-2.xml [2011-06-22]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-3.xml [2011-06-24]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-4.xml [2011-08-17]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-5.xml [2011-08-19]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-6.xml [2011-08-22]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-7.xml [2011-08-23]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-8.xml [2011-08-23]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin-9.xml [2011-09-02]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin.gif [2012-07-24]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin.src [2012-07-24]
FF SearchPlugin: C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\searchplugins\icqplugin.xml [2011-06-11]
FF Extension: RadioRage - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\4jffxtbr@RadioRage_4j.com [2013-12-16]
FF Extension: Yahoo! Toolbar - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012-10-19]
FF Extension: ICQ Toolbar - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-08-03]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011-04-20]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-08-03]
FF Extension: DivX Web Player - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-04-19]
FF Extension: Adblock Plus - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-07-30]
FF Extension: Greasemonkey - C:\Users\Karina\AppData\Roaming\Mozilla\Firefox\Profiles\2bl7vgff.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-09-20]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-30]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-07-30]

Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chord Finder) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\abhmjooncijgbgefdkimcfmfogildjen [2013-10-19]
CHR Extension: (Bejeweled) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2013-10-19]
CHR Extension: (TV) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2012-10-21]
CHR Extension: (Isle of Tune) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bljldflafhmbedhjnlncilbhfcnfabgb [2013-10-19]
CHR Extension: (YouTube) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-20]
CHR Extension: (Google Search) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-20]
CHR Extension: (Chat Changer for Facebook) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\deimcbdalmfbijgdlddmfjibiigpkleo [2013-10-19]
CHR Extension: (Pixlr-o-matic) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehcibdjmpjlekgjhepbfmenfppliikcj [2013-10-19]
CHR Extension: (Facebook Disconnect) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2012-10-20]
CHR Extension: (Jungle Bubble) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\feangdjiphppieehfpeeahkgjkihkndg [2012-10-21]
CHR Extension: (Causality Games) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl [2013-10-19]
CHR Extension: (Bubble Shooter) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhkblechghlfhpniljnjlmojhjjdjpep [2012-10-20]
CHR Extension: (Virtual Piano Black) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjagcpcbacoaogfljhglghpjhkmmfeeo [2013-11-16]
CHR Extension: (Facebook™ Chat Privacy) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfpgaanechfneiboempkfjghninbibjn [2013-10-19]
CHR Extension: (Facebook Chat Notification) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao [2013-10-19]
CHR Extension: (AdBlock) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-10-20]
CHR Extension: (Cut the Rope) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2012-10-21]
CHR Extension: (Hola Better Internet) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2013-11-16]
CHR Extension: (Vimeo Couch Mode) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkdhkejcnlmkfdodbkdkelefnkobfif [2012-10-21]
CHR Extension: (Pretty Facebook Chat) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihamlfilbdodiokndlfmmlpjlnopaobi [2012-10-20]
CHR Extension: (Die Siedler Online) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmhcglhfdnepmdeelgjfdjckclajkha [2013-10-19]
CHR Extension: (History Eraser App) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjolhjmdgbhebcdnfjhngobjggghoipa [2013-10-19]
CHR Extension: (BBC Good Food) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2013-10-19]
CHR Extension: (Autodesk Homestyler) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2012-10-21]
CHR Extension: (Little Alchemy) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2013-10-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Webcam Toy) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2013-10-19]
CHR Extension: (White Tree) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\linaolnmdoamnblenlbkpoelfcfpeccm [2013-10-19]
CHR Extension: (AudioSauna) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-10-19]
CHR Extension: (Google Maps) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-10-20]
CHR Extension: (Rain Alarm) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\meaikaglpfemjncbioflellmppndgmok [2013-10-19]
CHR Extension: (Google Play Books) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2013-10-19]
CHR Extension: (Facebook Notifications) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmameahlembdcigphohgiodcgjomcgeo [2012-10-20]
CHR Extension: (Google Wallet) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (GIFPAL) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2013-10-19]
CHR Extension: (BMI Calculator) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbapipcgadndjlpokbcmgohpjpgkbodo [2013-10-19]
CHR Extension: (Viewster - Watch Free Movies Online) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfiekkcjcnhbjofcjcfblhcccjkpkheh [2013-10-19]
CHR Extension: (Gmail) - C:\Users\Karina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-22] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [1019688 2014-06-27] (AnchorFree Inc.)
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-06-27] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [573224 2014-06-26] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 RadioRage_4jService; C:\Program Files (x86)\RadioRage_4j\bar\1.bin\4jbarsvc.exe [88648 2013-12-16] (COMPANYVERS_NAME)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-17] (Avira Operations GmbH & Co. KG)
S2 ElbyCDIO; C:\Windows\SysWOW64\Drivers\ElbyCDIO.sys [16320 2002-11-29] (Elaborate Bytes AG) [File not signed]
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-06-27] (AnchorFree Inc.)
S3 RegKill; C:\Windows\SysWOW64\Drivers\RegKill.sys [6400 2002-11-27] (Elaborate Bytes) [File not signed]
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 15:37 - 2015-04-06 15:39 - 00032094 _____ () C:\Users\Karina\Downloads\FRST.txt
2015-04-06 15:37 - 2015-04-06 15:37 - 02095616 _____ (Farbar) C:\Users\Karina\Downloads\FRST64.exe
2015-04-06 15:37 - 2015-04-06 15:37 - 00000000 ____D () C:\FRST
2015-04-06 15:35 - 2015-04-06 15:36 - 01135104 _____ (Farbar) C:\Users\Karina\Downloads\FRST.exe
2015-03-08 12:09 - 2015-03-08 12:11 - 00000000 ___RD () C:\Users\Christine\Dropbox
2015-03-08 12:09 - 2015-03-08 12:09 - 00001142 _____ () C:\Users\Christine\Desktop\Dropbox.lnk
2015-03-08 12:08 - 2015-03-08 12:08 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-08 12:05 - 2015-03-08 12:09 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Dropbox
2015-03-08 12:05 - 2015-03-08 12:05 - 00355632 _____ (Dropbox, Inc.) C:\Users\Christine\Downloads\DropboxInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 15:39 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 15:39 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 15:38 - 2011-04-12 21:31 - 01367169 _____ () C:\Windows\WindowsUpdate.log
2015-04-06 15:35 - 2011-04-13 07:20 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-04-06 15:35 - 2011-04-13 07:20 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-04-06 15:35 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-06 15:34 - 2012-10-19 19:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-06 15:31 - 2013-11-17 14:25 - 00000000 ___RD () C:\Users\Karina\Dropbox
2015-04-06 15:31 - 2013-11-17 14:24 - 00000000 ____D () C:\Users\Karina\AppData\Roaming\Dropbox
2015-04-06 15:28 - 2011-04-16 10:25 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 15:27 - 2013-05-22 23:15 - 00018342 _____ () C:\Windows\setupact.log
2015-04-06 15:27 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-05 18:15 - 2011-04-16 10:25 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-22 14:58 - 2012-11-17 19:52 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\vlc
2015-03-22 13:33 - 2012-04-06 14:40 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\Spotify
2015-03-22 12:23 - 2013-11-17 14:25 - 00002159 _____ () C:\Windows\wininit.ini
2015-03-22 12:23 - 2013-11-17 14:25 - 00001025 _____ () C:\Users\Karina\Desktop\Dropbox.lnk
2015-03-22 12:23 - 2013-11-17 14:24 - 00000000 ____D () C:\Users\Karina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-22 12:23 - 2013-06-19 10:32 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-22 12:23 - 2013-06-19 10:28 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-22 12:23 - 2013-06-19 10:28 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-21 22:06 - 2012-11-17 19:52 - 00000000 ____D () C:\Users\Christine\AppData\Roaming\dvdcss
2015-03-08 12:09 - 2011-04-16 10:16 - 00000000 ____D () C:\Users\Christine
2015-03-08 12:00 - 2012-04-06 14:42 - 00000000 ____D () C:\Users\Christine\AppData\Local\Spotify
2015-03-07 12:41 - 2014-11-15 17:42 - 00000000 ____D () C:\Users\Karina\Documents\Bafög

==================== Files in the root of some directories =======

2009-11-03 06:04 - 2009-02-10 22:23 - 0192484 _____ () C:\Program Files (x86)\Common Files\Acer GameZone online.ico
2011-10-15 19:50 - 2011-10-15 19:50 - 0000000 _____ () C:\Users\Karina\AppData\Roaming\wklnhst.dat
2009-11-03 06:32 - 2009-11-03 06:35 - 0008415 _____ () C:\ProgramData\ArcadeDeluxe3.log
2009-11-03 06:04 - 2009-07-18 04:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Christine\AppData\Local\Temp\avgnt.exe
C:\Users\Christine\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Christine\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcej7ct.dll
C:\Users\Christine\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Christine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Karina\AppData\Local\Temp\ApnStub.exe
C:\Users\Karina\AppData\Local\Temp\avgnt.exe
C:\Users\Karina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphj0otu.dll
C:\Users\Karina\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Karina\AppData\Local\Temp\InstallAX.exe
C:\Users\Karina\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Karina\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Karina\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Karina\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Stefanie\AppData\Local\Temp\avgnt.exe
C:\Users\Stefanie\AppData\Local\Temp\SpotifyUpgrader.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2013-05-22 23:48

==================== End Of Log ============================
--- --- ---


Addition.text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Karina at 2015-04-06 15:40:39
Running from C:\Users\Karina\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7029 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7029 - CyberLink Corp.) Hidden
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.5.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI AVIVO64 Codecs (Version: 10.9.0.40908 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CF6EF6B0-129F-4CF2-D9F8-C3BDC60C9C01}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
ccc-core-static (x32 Version: 2009.0908.2225.38429 - Ihr Firmenname) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dropbox (HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Region Killer (HKLM-x32\...\DVD Region Killer) (Version: - Elaborate Bytes)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Free YouTube to MP3 Converter version 3.12.13.925 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.13.925 - DVDVideoSoft Ltd.)
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Haufe iDesk-Browser (HKLM-x32\...\{0F32914F-A633-4516-B531-7084C8F19F93}) (Version: 10.10.14.0000 - Haufe-Lexware GmbH & Co. KG)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotspot Shield 3.44 (HKLM-x32\...\HotspotShield) (Version: 3.44 - AnchorFree Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Internet-TV für Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Konz 2012 (HKLM-x32\...\InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}) (Version: 1.00.0000 - USM)
Konz 2012 (x32 Version: 1.00.0000 - USM) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Spotify (HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.2.0 - Synaptics Incorporated)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.0.4 (HKLM-x32\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.621 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4104824599-1605057238-1718441654-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Karina\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points =========================

30-08-2014 10:43:22 Windows Update
31-08-2014 09:08:18 Gerätetreiber-Paketinstallation: Anchorfree HSS VPN Adapter Netzwerkadapter
07-02-2015 20:03:38 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {092E4D86-38CF-4DA9-A2BD-95118770CABA} - System32\Tasks\Egis technology-Online-Aktualisierungsprogramm => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [2009-08-04] (Egis Technology Inc.)
Task: {3BB20230-75CC-41B3-BB16-386C9D2C8F58} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-07] (Adobe Systems Incorporated)
Task: {4B6BB7CE-AF67-4CCA-8933-C75641068B70} - System32\Tasks\Divx-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Task: {5C342F53-646D-4082-8881-525AEF2DB1E8} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21] (Adobe Systems Incorporated)
Task: {A89E9AD7-ED46-4996-9D01-1DA1A08E2176} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {C73D2BA3-4C38-493B-8EF0-A83B1926B39D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {E260D603-F302-43E6-970C-4B05E1DC93F7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4104824599-1605057238-1718441654-1000
Task: {EA848DF5-CF72-4850-8AB6-BC5A734AF2FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-01] (Google Inc.)
Task: {EF28C2A5-5C2C-4B59-8FA5-4B7A7F1EF4D3} - System32\Tasks\{28035321-1852-4108-99AF-3E888E88ABD9} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Task: {FA0A458E-68AD-4931-9C44-D8C928546B83} - System32\Tasks\{5AAED9BA-A9C1-4064-BA08-DE7399818775} => pcalua.exe -a C:\Users\Karina\Downloads\DivXInstaller(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-09-27 14:27 - 2005-03-12 01:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2014-06-26 23:56 - 2014-06-26 23:56 - 00573224 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
2011-04-12 21:41 - 2008-07-29 19:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-07-29 13:10 - 2009-07-29 13:10 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-04-12 21:31 - 2011-04-12 21:31 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-26 23:50 - 2014-06-26 23:50 - 00966440 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
2014-06-27 00:28 - 2014-06-27 00:28 - 00229160 _____ () C:\Program Files (x86)\Hotspot Shield\bin\cmwhydraplugin.dll
2014-06-27 00:02 - 2014-06-27 00:02 - 00520488 _____ () C:\Program Files (x86)\Hotspot Shield\bin\HssRep.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00750080 _____ () C:\Users\Karina\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-06 15:29 - 2015-04-06 15:29 - 00043008 _____ () c:\users\karina\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphj0otu.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00047616 _____ () C:\Users\Karina\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-05 00:08 - 2015-03-05 00:08 - 00865280 _____ () C:\Users\Karina\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-05 00:07 - 2015-03-05 00:07 - 00200704 _____ () C:\Users\Karina\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-04-05 18:14 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-05 18:14 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-05 18:14 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4104824599-1605057238-1718441654-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Karina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4104824599-1605057238-1718441654-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Stefanie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-4104824599-1605057238-1718441654-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-4104824599-1605057238-1718441654-500 - Administrator - Disabled)
Christine (S-1-5-21-4104824599-1605057238-1718441654-1004 - Administrator - Enabled) => C:\Users\Christine
Gast (S-1-5-21-4104824599-1605057238-1718441654-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4104824599-1605057238-1718441654-1006 - Limited - Enabled)
Karina (S-1-5-21-4104824599-1605057238-1718441654-1000 - Administrator - Enabled) => C:\Users\Karina
Stefanie (S-1-5-21-4104824599-1605057238-1718441654-1003 - Limited - Enabled) => C:\Users\Stefanie

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 01:31:41 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...

Error: (02/07/2015 07:58:28 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...

Error: (11/29/2014 10:41:08 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.IOException
Stapel:
bei System.Xml.XmlTextReaderImpl.OpenUrl()
bei System.Xml.XmlTextReaderImpl.Read()
bei System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
bei System.Xml.XmlDocument.Load(System.Xml.XmlReader)
bei System.Xml.XmlDocument.Load(System.String)
bei Avira.OE.WinCore.OeSettingsAccessor.LoadXmlDocumentFromFile()
bei Avira.OE.WinCore.OeSettingsAccessor.Get(System.String)
bei Avira.OE.ServiceHost.BundleIdReporter.ShouldSendBundleId(System.String)
bei Avira.OE.ServiceHost.BundleIdReporter.SendBundleId()
bei Avira.OE.ServiceHost.ServiceHost.CheckBundledProducts()
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (11/16/2014 10:53:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.25.25617, Zeitstempel: 0x5447ad92
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x39c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3

Error: (11/16/2014 10:53:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.Configuration.ConfigurationErrorsException
Stapel:
bei System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef)
bei System.Configuration.BaseConfigurationRecord.GetSection(System.String)
bei System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String)
bei System.Configuration.ConfigurationManager.GetSection(System.String)
bei System.Configuration.ConfigurationManager.get_AppSettings()
bei Avira.OE.WinCore.OeProductInfo.get_Culture()
bei Avira.OE.WinCore.Utility.CultureSetter.SetDefaultCultureDefinedInAppsettings()
bei Avira.OE.Systray.Program.Main(System.String[])

Error: (10/05/2014 11:22:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Avira.OE.Systray.exe, Version: 1.1.21.25189, Zeitstempel: 0x53fdd63b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18409, Zeitstempel: 0x53159a86
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x76c
Startzeit der fehlerhaften Anwendung: 0xAvira.OE.Systray.exe0
Pfad der fehlerhaften Anwendung: Avira.OE.Systray.exe1
Pfad des fehlerhaften Moduls: Avira.OE.Systray.exe2
Berichtskennung: Avira.OE.Systray.exe3

Error: (10/05/2014 11:22:26 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.Systray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.IO.FileLoadException
Stapel:
bei Avira.OE.Systray.Program.Main(System.String[])

Error: (08/30/2014 10:33:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/30/2014 10:33:32 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (08/30/2014 10:32:58 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Avira.OE.ServiceHost.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.Composition.CompositionException
Stapel:
bei System.ComponentModel.Composition.Hosting.CompositionServices.GetExportedValueFromComposedPart(System.ComponentModel.Composition.Hosting.ImportEngine, System.ComponentModel.Composition.Primitives.ComposablePart, System.ComponentModel.Composition.Primitives.ExportDefinition)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider.GetExportedValue(CatalogPart, System.ComponentModel.Composition.Primitives.ExportDefinition, Boolean)
bei System.ComponentModel.Composition.Hosting.CatalogExportProvider+CatalogExport.GetExportedValueCore()
bei System.ComponentModel.Composition.Primitives.Export.get_Value()
bei System.ComponentModel.Composition.ExportServices.GetCastedExportedValue[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.ComponentModel.Composition.Primitives.Export)
bei System.ComponentModel.Composition.Hosting.ExportProvider.GetExportedValuesCore[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]](System.String)
bei Avira.OE.ServiceHost.ServiceHost.Initialize(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()


System errors:
=============
Error: (04/06/2015 03:31:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (04/06/2015 03:27:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ElbyCDIO Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (04/06/2015 03:27:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyCDIO.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/06/2015 03:27:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\RegKill.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/05/2015 05:45:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ElbyCDIO Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (04/05/2015 05:45:19 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyCDIO.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/05/2015 05:42:29 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\RegKill.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.

Error: (04/04/2015 03:14:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.

Error: (04/04/2015 03:10:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ElbyCDIO Driver" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error: (04/04/2015 03:10:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ElbyCDIO.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.


Microsoft Office Sessions:
=========================
Error: (08/12/2013 03:22:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 678 seconds with 360 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 74%
Total physical RAM: 4093.98 MB
Available physical RAM: 1060.86 MB
Total Pagefile: 8186.13 MB
Available Pagefile: 4781.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:360.51 GB) (Free:275.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 438D541E)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=360.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Mir sagt Beides leider gar nix, würde mich aber freuen wenn jmd die beiden Dateien für mich entschlüsseln könnte.
__________________
Alt 11.04.2015, 18:18   #4
schrauber
/// the machine
/// TB-Ausbilder
 
Proxyserver als Zwischenspeicher - Standard

Proxyserver als Zwischenspeicher


Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    ASK Toolbar

  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 




Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.04.2015, 17:19   #5
streichwurst
 
Proxyserver als Zwischenspeicher - Standard

Proxyserver als Zwischenspeicher


Danke für die Hilfe.
Nur leider war das nicht sonderlich hilfreich bzgl. meines eigetnlichen Problems.

Könnte noch jmd was bzgl. meiner Eingangsfrage antworten:
Nun zu meiner Frage:
Woran und Wie erkenne ich das meine Datenkommunikation zwischen Browser und Webserver zusätzlich über einen Proxyserver geleitet wird?


Alt 16.04.2015, 06:48   #6
schrauber
/// the machine
/// TB-Ausbilder
 
Proxyserver als Zwischenspeicher - Standard

Proxyserver als Zwischenspeicher


Willst Du jetzt den Rechner bereinigen oder ihn einfach so lassen und dich nur informieren? FRST zeigt idR alle proxies an, wenn einer gesetzt ist. Proxy ist da keiner, aber ne Bereinigung müsste man machen.
__________________
--> Proxyserver als Zwischenspeicher

Antwort

Themen zu Proxyserver als Zwischenspeicher
adresse, anderen, bereich, einstellungen, empfehlen, ersichtlich, erwischt, externer, frage, gen, gespeichert, gmer, installiert, laptop, privat, problem, programme, programmen, prüfung, seite, speicher, unterforum, verbindung, zeichen, zusätzlich


« Gotut.ru automatisch als Startseite | Pokki Update bringt homepage-web.com als Startseite »


Ähnliche Themen: Proxyserver als Zwischenspeicher


  1. Ungewollter Proxyserver in LAN-Verbindungen
    Plagegeister aller Art und deren Bekämpfung - 26.05.2015 (5)
  2. Proxyserver reagiert nicht ...
    Plagegeister aller Art und deren Bekämpfung - 29.03.2015 (4)
  3. Windows 8.1: Proxyserver eingetragen - keine Internetverbindung möglich
    Plagegeister aller Art und deren Bekämpfung - 02.03.2015 (11)
  4. Meldung in Win7: Der Proxyserver reagiert nicht
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (23)
  5. Proxyserver verweigert Verbindung
    Plagegeister aller Art und deren Bekämpfung - 08.12.2014 (9)
  6. Keine Verbindung zum Proxyserver
    Plagegeister aller Art und deren Bekämpfung - 04.12.2014 (5)
  7. Problem mit Interneteinstellungen - ProxyServer: http=127.0.0.1:9880
    Log-Analyse und Auswertung - 28.10.2014 (9)
  8. Proxyserver 127.0.0.1
    Log-Analyse und Auswertung - 25.10.2014 (13)
  9. Sicherheit Proxyserver ja/nein
    Überwachung, Datenschutz und Spam - 29.08.2014 (1)
  10. proxyserver blockiert Internetzugriff fast aller programme
    Plagegeister aller Art und deren Bekämpfung - 05.08.2014 (20)
  11. Hitmanpro findet Proxyserver auf diesem Computer (Benutzer)
    Plagegeister aller Art und deren Bekämpfung - 22.06.2014 (7)
  12. proxyserver reagiert nicht nach trojaner-befall
    Log-Analyse und Auswertung - 07.06.2014 (5)
  13. Proxyserver ? rechner läuft merkwürdig.
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (5)
  14. Firefox, IE und Kaspersky mit Proxyserver Fehlern
    Log-Analyse und Auswertung - 25.03.2011 (1)
  15. Firefoxeinstellung für Proxyserver futsch
    Überwachung, Datenschutz und Spam - 25.06.2008 (4)
  16. 10055: Kein Zwischenspeicher verfügbar
    Alles rund um Windows - 16.10.2006 (2)
  17. aol proxyserver?
    Log-Analyse und Auswertung - 14.01.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Proxyserver als Zwischenspeicher - Hallo, Ich hoffe ich hab das richtige Unterforum erwischt und ihr könnt mir bei meinem Problem weiterhelfen: Ich habe die Vermutung, dass mir von Dritten eine Art Proxyserver auf dem - Proxyserver als Zwischenspeicher...
Archiv
Du betrachtest: Proxyserver als Zwischenspeicher auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131