Verzweiflung wegen Werbung in den Browsern

Blanca · 28.05.2015, 14:22

Schönen guten Tag

Ich habe ebenfalls das Problem das ich jetzt schon ziemlich lange mit Werbungen in meinen Browsern (Chrome und Firefox) überhäuft bzw. überschüttet werde.
- Mind. 7 Werbebanner auf jeder Seite
- Bei jedem Klick wird ein weiterer Tab oder neues Fenster geöffnet dadurch kann ich nichts auf Seiten ausfüllen
- Auch meine Chrome Einstellungen funktionieren nicht richtig (weiß nicht ob es damit zusammenhängt) habe als Standard Suchmaschine Google aber es öffnet sich immer nur Yahoo

Mittlerweile macht es das arbeiten im Internet fast unmöglich.

Meine Maßnahmen die ich getroffen habe um das Problem selber zu lösen

- Vollständigen virenscanlauf mit Avast
- Verlauf und Erweiterungen in den Browsern gelöscht
- Pop-up und add- Blocker installiert

Ich habe mich diesbezüglich auch durchgelesen und habe mit Farbar Recovery Scan Tool FRST64 auch einen Scan durchgeführt den ich später Anhänge. Ich würde mich riesig freuen wenn man mir helfen würde damit ich nicht ganz verzweifle...^^

(Software: Windows 7)

mfg

schrauber · 28.05.2015, 14:28

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Blanca · 28.05.2015, 14:32

Wie kann man die Logs einfügen ohne eine endlose Antwort zu haben..?
Sorry habs mir ein bisschen leichter vorgestellt..:/

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Sabrina (administrator) on SABRINA-PC on 28-05-2015 09:20:12
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: UpdatusUser & Sabrina (Available Profiles: UpdatusUser & Sabrina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
(BitTorrent Inc.) C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\6\Plugin.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\Plugin.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\4\Plugin.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\2\Plugin.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\Plugin.exe
() C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\Plugin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Run: [uTorrent] => C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31276160 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\MountPoints2: {346e5917-3674-11e3-991c-4c809318d2aa} - G:\LaunchU3.exe -a
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\MountPoints2: {697759d8-4f1e-11e4-8ce1-4c809318d2aa} - F:\iLinker.exe
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012-02-16]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-23] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4226245786-2324592914-3525141995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=94874C809318D2A7&affID=121564&tt=070813_wt4&tsp=4968
URLSearchHook: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-384&apn_uid=3201152031034051&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=136488667&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-384&apn_uid=3201152031034051&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={6EEBE0AD-EF48-4988-A41D-B41C598019D0}
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> OldSearch URL = hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=136488667&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=94874C809318D2A7&affID=121564&tt=070813_wt4&tsp=4968
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {40857FC5-45C1-42F4-A2BB-46C2B5C0CB6A} URL = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {900363C7-69F3-4D67-9B73-12C814D136DB} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2488} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=210&systemid=488&v=a13277-384&apn_uid=3201152031034051&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyGEhP39g&i=26
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=12&q={searchTerms}&barid={6EEBE0AD-EF48-4988-A41D-B41C598019D0}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-23] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-07] (Sun Microsystems, Inc.)
BHO: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: No Name -> {1631550F-191D-4826-B069-D9439253D926} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-23] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Express Find -> {d39539bb-f65e-4088-a9d1-6e5f01a42a3e} -> C:\Program Files (x86)\Express Find\Extensions\d39539bb-f65e-4088-a9d1-6e5f01a42a3e.dll [2015-04-03] ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-18] (Oracle Corporation)
BHO-x32: No Name -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} ->  No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default
FF NewTab: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_276_bl-sw-22__alt__ddc_dsssyctab_bd_com
FF DefaultSearchUrl: 
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-22__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_276_bl-sw-22__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\user.js [2015-04-03]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\Ask.xml [2014-07-04]
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\babylon.xml [2013-08-08]
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\ChatZumSearch.xml [2013-05-02]
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\conduit.xml [2012-11-20]
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\MyStart Search.xml [2013-09-18]
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\sweetim.xml [2012-10-22]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\Ask.xml [2014-07-04]
FF Extension: PriceGong - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\Extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829} [2013-02-28]
FF Extension: uTorrentBar_DE  - C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\Extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2015-04-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-07]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-07]
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-05-07] <==== ATTENTION

Chrome: 
=======
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-11-20]
CHR Extension: (Forge of Empires) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2013-11-20]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-28]
CHR Extension: (uBlock Origin) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-07]
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-16]
CHR Extension: (Planner 5D) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2013-11-20]
CHR Extension: (Bookmark Manager) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Avast Online Security) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-07]
CHR Extension: (IP Address) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2013-11-20]
CHR Extension: (Autodesk Homestyler) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-11-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (AudioSauna) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-11-20]
CHR Extension: (Google Wallet) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Deezer) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2012-07-01]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-16]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Sabrina\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
CHR HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaaihhnfnbnpbhpagnmoplpcjbediml] - C:\Users\Sabrina\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx [2013-06-19]
CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.4\pricegong.crx [2012-03-18]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fbopaofenjnnjgniaeekjkdjipepnbom] - C:\ProgramData\Bcool\fbopaofenjnnjgniaeekjkdjipepnbom.crx [2012-07-01]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-23]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [leocdeigfnkaojcapikdjcdbedcjmffc] - C:\Users\Sabrina\AppData\Local\CRE\leocdeigfnkaojcapikdjcdbedcjmffc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

Opera: 
=======
OPR StartupUrls: "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Express Find) - C:\Users\Sabrina\AppData\Roaming\Opera Software\Opera Stable\Extensions\ncnadiaifiaoeoelaipabcacbkgjilmn [2015-05-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-23] (Avast Software)
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 Service Mgr ExpressFind; C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe [556304 2015-05-28] ()
R2 Update Mgr ExpressFind; C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe [478992 2015-05-28] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-23] ()
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-23] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 08:41 - 2015-05-28 08:42 - 00070019 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2015-05-28 08:40 - 2015-05-28 09:20 - 00035175 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2015-05-28 08:40 - 2015-05-28 09:20 - 00000000 ____D () C:\FRST
2015-05-28 08:39 - 2015-05-28 08:39 - 02108928 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2015-05-23 08:13 - 2015-05-23 08:15 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-23 08:13 - 2015-05-23 08:15 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-23 08:08 - 2015-05-23 08:08 - 00001312 _____ () C:\Windows\PFRO.log
2015-05-23 08:04 - 2015-05-23 08:04 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-23 08:03 - 2015-05-23 08:03 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-21 10:41 - 2015-05-28 07:57 - 00000448 _____ () C:\Windows\setupact.log
2015-05-21 10:41 - 2015-05-21 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-13 19:10 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:10 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:14 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 07:14 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 07:14 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:14 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:14 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 07:14 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 07:14 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:14 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:14 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 07:14 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:14 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 07:14 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:14 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 07:14 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:14 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:14 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:14 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 07:14 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 07:14 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:14 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 07:14 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 07:14 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 07:14 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:14 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 07:14 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 07:14 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 07:14 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 07:14 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 07:14 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 07:14 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:14 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 07:14 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:14 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 07:14 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 07:14 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 07:14 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 07:14 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 07:14 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 07:14 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 07:14 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:14 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 07:14 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 07:14 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 07:14 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:14 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 07:14 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:14 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 07:14 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 07:14 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 07:14 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 07:14 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:14 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 07:14 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 07:14 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 07:14 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 07:14 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:14 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 07:14 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 07:14 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 07:14 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:27 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:27 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:27 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:27 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:22 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:22 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:22 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:22 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:22 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:22 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:22 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:22 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:22 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:22 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:22 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:22 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:22 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:22 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:22 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:22 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:21 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:21 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:20 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:20 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:20 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:20 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:17 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:17 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:17 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:17 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:17 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 06:12 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:12 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:11 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:11 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:11 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:11 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:11 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:11 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:11 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 01:48 - 2015-05-12 01:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-11 17:33 - 2015-05-11 17:33 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Opera Software
2015-05-07 08:34 - 2015-05-07 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-28 09:20 - 2012-09-16 17:59 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\uTorrent
2015-05-28 09:19 - 2012-06-07 05:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-28 09:12 - 2012-02-16 06:25 - 01278958 _____ () C:\Windows\WindowsUpdate.log
2015-05-28 09:02 - 2012-02-16 06:28 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-28 09:00 - 2012-02-17 12:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Skype
2015-05-28 08:08 - 2009-07-14 00:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-28 08:08 - 2009-07-14 00:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-28 08:07 - 2015-04-03 14:08 - 00000000 ____D () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d
2015-05-28 08:02 - 2012-02-16 06:38 - 00000000 ____D () C:\Users\Sabrina\Documents\Youcam
2015-05-28 08:00 - 2013-07-07 12:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-28 07:58 - 2012-02-16 06:28 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-28 07:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-28 07:57 - 2013-04-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 07:57 - 2012-10-14 22:00 - 00001634 _____ () C:\Users\Sabrina\AppData\Roaming\MyMicroBalanceConfig.ini
2015-05-23 08:04 - 2014-06-20 05:42 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-23 08:04 - 2014-06-20 05:42 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-23 08:04 - 2013-07-07 13:10 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-23 08:04 - 2013-07-07 13:10 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-23 08:04 - 2013-07-07 12:51 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-23 08:04 - 2013-07-07 12:50 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-23 08:03 - 2013-07-07 12:51 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-23 08:02 - 2013-07-07 12:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-23 07:58 - 2012-09-16 18:01 - 00000000 ____D () C:\Program Files (x86)\Conduit
2015-05-20 18:21 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 18:21 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 18:04 - 2014-07-07 14:49 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 18:04 - 2012-03-10 09:39 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\CrashDumps
2015-05-20 14:02 - 2014-09-15 12:13 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410797561
2015-05-20 14:02 - 2014-09-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 07:17 - 2012-02-17 12:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-18 07:17 - 2012-02-17 12:28 - 00000000 ____D () C:\ProgramData\Skype
2015-05-17 18:11 - 2012-06-21 09:21 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\vlc
2015-05-15 10:57 - 2012-02-16 06:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 10:57 - 2012-02-16 06:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 10:43 - 2014-07-24 18:53 - 00000000 ____D () C:\Users\Sabrina\Desktop\Neuer Ordner (2)
2015-05-14 10:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 09:22 - 2011-11-03 21:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-14 09:22 - 2011-11-03 21:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-14 09:22 - 2009-07-14 01:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 09:15 - 2009-07-14 00:45 - 00509568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:12 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:29 - 2013-09-18 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:26 - 2013-07-26 23:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:15 - 2011-11-03 16:34 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:10 - 2013-03-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:09 - 2013-03-13 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:09 - 2013-03-13 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-11 17:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-06 10:00 - 2013-07-07 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-04-29 08:54 - 2013-03-18 15:34 - 00000000 ____D () C:\Users\Sabrina\Desktop\Selten gebrauchte Programme

==================== Files in the root of some directories =======

2014-02-21 04:49 - 2014-02-21 04:49 - 49940480 _____ () C:\Program Files (x86)\GUT6068.tmp
2012-10-14 22:00 - 2015-05-27 07:57 - 0001634 _____ () C:\Users\Sabrina\AppData\Roaming\MyMicroBalanceConfig.ini
2013-03-14 16:17 - 2014-10-10 16:32 - 0032768 _____ () C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-21 01:22 - 2014-12-21 01:22 - 0007605 _____ () C:\Users\Sabrina\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 09:21

==================== End of log ============================

Blanca · 28.05.2015, 14:33

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Sabrina at 2015-05-28 09:21:08
Running from C:\Users\Sabrina\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4226245786-2324592914-3525141995-500 - Administrator - Disabled)
Gast (S-1-5-21-4226245786-2324592914-3525141995-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4226245786-2324592914-3525141995-1003 - Limited - Enabled)
Sabrina (S-1-5-21-4226245786-2324592914-3525141995-1001 - Administrator - Enabled) => C:\Users\Sabrina
UpdatusUser (S-1-5-21-4226245786-2324592914-3525141995-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.1 - Adobe Systems Incorporated)
Airport-Tower-Simulator 2012 Version 1.0 (HKLM-x32\...\{A89FDE8E-91B5-4A09-AB00-5F4B5207B6D9}_is1) (Version: 1.0 - Space Dream Studios - Stephan Guenther)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.8.1217.36096 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.8.1217.36096 - Alcor Micro Corp.) Hidden
AMI VR-pulse OS Switcher (HKLM\...\{EC1369CF-15BD-4FAF-BA84-65E4788C682E}) (Version: 1.1 - American Megatrends Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Snap (HKLM-x32\...\Ashampoo Snap_is1) (Version: 4.3.0 - Ashampoo GmbH & Co. KG)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.35 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Buzzdock (HKLM-x32\...\{cfd32d46-7d3f-483f-bace-7172aec5592d}) (Version:  - Alactro LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.14.50 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Corel Graphics - Windows Shell Extension (HKLM-x32\...\_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}) (Version: 15.2.0.686 - Corel Corporation)
Corel Graphics - Windows Shell Extension (x32 Version: 15.2.686 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 64 Bit (Version: 15.2.686 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Common (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Connect (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Custom Data (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - DE (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Draw (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - EN (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - ES (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Extra Content (HKLM-x32\...\_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}) (Version:  - Corel Corporation)
CorelDRAW Essentials X5 - Extra Content (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Filters (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - FR (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IPM (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - IT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - PHOTO-PAINT (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Redist (x32 Version: 15.0 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - Setup Files (x32 Version: 15.3 - Corel Corporation) Hidden
CorelDRAW Essentials X5 - WT (x32 Version: 15.3 -  Corel Corporation) Hidden
CorelDRAW Essentials X5 (HKLM-x32\...\_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}) (Version: 15.2.0.686 - Corel Corporation)
CorelDRAW Essentials X5 (x32 Version: 15.3 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1508_36229 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.1.2414 - CyberLink Corp.)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1327 - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 9.0.0.3419a - CyberLink Corp.)
CyberLink PowerDirector (Version: 9.0.0.3419a - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3510.02 - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.2.3503 - CyberLink Corp.)
CyberLink WaveEditor (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1108 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Express Find (HKLM-x32\...\Express Find) (Version: 2.0.5571.4697 - Express Find) <==== ATTENTION
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.57.324 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.57.324 - DVDVideoSoft Ltd.)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Google Drive (HKLM-x32\...\{35574F09-89F9-4B16-B69B-64F3E25901B8}) (Version: 1.21.9226.6034 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2538 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.2.0.0587 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{295AEB79-B53A-4F1B-860F-7800BB7E3681}) (Version: 14.2.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{E1B934BB-6AFA-429F-98E4-76F9CBC72BF6}) (Version: 2.2.14.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java(TM) 6 Update 29 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416029FF}) (Version: 6.0.290 - Oracle)
Java(TM) 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Medion Home Cinema (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.3216 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 8.0.3216 - CyberLink Corp.) Hidden
Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7943 - Memeo Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Tigo (HKLM-x32\...\Messenger Tigo) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Mathematics (64-Bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 37.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.2 (x86 de)) (Version: 37.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyMicroBalance (HKLM-x32\...\{CAF30EE3-A2E2-47BE-A37B-96524BCB3EF5}) (Version: 2.5.5 - startzentrum GmbH & Co KG)
myMugle (HKLM-x32\...\myMugle3.0.0.0) (Version: 3.0.0.0 - Computer Business Solutions)
NVIDIA Graphics Driver 285.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.64 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.0.15.65 - Electronic Arts, Inc.)
PCSUITE SHREDDER (HKLM-x32\...\PCSUITE_SHREDDER_PRO_is1) (Version:  - Markement GmbH)
PHotkey (HKLM-x32\...\{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}) (Version: 1.00.0045 - Pegatron Corporation)
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PriceGong 2.6.4 (HKLM-x32\...\PriceGong) (Version: 2.6.4 - PriceGong) <==== ATTENTION
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.16.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.16.0 - Renesas Electronics Corporation) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
SweetPacks bundle uninstaller (HKLM-x32\...\{0C43FE6B-E881-4AFC-B384-4AEBC90047E8}) (Version: 1.0.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.15.1 - Synaptics Incorporated)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.15723 - TeamViewer)
Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Versandhelfer (HKLM-x32\...\dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1) (Version: 0.9.511 - Deutsche Post AG)
Versandhelfer (x32 Version: 0.9.511 - Deutsche Post AG) Hidden
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
watchmi (HKLM-x32\...\{409DC300-28AF-468F-9624-1F3309701881}) (Version: 2.7.0 - Axel Springer Digital TV Guide GmbH)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-objekt til fjernforbindelser (HKLM-x32\...\{57220148-3B2B-412A-A2E0-82B9DF423696}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz (HKLM-x32\...\{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DB}) (Version: 17.5.10480 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sabrina\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

23-05-2015 09:30:07 Geplanter Prüfpunkt

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B0F513-C512-450D-BD92-6C3A36C76F43} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3C2098AB-0056-4DAE-8C09-B5ECCBD46A9C} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {43DD63FD-3824-4ACB-A2EC-C1B73C850384} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {574A2071-6DCE-43C8-9693-430110F10F9B} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2011-11-07] (CyberLink Corp.)
Task: {613CE623-0789-438B-A97E-A1E7739857FA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {6B5CF459-BD9A-4686-805B-1465979FB653} - System32\Tasks\{A90C0D4D-CA75-4103-BAE0-C72DED7067A6} => pcalua.exe -a E:\Install.exe -d E:\
Task: {6F9AB9D1-B82F-423E-A801-40C819430B7B} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {701336A4-9DF6-4A78-8DE9-483BAFD70795} - System32\Tasks\{8157A616-65CA-4C95-B9B6-612AB28BBB23} => pcalua.exe -a C:\Users\Sabrina\Downloads\trilogyi.exe -d C:\Users\Sabrina\Downloads
Task: {753607B1-C86B-4F3B-B677-1F5FE711B9AB} - System32\Tasks\Opera scheduled Autoupdate 1410797561 => C:\Program Files (x86)\Opera\launcher.exe [2015-05-18] (Opera Software)
Task: {8CEAB535-66A9-4172-9C1F-D4BAFB2C4BEF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {96A63A83-E851-43AB-B0C9-B2CC68CB330F} - System32\Tasks\{AA48D4C0-9AF9-4BE8-B773-CDAA89A6ED41} => C:\Program Files (x86)\MessengerTigo\itLoad.exe [2005-10-24] (IM)
Task: {9B23F0BE-F07F-4146-AFA4-42CF469A99DD} - System32\Tasks\{97FFCED4-CD06-4B5D-BEFF-751324D9246E} => pcalua.exe -a C:\Users\Sabrina\Downloads\trilogyii.exe -d C:\Users\Sabrina\Downloads
Task: {A59E6728-FCAB-4362-8E01-3C04D3D0DAE2} - System32\Tasks\{93D41218-602F-4B9D-8FF1-C3281E24604F} => C:\Program Files (x86)\MessengerTigo\itLoad.exe [2005-10-24] (IM)
Task: {B58717E1-2C59-45A5-A664-4A202D17834A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-23] (Avast Software s.r.o.)
Task: {B8F35487-D264-4647-9247-655BC2212B45} - System32\Tasks\{1FE589A1-9527-4D30-AA37-E935FDE8FDC2} => pcalua.exe -a E:\Install.exe -d E:\
Task: {BCE90D10-B21A-467B-972E-CC35A78227A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {BFB4A072-A526-4EBE-80C8-5D3EA15FEF1B} - System32\Tasks\{5B88AA3A-171C-44E7-BCE6-A3C5C0B56DC2} => pcalua.exe -a "C:\Users\Sabrina\Downloads\MessengerTigoSetup (1).exe" -d C:\Users\Sabrina\Downloads
Task: {F7BFAF56-999B-4919-942C-DE7B9F1FBB4C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-09-15 21:46 - 2011-09-15 21:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-11-10 16:15 - 2009-12-18 19:40 - 00104968 _____ () C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
2011-11-10 16:15 - 2011-10-13 18:38 - 00156672 _____ () C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-11-10 16:15 - 2011-10-14 15:06 - 00818688 _____ () C:\Program Files (x86)\PHotkey\PHotkey.exe
2011-11-10 16:15 - 2010-01-12 21:36 - 00117256 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
2011-11-10 16:15 - 2010-01-12 21:36 - 00121864 _____ () C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
2011-11-17 07:17 - 2010-08-19 12:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2011-10-07 06:23 - 2011-10-07 06:23 - 00070144 _____ () C:\Program Files (x86)\watchmi\TvdService.exe
2012-02-16 06:28 - 2012-02-16 06:28 - 00058880 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Remote\2.7.0.12__f722db7bec59a14b\Tvd.Remote.dll
2012-02-16 06:28 - 2012-02-16 06:28 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Tools\2.7.0.12__f722db7bec59a14b\Tvd.Tools.dll
2012-02-16 06:28 - 2012-02-16 06:28 - 00009216 _____ () C:\Windows\assembly\GAC_MSIL\FingerPrint\1.0.0.0__a62e68e935d72fa6\FingerPrint.dll
2012-02-16 06:28 - 2012-02-16 06:28 - 00079360 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Reporting\2.7.0.12__f722db7bec59a14b\Tvd.Reporting.dll
2012-02-16 06:28 - 2012-02-16 06:28 - 00152576 _____ () C:\Windows\assembly\GAC_MSIL\Tvd.Aprico\2.7.0.12__f722db7bec59a14b\Tvd.Aprico.dll
2011-11-10 16:15 - 2010-12-17 18:04 - 00449032 _____ () C:\Program Files (x86)\PHotkey\ATouch64.exe
2011-11-10 16:15 - 2010-12-27 18:14 - 00776200 _____ () C:\Program Files (x86)\PHotkey\PVDesktop.exe
2011-11-10 16:15 - 2011-04-12 18:32 - 00483336 _____ () C:\Program Files (x86)\PHotkey\PVDAgent.exe
2011-11-10 16:15 - 2011-10-24 17:59 - 03420160 _____ () C:\Program Files (x86)\PHotkey\POSD.exe
2011-11-09 19:32 - 2011-09-25 18:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-15 21:46 - 2011-09-15 21:46 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-02-12 22:37 - 2013-02-12 22:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2011-10-07 06:23 - 2011-10-07 06:23 - 01070592 _____ () C:\Program Files (x86)\watchmi\TvdTray.exe
2011-10-07 06:23 - 2011-10-07 06:23 - 00004608 _____ () C:\Program Files (x86)\watchmi\de\TvdTray.resources.dll
2015-04-03 13:37 - 2015-05-28 07:59 - 00478992 _____ () C:\Program Files (x86)\Common Files\77790361-426c-4fa2-8cf3-5994543d685d\updater.exe
2015-04-03 10:29 - 2015-05-28 08:07 - 00556304 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugincontainer.exe
2015-05-28 08:08 - 2015-05-28 08:08 - 00487184 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\6\plugin.exe
2015-05-28 08:08 - 2015-05-28 08:08 - 00664336 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\5\plugin.exe
2015-05-28 08:08 - 2015-05-28 08:08 - 00480528 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\3\plugin.exe
2015-05-28 08:08 - 2015-05-28 08:08 - 00422672 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\4\plugin.exe
2015-05-28 08:08 - 2015-05-28 08:08 - 01000720 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\2\plugin.exe
2015-05-28 08:08 - 2015-05-28 08:08 - 00641296 _____ () C:\ProgramData\77790361-426c-4fa2-8cf3-5994543d685d\plugins\8\plugin.exe
2015-05-23 08:03 - 2015-05-23 08:03 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-23 08:03 - 2015-05-23 08:03 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-05-27 18:58 - 2015-05-27 18:58 - 02951168 _____ () C:\Program Files\AVAST Software\Avast\defs\15052701\algo.dll
2015-05-28 08:01 - 2015-05-28 08:01 - 02950656 _____ () C:\Program Files\AVAST Software\Avast\defs\15052800\algo.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-11-10 16:15 - 2009-12-18 19:36 - 00973432 _____ () C:\Program Files (x86)\PHotkey\acAuth.dll
2011-11-10 16:15 - 2009-12-18 19:41 - 00129544 _____ () C:\Program Files (x86)\PHotkey\GFNEX.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-02-12 22:38 - 2013-02-12 22:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-05-23 08:03 - 2015-05-23 08:03 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-05-26 08:04 - 2015-05-22 16:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libglesv2.dll
2015-05-26 08:04 - 2015-05-22 16:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\libegl.dll
2014-10-18 12:37 - 2014-10-18 12:37 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2011-11-10 14:17 - 2011-05-20 14:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2015-05-26 08:04 - 2015-05-22 16:22 - 14982472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sabrina\AppData\Roaming\Virtual Desktop Manager\PVDesktopWallpaper_0.jpg
DNS Servers: 192.168.178.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: EA Core => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Instan-t => C:\PROGRA~2\MESSEN~1\itload.exe monitor
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: Speech Recognition => "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1ACE965F-C96E-431D-B22E-6FC4E9CD9950}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{84FBF480-94AE-4F89-BD4E-97061820CBC1}] => (Allow) LPort=2869
FirewallRules: [{A7A65D0D-3C2E-43F0-AA86-6C7E69F3BE9E}] => (Allow) LPort=1900
FirewallRules: [{D21DA640-8D46-4827-9E1C-F9C75984E9C9}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{F7C9929F-70FE-44AA-93F2-FE6D8C471CE7}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{006884BA-DA6A-4639-A759-84DE4B6005CC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{05438760-1223-46E6-81B4-2DC77116CF51}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D599FA5E-6D80-4B26-9D8A-DDFDAC6085C1}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{8438AE58-11B4-442A-A283-ED81138FFD50}] => (Allow) C:\Program Files\CyberLink\PowerDirector\PDR9.EXE
FirewallRules: [{49DFFB37-FE4B-4082-A07A-27343042A512}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{27C67A10-F79C-4402-9E8F-C2BEA3AAB054}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{546BEEBB-2BFB-4408-8340-3763A000B653}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
FirewallRules: [{4569333D-9E7A-452E-96A8-AF5B9652B131}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
FirewallRules: [{EE2B6525-0EAA-44EA-BB75-9482E8932ECE}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{C9ECFF58-CFA9-4A91-8795-97E30D900D4C}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
FirewallRules: [{5B65E60F-6CAB-4615-BCFE-3A5B12DB02CC}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{E1692905-549F-469D-9C00-B66F63DFAC21}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
FirewallRules: [{6913A5A2-5E88-4E6B-8A5A-82E525D2D3BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0DA1B40B-1CAB-425B-93BC-E78F9C80906E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF653B79-C19D-4012-8E27-318CA472B274}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{161C8F16-BD84-4AD4-AA10-09F7D7FFEAF2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7E348CF4-2269-4370-AD45-4810DDFFD610}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{496EEE75-AB4A-4BA6-BA1F-1D703F34967F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{2C1747FE-B755-49C4-B7A1-BD38096082EB}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{57F86242-41E4-4E63-BAC6-20F19B895940}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{C252DB14-ED62-4BE1-8BB9-E0FCA4707412}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{59B16D8B-C601-4449-8780-B20D6A94E2F8}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{CC2B5F97-145E-485B-B1F5-774E4D074C3C}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [TCP Query User{3981007D-547D-4199-A08A-761DFA226951}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{C41F97FE-FD6E-4F27-9B43-0E3E4468D265}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [TCP Query User{ACE28006-1C16-4FF2-BC35-D4FC8274B613}C:\users\sabrina\desktop\age of empires iii\age3.exe] => (Block) C:\users\sabrina\desktop\age of empires iii\age3.exe
FirewallRules: [UDP Query User{00D15726-AD24-4854-9279-0E8084E4C604}C:\users\sabrina\desktop\age of empires iii\age3.exe] => (Block) C:\users\sabrina\desktop\age of empires iii\age3.exe
FirewallRules: [{7AAFB86F-34DB-469D-BBC0-C1DCAB1090C8}] => (Allow) C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F26097FB-C7E6-413A-B368-35BF4D9B2D72}] => (Allow) C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3F508F8A-E288-4A0F-9F39-198B16F993F8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7E340105-D7BC-4062-9562-39818EE11C3E}] => (Allow) C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BCDB5A46-A2ED-48BA-87BA-D98175C17545}] => (Allow) C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F154F7D7-45E6-402B-B34C-F02F8809BE33}C:\users\sabrina\desktop\neuer ordner (2)\age of empires iii\age3.exe] => (Allow) C:\users\sabrina\desktop\neuer ordner (2)\age of empires iii\age3.exe
FirewallRules: [UDP Query User{7F1BE98F-66A3-4C14-BA33-72D387F81964}C:\users\sabrina\desktop\neuer ordner (2)\age of empires iii\age3.exe] => (Allow) C:\users\sabrina\desktop\neuer ordner (2)\age of empires iii\age3.exe
FirewallRules: [TCP Query User{3DA1EDDC-5428-485C-B0FC-CBE7322053AD}C:\users\sabrina\desktop\modern warfare 2\modern w2\lanlauncher.exe] => (Allow) C:\users\sabrina\desktop\modern warfare 2\modern w2\lanlauncher.exe
FirewallRules: [UDP Query User{F1D9CCA4-C137-4F6D-A8A9-1436C7BE573F}C:\users\sabrina\desktop\modern warfare 2\modern w2\lanlauncher.exe] => (Allow) C:\users\sabrina\desktop\modern warfare 2\modern w2\lanlauncher.exe
FirewallRules: [TCP Query User{BDD80B9D-A767-4DE2-8089-E4399F9528C0}C:\users\sabrina\desktop\modern warfare 2\modern w2\iw4mp.dat] => (Allow) C:\users\sabrina\desktop\modern warfare 2\modern w2\iw4mp.dat
FirewallRules: [UDP Query User{A0BA76E6-BC00-489D-A901-82E3026F34AD}C:\users\sabrina\desktop\modern warfare 2\modern w2\iw4mp.dat] => (Allow) C:\users\sabrina\desktop\modern warfare 2\modern w2\iw4mp.dat
FirewallRules: [{B908952B-F571-4E6C-AA46-F81B52B0CFF1}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{0F98C476-5C05-4C13-84BF-9463AC19D181}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{2DE23991-1011-4887-8D91-469659EF1F05}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{7E77D9EE-4A8E-44D9-BEE0-02B096D92E86}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{F3F2631B-F1E0-482E-85EF-1422552817DF}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{A50A6442-578B-4B94-A06A-88489FA506F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BDD0BBE2-C121-496F-B34C-7B85291B7854}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC3B9BE6-E227-4D29-ACD8-35E3B5A81785}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9450E5D5-79A7-4D5A-B702-C9B7F426D90A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{72A0E1E6-BDA8-4834-A516-55AB35F0A07E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/28/2015 07:58:38 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/26/2015 08:46:33 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/26/2015 07:22:54 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/25/2015 09:24:56 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/25/2015 06:59:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/25/2015 06:41:53 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/23/2015 02:11:51 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/23/2015 09:25:35 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Das Stammelement der Manifestdatei muss assembliert sein.

Error: (05/23/2015 08:09:20 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/23/2015 07:54:40 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


System errors:
=============
Error: (05/25/2015 07:41:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/23/2015 08:47:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/23/2015 05:03:45 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/23/2015 05:03:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (05/23/2015 08:07:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (05/22/2015 00:23:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht.

Error: (05/21/2015 06:48:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/21/2015 04:24:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (05/21/2015 04:24:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Google Update-Dienst (gupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/21/2015 10:43:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.


Microsoft Office:
=========================
Error: (05/28/2015 07:58:38 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/26/2015 08:46:33 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (05/26/2015 07:22:54 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/25/2015 09:24:56 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (05/25/2015 06:59:29 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (05/25/2015 06:41:53 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/23/2015 02:11:51 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/23/2015 09:25:35 AM) (Source: SideBySide) (EventID: 9) (User: )
Description: C:\Program Files\WinZip\adxloader.dll.ManifestC:\Program Files\WinZip\adxloader.dll.Manifest2

Error: (05/23/2015 08:09:20 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)

Error: (05/23/2015 07:54:40 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
   bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
   bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
   --- Ende der internen Ausnahmestapelüberwachung ---
   bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
   bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration.   bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
   bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
   bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 73%
Total physical RAM: 4007.05 MB
Available physical RAM: 1081.52 MB
Total Pagefile: 8012.32 MB
Available Pagefile: 3808.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:404.66 GB) (Free:124.81 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:28.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=404.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End of log ============================

schrauber · 29.05.2015, 06:48

genau so, passt

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

Buzzdock

Express Find

PriceGong 2.6.4

SweetPacks bundle uninstaller

Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Blanca · 29.05.2015, 14:17

[CODE]Combofix logfile

Combofix Logfile:

Code:

ATTFilter

ComboFix 15-05-28.01 - Sabrina 29.05.2015   8:12.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4007.1683 [GMT -4:00]
ausgeführt von:: c:\users\Sabrina\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\PriceGong
c:\program files (x86)\PriceGong\2.6.4\PriceGong.crx
c:\program files (x86)\PriceGong\2.6.4\PriceGongIE.dll
c:\programdata\Bcool
c:\programdata\Bcool\content.js
c:\programdata\Bcool\data\content.js
c:\programdata\Bcool\data\jsondb.js
c:\programdata\Bcool\fbopaofenjnnjgniaeekjkdjipepnbom.crx
c:\programdata\Bcool\settings.ini
c:\programdata\Roaming
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-04-28 bis 2015-05-29  ))))))))))))))))))))))))))))))
.
.
2015-05-29 13:04 . 2015-05-29 13:04	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-05-29 13:04 . 2015-05-29 13:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-29 11:38 . 2015-05-29 11:38	--------	d-----w-	c:\program files (x86)\VS Revo Group
2015-05-28 12:40 . 2015-05-28 13:22	--------	d-----w-	C:\FRST
2015-05-23 12:13 . 2015-05-23 12:15	--------	d-----w-	c:\windows\SysWow64\vbox
2015-05-23 12:13 . 2015-05-23 12:15	--------	d-----w-	c:\windows\system32\vbox
2015-05-23 12:04 . 2015-05-23 12:04	364472	----a-w-	c:\windows\system32\aswBoot.exe
2015-05-23 12:03 . 2015-05-23 12:03	43112	----a-w-	c:\windows\avastSS.scr
2015-05-13 23:10 . 2015-05-01 13:17	124112	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 23:10 . 2015-05-01 13:16	102608	----a-w-	c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 10:27 . 2015-05-05 01:29	342016	----a-w-	c:\windows\system32\schannel.dll
2015-05-13 10:27 . 2015-05-05 01:12	248832	----a-w-	c:\windows\SysWow64\schannel.dll
2015-05-13 10:27 . 2015-04-18 03:10	460800	----a-w-	c:\windows\system32\certcli.dll
2015-05-13 10:27 . 2015-04-18 02:56	342016	----a-w-	c:\windows\SysWow64\certcli.dll
2015-05-13 10:21 . 2015-04-27 19:18	60416	----a-w-	c:\windows\system32\msobjs.dll
2015-05-13 10:21 . 2015-04-27 19:01	60416	----a-w-	c:\windows\SysWow64\msobjs.dll
2015-05-13 10:20 . 2015-04-20 03:17	1179136	----a-w-	c:\windows\system32\FntCache.dll
2015-05-13 10:20 . 2015-04-20 03:17	1647104	----a-w-	c:\windows\system32\DWrite.dll
2015-05-13 10:20 . 2015-04-20 02:11	3204608	----a-w-	c:\windows\system32\win32k.sys
2015-05-13 10:20 . 2015-04-20 02:56	1250816	----a-w-	c:\windows\SysWow64\DWrite.dll
2015-05-13 10:12 . 2015-02-18 07:06	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2015-05-13 10:12 . 2015-02-18 07:04	142336	----a-w-	c:\windows\system32\poqexec.exe
2015-05-13 10:11 . 2015-03-04 04:41	72192	----a-w-	c:\windows\system32\aelupsvc.dll
2015-05-13 10:11 . 2015-03-04 04:41	342016	----a-w-	c:\windows\system32\apphelp.dll
2015-05-13 10:11 . 2015-03-04 04:10	295936	----a-w-	c:\windows\SysWow64\apphelp.dll
2015-05-13 10:11 . 2015-03-04 04:41	23552	----a-w-	c:\windows\system32\sdbinst.exe
2015-05-13 10:11 . 2015-03-04 04:10	20992	----a-w-	c:\windows\SysWow64\sdbinst.exe
2015-05-13 10:11 . 2015-03-04 04:41	6656	----a-w-	c:\windows\system32\shimeng.dll
2015-05-13 10:11 . 2015-03-04 04:11	5120	----a-w-	c:\windows\SysWow64\shimeng.dll
2015-05-11 21:33 . 2015-05-11 21:33	--------	d-----w-	c:\users\UpdatusUser\AppData\Roaming\Opera Software
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-23 12:04 . 2014-06-20 09:42	137288	----a-w-	c:\windows\system32\drivers\aswStm.sys
2015-05-23 12:04 . 2014-06-20 09:42	29168	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-05-23 12:04 . 2013-07-07 17:10	65736	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-05-23 12:04 . 2013-07-07 17:10	272248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-05-23 12:04 . 2013-07-07 16:51	442264	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-05-23 12:04 . 2013-07-07 16:50	89944	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-05-23 12:03 . 2013-07-07 16:51	93528	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2015-05-23 12:02 . 2013-07-07 16:51	1047320	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-05-13 23:15 . 2011-11-03 20:34	140425016	----a-w-	c:\windows\system32\MRT.exe
2015-04-27 19:04 . 2015-05-13 10:22	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-04-15 03:20 . 2012-06-07 09:21	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 03:20 . 2011-11-07 16:44	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-14 07:38 . 2015-04-14 07:38	1217192	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-03-25 03:24 . 2015-04-15 14:31	98304	----a-w-	c:\windows\system32\wudriver.dll
2015-03-25 03:24 . 2015-04-15 14:31	37376	----a-w-	c:\windows\system32\wups2.dll
2015-03-25 03:24 . 2015-04-15 14:31	35328	----a-w-	c:\windows\system32\wups.dll
2015-03-25 03:24 . 2015-04-15 14:31	3298816	----a-w-	c:\windows\system32\wucltux.dll
2015-03-25 03:24 . 2015-04-15 14:31	2553856	----a-w-	c:\windows\system32\wuaueng.dll
2015-03-25 03:24 . 2015-04-15 14:31	191488	----a-w-	c:\windows\system32\wuwebv.dll
2015-03-25 03:24 . 2015-04-15 14:31	696320	----a-w-	c:\windows\system32\wuapi.dll
2015-03-25 03:24 . 2015-04-15 14:31	60416	----a-w-	c:\windows\system32\WinSetupUI.dll
2015-03-25 03:23 . 2015-04-15 14:31	12288	----a-w-	c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:23 . 2015-04-15 14:31	36864	----a-w-	c:\windows\system32\wuapp.exe
2015-03-25 03:23 . 2015-04-15 14:31	135168	----a-w-	c:\windows\system32\wuauclt.exe
2015-03-25 03:00 . 2015-04-15 14:31	92672	----a-w-	c:\windows\SysWow64\wudriver.dll
2015-03-25 03:00 . 2015-04-15 14:31	566784	----a-w-	c:\windows\SysWow64\wuapi.dll
2015-03-25 03:00 . 2015-04-15 14:31	29696	----a-w-	c:\windows\SysWow64\wups.dll
2015-03-25 03:00 . 2015-04-15 14:31	173056	----a-w-	c:\windows\SysWow64\wuwebv.dll
2015-03-25 03:00 . 2015-04-15 14:31	33792	----a-w-	c:\windows\SysWow64\wuapp.exe
2015-03-23 03:25 . 2015-04-15 14:31	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-03-23 03:25 . 2015-04-15 14:31	769536	----a-w-	c:\windows\system32\invagent.dll
2015-03-23 03:24 . 2015-04-15 14:31	419840	----a-w-	c:\windows\system32\devinv.dll
2015-03-23 03:24 . 2015-04-15 14:31	957952	----a-w-	c:\windows\system32\appraiser.dll
2015-03-23 03:24 . 2015-04-15 14:31	30720	----a-w-	c:\windows\system32\acmigration.dll
2015-03-23 03:24 . 2015-04-15 14:31	227328	----a-w-	c:\windows\system32\aepdu.dll
2015-03-23 03:24 . 2015-04-15 14:31	192000	----a-w-	c:\windows\system32\aepic.dll
2015-03-23 03:17 . 2015-04-15 14:31	1111552	----a-w-	c:\windows\system32\aeinv.dll
2015-03-10 03:25 . 2015-04-15 14:30	1882624	----a-w-	c:\windows\system32\msxml3.dll
2015-03-10 03:21 . 2015-04-15 14:30	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-03-10 03:08 . 2015-04-15 14:30	1237504	----a-w-	c:\windows\SysWow64\msxml3.dll
2015-03-10 03:05 . 2015-04-15 14:30	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2015-03-05 05:12 . 2015-04-15 14:30	404480	----a-w-	c:\windows\system32\gdi32.dll
2015-03-05 04:05 . 2015-04-15 14:30	311808	----a-w-	c:\windows\SysWow64\gdi32.dll
2015-03-04 04:55 . 2015-04-15 14:24	367552	----a-w-	c:\windows\system32\clfs.sys
2015-03-04 04:41 . 2015-04-15 14:24	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-03-04 04:41 . 2015-05-13 10:11	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:41 . 2015-05-13 10:11	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:10 . 2015-04-15 14:24	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-03-04 04:10 . 2015-05-13 10:11	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-03-04 04:10 . 2015-05-13 10:11	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-03-04 04:06 . 2015-05-13 10:11	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2014-02-21 08:49 . 2014-02-21 08:49	49940480	----a-w-	c:\program files (x86)\GUT6068.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe" [2015-05-06 1694560]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-04-17 31276160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]
"Dolby Advanced Audio v2"="c:\program files (x86)\Dolby Advanced Audio v2\pcee4.exe" [2011-02-03 506712]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-01-30 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-23 5515496]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2012-2-16 300928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bbus.sys [x]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdfl.sys [x]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ss_bmdm.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 CyberLink PowerDVD 10 MS Monitor Service;CyberLink PowerDVD 10 MS Monitor Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [x]
S2 CyberLink PowerDVD 10 MS Service;CyberLink PowerDVD 10 MS Service;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe;c:\program files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GFNEXSrv;GFNEX Service;c:\program files (x86)\PHotkey\GFNEXSrv.exe;c:\program files (x86)\PHotkey\GFNEXSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [x]
S2 PEGAGFN;PEGAGFN;c:\program files (x86)\PHotkey\PEGAGFN.sys;c:\program files (x86)\PHotkey\PEGAGFN.sys [x]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe;c:\program files\CyberLink\Shared files\RichVideo64.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe;c:\program files (x86)\watchmi\TvdService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys;c:\windows\SYSNATIVE\drivers\btmaud.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-26 12:02	986440	----a-w-	c:\program files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2015-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 03:20]
.
2015-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 15:39]
.
2015-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-16 15:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-05-23 12:03	722400	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 15:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 15:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 15:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 15:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 15:34	774984	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-03 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-03 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f
mStart Page = https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar = https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Yahoo Search!
FF - prefs.js: browser.startup.homepage - hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-22__alt__ddc_dsssyc_bd_com
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_276_bl-sw-22__alt__ddc_dss_bd_com&p={searchTerms}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyGEhP39g&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 948776190000000000004c809318d2a7
FF - user.js: extensions.incredibar_i.instlDay - 15522
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1421:55
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef - 
FF - user.js: extensions.incredibar_i.dfltLng - 
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id - 
FF - user.js: extensions.incredibar_i.upn2 - 6OyGEhP39g
FF - user.js: extensions.incredibar_i.upn2n - 92261681972009538
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10650
FF - user.js: extensions.incredibar_i.ppd - 21%5F4
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 948776190000000000004c809318d2a7
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15925
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.017:38
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - de
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=121564&tt=070813_wt4&tsp=4968
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
user_pref(extensions.autoDisableScopes,14);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{1631550F-191D-4826-B069-D9439253D926} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-mobilegeni daemon - c:\program files (x86)\Mobogenie\DaemonProcess.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-10 - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AmUStor - c:\program files (x86)\InstallShield Installation Information\{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}\setup.exe
AddRemove-Messenger Tigo - c:\progra~2\MESSEN~1\UNWISE.EXE
AddRemove-{C05D8CDB-417D-4335-A38C-A0659EDFD6B8} - c:\program files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe
.
.
"ImagePath"="\"c:\program files\CyberLink\Shared files\RichVideo64.exe\"\00Z
[\]^_¯\00\00¯\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~¯\00\00¯\00\00\00\00x\00\00\00\00\00\00\00\00‘’“"
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,12,cf,
   03,9c,b9,e8,0a,be,95,be,17,8e,6e,fa,db
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,ce,20,
   8b,33,1d,d4,02,95,cf,15,24,74,48,24,de
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1a,d8,
   c0,74,f5,30,0b,a7,77,d8,65,c3,85,cf,b1
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,3b,1b,9a,51,10,
   29,98,15,8c,0b,9f,ea,c4,c8,3a,c0,d2,01
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,42,90,
   b5,6d,7f,bf,06,94,78,b5,b7,87,5a,03,8f
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,16,7d,
   28,b4,db,51,08,a2,d1,21,82,90,83,d7,9f
"{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}"=hex:51,66,7a,6c,4c,1d,3b,1b,56,f8,50,
   d3,a4,3a,35,0f,80,d4,8e,e1,c5,ac,ee,ea
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,6c,7e,
   29,b3,10,96,0e,87,15,50,09,a6,d7,d2,ec
"{683E913B-8555-07AC-73D8-B6F297074082}"=hex:51,66,7a,6c,4c,1d,3b,1b,2b,8b,2e,
   73,64,d4,c7,4f,68,db,f2,b2,95,47,07,9a
"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,3c,4e,
   95,1c,fc,d4,00,b7,2e,95,3f,02,c9,ca,1e
"{318A227B-5E9F-45BD-8999-7F8F10CA4CF5}"=hex:51,66,7a,6c,4c,1d,3b,1b,6b,38,9a,
   2a,ae,0f,d6,0d,92,9a,3b,cf,12,8a,0b,ed
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,31,83,
   f5,f1,84,72,05,b8,d9,8a,48,4b,65,ca,fe
"{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"=hex:51,66,7a,6c,4c,1d,3b,1b,1f,21,3d,
   56,8f,38,11,0f,8b,f6,b9,9b,07,75,3e,6d
"{98889811-442D-49DD-99D7-DC866BE87DBC}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,82,98,
   83,1c,15,b6,01,82,d4,98,c6,69,a8,3a,a4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8d,04,
   6d,c1,87,47,0e,ad,e8,90,9a,f3,99,6a,5b
"{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,3b,1b,44,ba,f4,
   e2,80,b8,a8,03,98,a0,32,e1,ac,33,26,68
"{fe063412-bea4-4d76-8ed3-183be6220d17}"=hex:51,66,7a,6c,4c,1d,3b,1b,02,2e,16,
   e5,95,ef,1d,05,95,d0,5c,7b,e4,62,4a,0f
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
   a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-05-29  09:08:40
ComboFix-quarantined-files.txt  2015-05-29 13:08
.
Vor Suchlauf: 7 Verzeichnis(se), 128.404.619.264 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 128.261.070.848 Bytes frei
.
- - End Of File - - 78260C7C38D5374749FDABBFCF93DE08

--- --- ---

schrauber · 30.05.2015, 09:03

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Blanca · 30.05.2015, 17:57

Sooo mal sehen ob ich das jetzt alls auf die Reihe bekomme...

mbam.txt

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 30.05.2015
Suchlauf-Zeit: 10:59:02
Logdatei: mab....txt
Administrator: Ja

Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.05.24.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Sabrina

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 427877
Verstrichene Zeit: 15 Min, 18 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente gefunden)

Module: 0
(Keine schädliche Elemente gefunden)

Registrierungsschlüssel: 42
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\APPID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}, In Quarantäne, [0c6df74cd4b66bcbe87f2af852b14bb5], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}, In Quarantäne, [0c6df74cd4b66bcbe87f2af852b14bb5], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}, In Quarantäne, [0c6df74cd4b66bcbe87f2af852b14bb5], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [81f82b18fe8c0234f36491c4986bdf21], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [81f82b18fe8c0234f36491c4986bdf21], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [81f82b18fe8c0234f36491c4986bdf21], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}, In Quarantäne, [f485ac97d1b92f0769ff2ef4fd06b050], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}, In Quarantäne, [f485ac97d1b92f0769ff2ef4fd06b050], 
PUP.Optional.Babylon.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [027772d1b5d50d294da041dab0532cd4], 
PUP.Optional.SweetPacks.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [a6d381c2cac00c2abd22c49414efb947], 
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{EEE6C360-6118-11DC-9C72-001320C79847}, In Quarantäne, [a6d381c2cac00c2abd22c49414efb947], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1631550F-191D-4826-B069-D9439253D926}, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\PriceFactorIE.PriceGongBHO, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\PriceFactorIE.PriceGongBHO.1, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceFactorIE.PriceGongBHO, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\PriceFactorIE.PriceGongBHO.1, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\PriceFactorIE.PriceGongBHO, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\PriceFactorIE.PriceGongBHO.1, In Quarantäne, [1b5ea89bcac0c76f385833ea1ae9c63a], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\APPID\PriceGongIE.DLL, In Quarantäne, [d9a0e95a4e3c350105bba1566e95a55b], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\PriceGongIE.DLL, In Quarantäne, [3f3adb68206a9e9800c0b542be450af6], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [4138de65e8a23303c761954e3cc7ab55], 
PUP.Optional.BonanzaDeals.A, HKLM\SOFTWARE\WOW6432NODE\BonanzaDealsLive, In Quarantäne, [0a6f88bb0e7ce65047cfcb48de278f71], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\Datamngr, In Quarantäne, [2d4ce55eaedc45f15b94b91f7a89827e], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, In Quarantäne, [d0a948fbf79384b2d3f1278c699a35cb], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PriceGongIE.DLL, In Quarantäne, [0a6fe360b0da340211afe215c340936d], 
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\DELTA\DELTA\Instl, In Quarantäne, [10694df6c9c1171fd54f1ff1e61f867a], 
PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\aaaaihhnfnbnpbhpagnmoplpcjbediml, In Quarantäne, [3f3ab78c4e3cda5cc092e5ca30d39769], 
PUP.Optional.PriceGong.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\bkomkajifikmkfnjgphkjcfeepbnojok, In Quarantäne, [3d3c7bc865259c9acbf770876a992dd3], 
PUP.Optional.Incredibar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [5128bc875139a09602263ea55aa9ba46], 
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jcdgjdiieiljkfkdcloehkohchhpekkn, In Quarantäne, [ea8fdc674248171fd12dcc0714ef817f], 
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\leocdeigfnkaojcapikdjcdbedcjmffc, In Quarantäne, [d3a684bf3d4dd75f7934268338cb9070], 
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, In Quarantäne, [91e89da62268de584fbd7c96af5641bf], 
PUP.Optional.BonanzaDeals.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\BonanzaDealsLive, In Quarantäne, [83f640035832e551987cfd16c63f9868], 
PUP.Optional.SweetIM.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\SweetIM, In Quarantäne, [0c6d5ee5eb9f48ee7350f2c18f7434cc], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, In Quarantäne, [b3c6ed56a2e80234ed813682c241bc44], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\CONDUIT\FF, In Quarantäne, [7108b58edeacb1856c141ef2927337c9], 
PUP.Optional.Delta.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\DELTA\DELTA, In Quarantäne, [87f21b282d5d1521ddb89277ba4b2cd4], 
PUP.Optional.Conduit.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\leocdeigfnkaojcapikdjcdbedcjmffc, In Quarantäne, [fc7d043f404a1a1ccfdda3069e65e31d], 
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [0c6d9ea515752f07bc586c568b78659b], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [92e790b3deac7fb7d960777ec340c739], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\INSTALLCORE, In Quarantäne, [3f3a4df6bccea78f58be3ad1858006fa], 
PUP.Optional.BProtector.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, In Quarantäne, [3c3d6ed54644270f3dfc34dad62f44bc], 

Registrierungswerte: 13
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [8cedb48f127896a0662a65b6e71cde22], 
PUP.Optional.StartPage.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, In Quarantäne, [8cedb48f127896a0662a65b6e71cde22]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{336D0C35-8A85-403A-B9D2-65C292C39087}, C:\Program Files\Web Assistant\Firefox, In Quarantäne, [8cedb48f127896a0662a65b6e71cde22]
PUP.Optional.StartPage.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{336D0C35-8A85-403a-B9D2-65C292C39087}, In Quarantäne, [2455ef545c2e61d5b1dffb20e71cd62a], 
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_application, hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s, In Quarantäne, [d7a254ef2f5bd85edb8680fbd52f4eb2]
PUP.Optional.Incredibar, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\Web Assistant\Firefox, In Quarantäne, [7cfd5be84b3f3afc0764f02609fcd52b]
Hijacker.Application, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_Application, hxxp://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s, In Quarantäne, [b0c9c77c8cfe7db9abb6f58637cd7987]
PUP.Optional.Incredibar, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}, C:\Program Files\Web Assistant\Firefox, In Quarantäne, [1663291a8406c57113581ef8ff06cd33]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, In Quarantäne, [91e89da62268de584fbd7c96af5641bf], 
PUP.Optional.Delta.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\DELTA\DELTA|tlbrSrchUrl, In Quarantäne, [87f21b282d5d1521ddb89277ba4b2cd4], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\INSTALLCORE|tb, 0H1L1J1L1S1R1N, In Quarantäne, [3f3a4df6bccea78f58be3ad1858006fa]
PUP.BProtector, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=94874C809318D2A7&affID=121564&tt=070813_wt4&tsp=4968, In Quarantäne, [4930142fe8a2092d985ce3278382f40c]
PUP.BProtector, HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [2851b98afd8d96a018ddbe4ccf36728e]

Registrierungsdaten: 2
Hijacker.Application, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, hxxp://www.helpmeopen.com/?n=app&ext=%s, Gut: (hxxp://shell.windows.com/fileassoc/Schlecht: (hxxp://www.helpmeopen.com/?n=app&ext=%s),Ersetzt,[463350f33951bc7abc5b0fd0db2a1ce4]x/xml/redir.asp?Ext=%s), %5
Hijacker.Application, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application, hxxp://www.helpmeopen.com/?n=app&ext=%s, Gut: (hxxp://shell.windows.com/fileassoc/Schlecht: (hxxp://www.helpmeopen.com/?n=app&ext=%s),Ersetzt,[d4a5ff44becc1a1ccd4a825df411b44c]x/xml/redir.asp?Ext=%s), %5

Ordner: 36
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\007183455B4042F7ABA7DC19D1E8D0BC, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\0E26FF00C76C406AA3EB16F0260F85BC, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\9FEBD7C672A24A219C20A4A8AECA7176, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\F9497C3DA2534B11ADB732795A577B40, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive, In Quarantäne, [b8c1e75c3c4e54e287df6bfff80bfd03], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update, In Quarantäne, [b8c1e75c3c4e54e287df6bfff80bfd03], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log, In Quarantäne, [b8c1e75c3c4e54e287df6bfff80bfd03], 
PUP.Optional.BonanzaDeals.A, C:\Users\Sabrina\AppData\Local\BonanzaDealsLive, In Quarantäne, [b9c0152e97f38caa4c1bee7c0ff420e0], 
PUP.Optional.BonanzaDeals.A, C:\Users\Sabrina\AppData\Local\BonanzaDealsLive\CrashReports, In Quarantäne, [b9c0152e97f38caa4c1bee7c0ff420e0], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive, In Quarantäne, [94e547fcb6d472c40564d4963cc708f8], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDealsLive\CrashReports, In Quarantäne, [94e547fcb6d472c40564d4963cc708f8], 
PUP.Optional.NextLive.A, C:\Users\Sabrina\AppData\Roaming\newnext.me, In Quarantäne, [344547fc474377bfaa6f363517ecb64a], 
PUP.Optional.NextLive.A, C:\Users\Sabrina\AppData\Roaming\newnext.me\cache, In Quarantäne, [344547fc474377bfaa6f363517ecb64a], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\LocalLow\PriceGong, In Quarantäne, [7ffaa79c2b5f91a50cd8a9c3946f847c], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\modules, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\plugins, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.MusicBoxToolbar.A, C:\Users\Sabrina\AppData\Local\imeshmusicboxtoolbar, In Quarantäne, [4f2aa3a0d3b7f54118ef7606e41f0ef2], 
PUP.Optional.MusicBoxToolbar.A, C:\Users\Sabrina\AppData\Local\imeshmusicboxtoolbar\GC, In Quarantäne, [4f2aa3a0d3b7f54118ef7606e41f0ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\C06B0F556C27638B, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.BonanzaDeals.A, C:\Program Files (x86)\BonanzaDeals, In Quarantäne, [7cfda2a1dfaba0965e5cd1be8a79d030], 
PUP.Optional.SweetPacks.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\SweetPacksToolbarData, In Quarantäne, [1c5d6bd8434743f34215960654af3ec2], 
PUP.Optional.SweetPacks.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\SweetPacksToolbarData\logs, In Quarantäne, [1c5d6bd8434743f34215960654af3ec2], 
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM, In Quarantäne, [2158de652d5dd66063ff5e3f49bad729], 

Dateien: 125
PUP.Optional.Babylon.A, C:\Users\Sabrina\AppData\Roaming\OpenCandy\007183455B4042F7ABA7DC19D1E8D0BC\DeltaTB.exe, In Quarantäne, [91e8ee551872dc5a4d8de848c9388d73], 
PUP.Optional.SweetIM, C:\Windows\Installer\2ab75.msi, In Quarantäne, [05749ca74248aa8c14a63dcaa36328d8], 
PUP.Optional.SweetIM.C, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\sweetim.xml, In Quarantäne, [fe7b65de583270c632c4287ee71cd22e], 
PUP.Optional.MyStartSearch.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\MyStart Search.xml, In Quarantäne, [6f0acf74d5b51422aa536c7cbe45dd23], 
PUP.Optional.Babylon.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\babylon.xml, In Quarantäne, [ea8faf949feb73c395fc5c8e35ce12ee], 
PUP.Optional.BProtector.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\bprotector_extensions.sqlite, In Quarantäne, [adcc0043b8d2ba7cf2abde0ce61de917], 
PUP.Optional.BProtector.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\bprotector_prefs.js, In Quarantäne, [9fda1e2561294aec1c8218d2fa090bf5], 
PUP.Optional.Conduit.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\conduit.xml, In Quarantäne, [7bfe8eb54a40ab8bdedad614867dac54], 
PUP.Optional.BProtector.A, C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\bprotector web data, In Quarantäne, [a6d3073cb6d4280eb585ad615baae818], 
PUP.Optional.BProtector.A, C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences, In Quarantäne, [4c2d90b36c1e78be7dbeaa643dc834cc], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\0E26FF00C76C406AA3EB16F0260F85BC\RegistryReviverSetup_3.0.1.144_CO2.exe, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\0E26FF00C76C406AA3EB16F0260F85BC\RegistryReviverSetup_AFD_p4v1.exe, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.OpenCandy, C:\Users\Sabrina\AppData\Roaming\OpenCandy\9FEBD7C672A24A219C20A4A8AECA7176\chrometest3.html, In Quarantäne, [f78266dd5c2e9d993946f673cf34b34d], 
PUP.Optional.BonanzaDeals.A, C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log, In Quarantäne, [b8c1e75c3c4e54e287df6bfff80bfd03], 
PUP.Optional.NextLive.A, C:\Users\Sabrina\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [344547fc474377bfaa6f363517ecb64a], 
PUP.Optional.NextLive.A, C:\Users\Sabrina\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [344547fc474377bfaa6f363517ecb64a], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar\apnuserid.dat, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar\appid.dat, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar\geodata.xml, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar\setupCfg.xml, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar\sysid.dat, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.MusicBoxToolBar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\imeshmusicboxtoolbar\trackid.dat, In Quarantäne, [e0998eb59eec979fdc21f9754fb4a759], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome.manifest, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\install.rdf, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\options.js, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\options.xul, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\overlay.js, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\preferences.xul, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\pricegong-3.x.xul, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\content\pricegong-4.x.xul, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US\overlay.dtd, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\locale\en-US\pricegong.dtd, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin\overlay.css, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\chrome\skin\PriceGong.png, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\modules\pg_tab_wrapper.js, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.PriceGong.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}\plugins\npPriceGong_FF.dll, In Quarantäne, [2158fc47c6c4f64067a3c5aa58ab25db], 
PUP.Optional.MusicBoxToolbar.A, C:\Users\Sabrina\AppData\Local\imeshmusicboxtoolbar\GC\toolbar.crx, In Quarantäne, [4f2aa3a0d3b7f54118ef7606e41f0ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\chrome.manifest, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\install.rdf, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF14.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF.xpt, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF16.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF18.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF19.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF2.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF20.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF29.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF30.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF4.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF5.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF6.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF7.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\components\SafetyNutHlpFF8.dll, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\DnsBHO.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\Error404BHO.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\MainBHO.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\NativeHelper.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\NewTabBHO.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\overlay.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\overlay.xul, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\RelatedSearch.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\RequestPreserver.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\SearchBHO.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Ask.A, C:\Users\Sabrina\AppData\Roaming\Browser Tab Search by Ask\SafetyNut\content\SettingManager.js, In Quarantäne, [8cedcc775b2f1f1781814c388c770ef2], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\20120701215458.log, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.dat, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.exe, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\Setup.ico, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\TsuDll.dll, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setup.dll, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Installmate, C:\ProgramData\InstallMate\{16782E9C-E344-47BD-A045-B9BA79870632}\_Setupx.dll, In Quarantäne, [f089e162b7d30c2a5b14216b40c324dc], 
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.incredibar.admin", false);), Ersetzt,[ff7a64df4c3ee4528d7cb669ea1c51af]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
 *
 * If yo), Ersetzt,[fa7f50f36f1b280e0504b26d65a1c838]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
 *
 * If), Ersetzt,[d3a6142f9ceefb3bbb4eb16ec1452fd1]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (Preferences
/* Do not edit this file.
 *
 * If), Ersetzt,[3c3d7ec522682610ed1c2cf3f214bd43]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
 *
 * If you m), Ersetzt,[5722103395f50b2b37d297883acc2fd1]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
 *
 * If you ), Ersetzt,[86f3ff440882f04662a75dc20ef8946c]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
 *
 * If you), Ersetzt,[28511f24a0ea60d6c544849ba95d19e7]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
 *
 * If you make changes to this file whi), Ersetzt,[accd093af694310555b4d34cdb2b9769]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (file.
 *
 * If you make changes to this file ), Ersetzt,[cbae47fcc7c37cba7891fe218f779c64]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (eferences
/* Do not edit this file.
 *
 * If you make changes to this f), Ersetzt,[b3c656eda2e885b1b05973ac9175b24e]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (his file.
 *
 * If you make changes to this file while the), Ersetzt,[0574b2913a5076c0b4559689b254946c]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: ( Do not edit this file.
 *
 * If you make changes t), Ersetzt,[e792142f7f0b1323d1380d126f9721df]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
 *
 * If you ma), Ersetzt,[6019ac976426cb6b8386c85720e603fd]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
 *
 * If you make), Ersetzt,[cfaab58e2961c76f2bde2ef1fe082ad6]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (s
/* Do not edit this file.
 *
 * If you make changes to this fi), Ersetzt,[2d4c72d112787db9f1187da2bd49f010]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: ( edit this file.
 *
 * If you make changes to t), Ersetzt,[186156ed5931cd6946c39e81ee189d63]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
 *
 * If you ma), Ersetzt,[c2b7de6525657fb758b15dc2b353cc34]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (nces
/* Do not edit this file.
 *
 * If you ma), Ersetzt,[4435152e8802f64063a6bb64b84e669a]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
 *
 * If you make ), Ersetzt,[98e14201fa9052e47891819eb74f5ca4]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (s
/* Do not edit this file.
 *
 * If you make ch), Ersetzt,[6811390a3c4e85b1b1586bb4976fa45c]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
 *
 * If you make chan), Ersetzt,[651488bbe5a5290d8c7d48d7d72f57a9]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make), Ersetzt,[b9c0b78c5e2cfe38a2678c93fe087a86]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (references
/* Do not edit this file.
 *
 * If yo), Ersetzt,[94e5a59e2763db5b7693a877c73f45bb]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
 *
 * If you ma), Ersetzt,[e693b58e800a47efe2276bb49571fe02]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the ), Ersetzt,[6910e45f6f1be5512fda34eb6e98e719]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (is file while the application is running,
 * the chan), Ersetzt,[94e5390abad090a6bc4d4cd34fb73cc4]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (es
/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[fc7ddc67286241f567a2ed32e81e827e]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (o not edit this file.
 *
 * If you make changes to ), Ersetzt,[1267a2a1781292a4e6236db266a002fe]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[b0c967dcc5c5cf67ca3f5fc096700000]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: ( not edit this file.
 *
 * If you make changes to th), Ersetzt,[0e6baf946f1bc571f9104bd4b35317e9]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (es
/* Do not edit this file.
 *
 * If you make c), Ersetzt,[ed8ca79c8ffba591a9601a05c640b947]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
 *
 * If you m), Ersetzt,[da9f3211ec9efe386b9e0718699d38c8]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
 *
 * If you ), Ersetzt,[4930291a8efc7cba3acfba654cba45bb]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
 *
 * If you mak), Ersetzt,[2554a59e0981f2442cdd52cdce3828d8]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (nces
/* Do not edit this file.
 *
 * If you make changes to this file whi), Ersetzt,[7aff9fa46921f343f91053cc28defb05]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (s file.
 *
 * If you make changes to this file while the app), Ersetzt,[b3c649fa088243f344c5c857d531ea16]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (o not edit this file.
 *
 * If you make changes to th), Ersetzt,[f68371d2c7c385b166a34dd28383857b]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (s
/* Do not edit this file.
 *
 * If you make c), Ersetzt,[db9eaf946426c27464a5a57a759148b8]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
 *
 * If you ma), Ersetzt,[91e8340f8802af8703063ee153b3f907]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
 *
 * If you mak), Ersetzt,[0970ed568dfdd1651feac956bb4be51b]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make change), Ersetzt,[0a6f1d26246678be927767b8e026a35d]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
 *
 * If you make changes ), Ersetzt,[f683152e3d4d01352cdd07181cea7987]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (* Do not edit this file.
 *
 * If you make changes ), Ersetzt,[6d0c6bd80387b581a366e33ccc3aaa56]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
 *
 * If you make c), Ersetzt,[5326d76cafdb5adc6d9c6ab5b5517789]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (nces
/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the chan), Ersetzt,[d5a40340dcae290d1bee8e91c3438977]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: ( file while the application is running,
 * the changes ), Ersetzt,[3445e95a3b4f49ed1ced33ec27dfbc44]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to this ), Ersetzt,[7efbfd46b1d9f2449d6c1609cf37ed13]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (not edit this file.
 *
 * If you make changes to this), Ersetzt,[36436cd755352c0ae326f6294eb807f9]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (s
/* Do not edit this file.
 *
 * If you make changes to this ), Ersetzt,[2c4df64da2e874c232d7f629897df709]
PUP.Optional.Incredibar.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (ot edit this file.
 *
 * If you make changes to this f), Ersetzt,[5623360d2466b87e799030ef0bfbf907]
PUP.Optional.Softonic.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searchfor\",\"search.mywebsearch.com\":\"searchfor\",\"search.mindspark.com\":\"searchfor\",\"search.conduit.com\":\"q\",\"search.zugo.com\":\"p\",\"www2.mystart.com\":\"q\",\"www.mystart.com\":\"q\",\"www.bigseekpro.com\":\"q\",\"bigseekpro.com\":\"q\",\"bigspeedpro.com\":\"q\",\"search.esnips.com\":\"searchQuery\",\"search.foxtab.com\":\"q\",\"search.brothersoft.com\":\"keyword\",\"search.softonic.com\":\"q\",\"www.dogpile.com\":\"q\",\"search.infospace.com\":\"q\",\"search.iobit.com\":\"q\",\"search.iminent.com\":\"\",\"search.facemoods.com\":\"s\",\"www.plusnetwork.com\":\"q\",\"www.alothome.com\":\"q\",\"alothome.com\":\"q\",\"search.alothome.com\":\"q\",\"search.chatvibes.com\":\"q\",\"search.blekko.com\":\"\",\"www.searchnu.com\":\"q\",\"searchnu.com\":\"q\",\"search.icq.com\":\"q\",\"search.etype.com\":\"query\",\"isearch.babylon.com\":\"q\",\"search.utorrent.com\":\"\",\"search.bittorrent.com\":\"\",\"search.bearshare.com\":\"q\",\"search.bearshare.net\":\"q\",\"searchya.com\":\"q\",\"int.search-results.com\":\"q\",\"search.searchcompletion.com\":\"q\",\"www.adoresearch.com\":\"q\",\"www.searchcore.net\":\"q\",\"googosearch.info\":\"terms\",\"bar.searchqu.com\":\"q\",\"search.speedbit.com\":\"q\",\"search.toggle.com\":\"q\",\"click.searchnation.net\":\"query\",\"isearch.whitesmoke.com\":\"q\",\"search.handycafe.com\":\"q\",\"searchassist.babylon.com\":\"q\",\"searchnation.net\":\"query\",\"video.searchcompletion.com\":\"q\",\"www.searchbrowsing.com\":\"q\",\"search.anchorfree.net\":\"q\",\"search.hotspotshield.com\":\"q\",\"dts.search-results.com\":\"q\",\"uk.search-results.com\":\"q\",\"search.chatzum.com\":\"q\",\"search.phpnuke.org\":\"q\",\"www.i-mysearch.com\":\"q\",\"search.smartaddressbar.com\":\"q\",\"www.search-guru.com\":\"q\",\"mysearch.sweetim.com\":\"q\",\"searchgby.com\":\"\",\"thespecialsearch.com\":\"q\",\"search.bpath.com\":\"q\",\"start.funmoods.com\":\"q\",\"fr.search-results.com\":\"q\",\"de.search-results.com\":\"q\",\"it.search-results.com\":\"q\",\"es.search-results.com\":\"q\",\"search.imesh.com\":\"q\",\"search.swagbucks.com\":\"q\",\"isearch.avg.com\":\"q\",\"search.avg.com\":\"q\",\"search.yippy.com\":\"query\",\"cludr.com\":\"q\",\"search.vmn.net\":\"q\",\"www.gigablast.com\":\"q\",\"www.metacrawler.com\":\"q\",\"www.webcrawler.com\":\"q\",\"www.ixquick.com\":\"\",\"www.search.com\":\"q\",\"www.excite.com\":\"q\",\"duckduckgo.com\":\"q\",\"search.lycos.com\":\"q\",\"webfetch.com\":\"q\",\"monstercrawler.com\":\"q\",\"go.com\":\"p\",\"hotbot.com\":\"keyword\",\"home.myplaycity.com\":\"s\",\"www.findamo.com\":\"q\",\"search.gboxapp.com\":\"q\",\"start.iplay.com\":\"q\",\"home.speedbit.com\":\"q\",\"home.sweetim.com\":\"q\",\"search.alot.com\":\"q\",\"search.searchplusnetwork.com\":\"q\",\"www.searchqu.net\":\"\",\"us.yhs4.search.yahoo.com\":\"p\",\"search.insiteapp.com\":\"q\",\"somoto.com\":\"q\",\"blekko.com\":\"\",\"uk.yhs4.search.yahoo.com\":\"p\",\"fr.yhs4.search.yahoo.com\":\"p\",\"suggestor.netliker.com\":\"\",\"search.netliker.com\":\"\",\"insta-search.com\":\"q\",\"www.fast-search.biz\":\"q\",\"start.facemoods.com\":\"s\",\"search.coolnovo.com\":\"\",\"chromeplus.info\":\"q\",\"in.yhs4.search.yahoo.com\":\"p\",\"in.yhs.search.yahoo.com\":\"p\",\"www.searchble.com\":\"keyword\",\"home.allgameshome.com\":\"s\",\"forsearch.net\":\"q\",\"allssearch.com\":\"q\",\"search.snap.do\":\"q\",\"us.yhs.search.yahoo.com\":\"p\",\"uk.yhs.search.yahoo.com\":\"p\",\"fr.yhs.search.yahoo.com\":\"p\",\"search.smartsearchbox.net\":\"\",\"search.seznam.cz\":\"q\",\"search.funmoods.com\":\"s\",\"search.avira.com\":\"q\",\"search.jzip.com\":\"q\",\"search.findeer.com\":\"\",\"search-faster.com\":\"\",\"dnssearch.rr.com\":\"search\",\"search.rr.com\":\"q\",\"search.kalloutsearch4.com\":\"q\",\"kalloutsearch4.com\":\"Keywords\",\"search.rapidns.net\":\"SearchQuery\",\"websearch.4shared.com\":\"q\",\"images.search.conduit.com\":\"q\",\"search.cpchero.biz\":\"q\",\"search.kikin.com\":\"q\",\"www.engine-search.biz\":\"q\",\"www.mysearchresults.com\":\"q\",\"search.vdc.com.vn\":\"SearchQuery\",\"search.charter.net\":\"search\",\"search-vbc.com\":\"keywords\",\"search.pch.com\":\"q\",\"search.pantip.com\":\"\",\"www.startsearcher.com\":\"q\",\"search.icafemanager.com\":\"q\",\"aolsearcht10.search.aol.com\":\"q\",\"search.free.fr\":\"\",\"www.similarsitesearch.com\":\"URL\",\"qoqole.com\":\"q\",\"www.claro-search.com\":\"q\",\"isearch.claro-search.com\":\"q\",\"www.uncoverthenet.com/search\":\"q\",\"www.searchcanvas.com\":\"q\",\"search.etoolkit.com\":\"q\",\"www.searchalgo.com\":\"q\",\"bestsearchall.com\":\"q\",\"bestorganicsearch.com\":\"q\",\"mysearchproperties.com\":\"q\",\"search.treasuretrooper.com\":\"q\",\"btsearch.name\":\"q\",\"optu.search-help.net\":\"search\",\"search.clinck.in\":\"q\",\"search.shareazaweb.net\":\"q\",\"search.solarmash.com\":\"q\",\"search.surfcanyon.com\":\"q\",\"search.tedata.net\":\"SearchQuery\",\"www.gooofullsearch.com\":\"keywords\",\"www.alnaddy.com\":\"q\"}|||8641354426576192");), Ersetzt,[1960c28182084de9bb55c7584bbb6997]
PUP.Optional.Softonic.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (                <td style=\\\\\\\"display: table-cell;\\\\\\\" id=\\\\\\\"engineTextWrapper\\\\\\\">\\\\n                                    <div title=\\\\\\\"Suchen\\\\\\\" style=\\\\\\\"color: rgb(0, 0, 0); font-family: Tahoma; font-weight: normal; font-style: normal; font-size: 11px;\\\\\\\" id=\\\\\\\"engineText\\\\\\\">Suchen</div>\\\\n                                </td>\\\\n                            </tr>\\\\n                        </tbody></table>\\\\n                    </td>\\\\n                    <td id=\\\\\\\"enginesPopupButtonWrapper\\\\\\\">\\\\n                        <div id=\\\\\\\"enginesPopupButton\\\\\\\" class=\\\\\\\"dropdownButton no-select\\\\\\\"></div>\\\\n                    </td>\\\\n                </tr>\\\\n            </tbody></table>\\\\n        </td>\\\\n    </tr>\\\\n</tbody></table>\\\"},\\\"locale\\\":{\\\"alignMode\\\":\\\"LTR\\\",\\\"locale\\\":\\\"de\\\",\\\"languageAlignMode\\\":\\\"LTR\\\"}}\"},{\"appId\":\"129416031642500897\",\"apiPermissions\":{\"crossDomainAjax\":false,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":true,\"jsInjection\":false,\"sslGranted\":false},\"originalHeight\":26},{\"appId\":\"130055924038451266\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":false,\"instantAlert\":true,\"jsInjection\":true,\"sslGranted\":true},\"originalHeight\":26}]");
user_pref("CT2851647.enableAlerts", "always");
user_pref("CT2851647.enableFix404ByUser", "FALSE");
user_pref("CT2851647.enableSearchFromAddressBar", "true");
user_pref("CT2851647.firstTimeDialogOpened", "true");
user_pref("CT2851647.fixPageNotFoundError", "true");
user_pref("CT2851647.fixPageNotFoundErrorByUser", "true");
user_pref("CT2851647.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2851647.fixUrls", true);
user_pref("CT2851647.fullUserID", "UN22191471511795158.UP.20130716173943");
user_pref("CT2851647.installId", "fftC954.tmp.exe");
user_pref("CT2851647.installType", "XPE");
user_pref("CT2851647.isCheckedStartAsHidden", true);
user_pref("CT2851647.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2851647.isFirstTimeToolbarLoading", "false");
user_pref("CT2851647.isNewTabEnabled", true);
user_pref("CT2851647.isPerformedSmartBarTransition", "true");
user_pref("CT2851647.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2851647.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2851647.keyword", true);
user_pref("CT2851647.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN22191471511795158&SSPV=&Lay=1&UM=UM_ID\"}");
user_pref("CT2851647.lastVersion", "10.16.70.505");
user_pref("CT2851647.mam_gk_appStateReportTime.enc", "MTM3OTIzMDAzMDY0NA==");
user_pref("CT2851647.mam_gk_appState_CouponBuddy.enc", "b24=");
user_pref("CT2851647.mam_gk_appState_PriceGong.enc", "b24=");
user_pref("CT2851647.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0RpYWxvZyI6eyJkaXNwbGF5TmFtZSI6IlByaWNlR29uZyIsImFwcERlc2MiOiJJaHIgQXNzaXN0ZW50IGJlaW0gT25saW5lLVNob3BwaW5nLiBNaXQgUHJpY2VHb25nIGZpbmRlbiBTaWUgZGllIGJlc3RlbiBPbmxpbmUtU2NobsOkcHBjaGVuIHVuZCBlcmhhbHRlbiBPbmxpbmUtR3V0c2NoZWluZSBnZW5hdSBkYW5uLCB3ZW5uIFNpZSBzaWUgYnJhdWNoZW4uIiwicHJpdmFjeVBvbGljeVVybCI6Imh0dHA6Ly93d3cucHJpY2Vnb25nLmNvbS9Qcml2YWN5UG9saWN5LmFzcHgiLCJ0ZXJtc09mVXNlVXJsIjoiaHR0cDovL3d3dy5wcmljZWdvbmcuY29tL1Rlcm1zb2ZVc2UuYXNweCJ9LCJjb21wYXRpYmlsaXR5IjpbeyJwbGF0Zm9ybSI6IklFX1RCIiwibWF4VmVyc2lvbiI6IjAuMC4wLjAifV0sIkhpZGRlbkFwcCI6ZmFsc2UsIkVuYWJsZWRJbkh0dHBzIjpmYWxzZX0seyJpZCI6IkNvdXBvbkJ1ZGR5IiwidXJsIjoiaHR0cDovL3d3dy5zb2NpYWxncm93dGh0ZWNobm9sb2dpZXMuY29tL2NvdXBvbmJ1ZGR5X3YwMDMvaW5kZXgucGhwP2N0aWQ9RUJUT09MQkFSSUQiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJDb3Vwb25CdWRkeSIsImFwcERlc2MiOiJDb3Vwb24gQnVkZHkgc3BhcnQgSWhuZW4gR2VsZCwgaW5kZW0gZXMgSWhuZW4gZGllIGJlc3RlbiBHdXRzY2hlaW5lIHVuZCBTY2huw6RwcGNoZW4gYmVpIFRhdXNlbmRlbiBkZXIgZ3LDtsOfdGVuIE9ubGluZS1Iw6RuZGxlciB2b3JzY2hsw6RndC4gQ291cG9uIEJ1ZGR5IGVya2VubnQsIHdvIFNpZSBzdXJmZW4gdW5kIHdlaXN0IFNpZSBkaXJla3QgYXVmIGRlciB2b24gSWhuZW4gYmVzdWNodGVuIFNlaXRlIGF1ZiBkaWUgYmVzdGVuIFNjaG7DpHBwY2hlbiBoaW4uIiwicHJpdmFjeVBvbGljeVVybCI6Imh0dHA6Ly9jYmFwcC5jb20vcHJpdmFjeXBvbGljeS8iLCJ0ZXJtc09mVXNlVXJsIjoiaHR0cDovL2NiYXBwLmNvbS9wcml2YWN5cG9saWN5LyJ9LCJIaWRkZW5BcHAiOmZhbHNlLCJFbmFibGVkSW5IdHRwcyI6ZmFsc2V9LHsiaWQiOiJXaW5kb3dTaG9wcGVyIiwidXJsIjoiaHR0cDovL3d3dy5zdXBlcmZpc2guY29tL3dzL3NmX2NvbmR1aXRfbG9hZGVyLmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJEZWFsIEZpbmRlciIsImFwcERlc2MiOiJJbnN0YW50bHkgY29tcGFyZSBwcmljZXMgb24gYW55IHByb2R1Y3Qgb24gNzUsMDAwIG9ubGluZSBzdG9yZXMgaW4gVVMsIEV1cm9wZSwgQ2FuYWRhLCBCcmF6aWwgb3IgQXVzdHJhbGlhLiBPdXIgaW5kZXggY292ZXJzIG92ZXIgNTAwIG1pbGxpb24gcHJvZHVjdHMgaW4gZXZlcnkgcHJvZHVjdCBjYXRlZ29yeS4gV2l0aCB0aGUgRGVhbCBGaW5kZXIsIHRoZXJlJ3Mgbm8gbW9yZSBqdW1waW5nIGFyb3VuZCBmcm9tIHNpdGUgdG8gc2l0ZSB0byBjb21wYXJlIHByaWNlcyBvciB0byBmaW5kIHdoYXQgeW91IHdhbnQuXG5Vc2luZyB0aGlzIG9mZmVyLCB5b3Ugd2lsbCBzZWUgYSBcIlNlZSBTaW1pbGFyXCIgaWNvbiBhcHBlYXIgbmV4dCB0byBwcm9kdWN0IGltYWdlcy4gSnVzdCBjbGljayBvbiB0aGUgaWNvbiBhbmQgYSB3aW5kb3cgd2lsbCBhcHBlYXIsIHByZXNlbnRpbmcgZGVhbHMgYW5kIHZpc3VhbGx5IHNpbWlsYXIgcHJvZHVjdHMgZnJvbSBodW5kcmVkcyBvZiBvbmxpbmUgc3RvcmVzLiIsInByaXZhY3lQb2xpY3lVcmwiOiJodHRwOi8vd3d3LnNpbWlsYXJwcm9kdWN0cy5uZXQvcHJpdmFjeS1wb2xpY3kiLCJ0ZXJtc09mVXNlVXJsIjoiaHR0cDovL3d3dy5zaW1pbGFycHJvZHVjdHMubmV0L3Rlcm1zLW9mLXVzZS8ifSwiSGlkZGVuQXBwIjpmYWxzZSwiRW5hYmxlZEluSHR0cHMiOmZhbHNlfSx7ImlkIjoiRWFzeXRvYm9va190YXJnZXRlZCIsInVybCI6Imh0dHA6Ly9jb25kMDEuZXRieG1sLmNvbS9jb25kL2V4YW1wbGVfYXBwMi5odG1sIiwic2NyaXB0VXJsIjpudWxsLCJvcHRpb25zRGlhbG9nIjp7ImRpc3BsYXlOYW1lIjoiRWFzeXRvYm9vayAtIExhc3QgTWludXRlIEhlbHBlciIsImFwcERlc2MiOiJTbWFydCBwcmljaW5nIGhvdGVsIG9mZmVyIHRoYXQgd2lsbCBvbmx5IGdpdmUgeW91IGNoZWFwZXIgb2ZmZXJzIGJhc2VkIG9uIHlvdXIgaG90ZWwgc2VhcmNoLiIsInByaXZhY3lQb2xpY3lVcmwiOiJodHRwOi8vd3d3LmVhc3l0b2Jvb2suY29tL3ByaXZhY3kvP2FtdT0yODA4MjY4NjkiLCJ0ZXJtc09mVXNlVXJsIjoiaHR0cDovL3d3dy5lYXN5dG9ib29rLmNvbS9kaXNjbGFpbWVyLz9hbXU9MjgwODI2ODY5In0sIkhpZGRlbkFwcCI6ZmFsc2UsIkVuYWJsZWRJbkh0dHBzIjpmYWxzZX0seyJpZCI6IkVhc3l0b2Jvb2siLCJ1cmwiOiJodHRwOi8vY29uZDAxLmV0YnhtbC5jb20vdy93ZWIvd2lkZ2V0Lmh0bWwiLCJzY3JpcHRVcmwiOm51bGwsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5hbWUiOiJFYXN5dG9ib29rIiwiYXBwRGVzYyI6IlNtYXJ0IHByaWNpbmcgaG90ZWwgYXBwIHdpbGwgZ2l2ZSB5b3UgdGhlIGJlc3QgcHJpY2VzIGJhc2VkIG9uIHlvdXIgaG90ZWwgc2VhcmNoLiBUaGUgYXBwIHdpbGwgY2FsY3VsYXRlIHRoZSBudW1iZXIgb2YgbmlnaHRzIHlvdSBwaWNrZWQgYW5kIGdpdmUgeW91IHRoZSBiZXN0IHJhdGVzIHdlIGNvdWxkIGZpbmQhIiwicHJpdmFjeVBvbGljeVVybCI6Imh0dHA6Ly93d3cuZWFzeXRvYm9vay5jb20vcHJpdmFjeS8/YW11PTI4MDgyNjg2OSIsInRlcm1zT2ZVc2VVcmwiOiJodHRwOi8vd3d3LmVhc3l0b2Jvb2suY29tL2Rpc2NsYWltZXIvP2FtdT0yODA4MjY4NjkifSwiSGlkZGVuQXBwIjpmYWxzZSwiRW5hYmxlZEluSHR0cHMiOmZhbHNlfV0sIlN0YXR1cyI6InN1Y2NlZWRlZCIsImxhc3RVcGRhdGVUaW1lIjoxMzc5MjMwMDI2NTgwfQ==");
user_pref("CT2851647.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
user_pref("CT2851647.mam_gk_calledSetupService.enc", "MQ==");
user_pref("CT2851647.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIxNzA0Mzc3My1mZGU0LTQ3NTAtYWRmYi1iOGIzM2JlMmFiZmYiLCJkb21haW5zIjpbImFnb2RhLiIsImJvb2tpbmcuIiwiYm9va2l0LmNvbSIsImV4cGVkaWEuIiwiaG90ZWxjbHViLmNvbSIsImhvdGVscy4iLCJob3R3aXJlLmNvbSIsImtheWFrLiIsImxhc3RtaW51dGUuY29tIiwibWFrZW15dHJpcC4iLCJtYXJyaW90dC5jb20iLCJvcmJpdHouIiwib3RlbC5jb20iLCJwcmljZWxpbmUuIiwicm9vbWtleS4iLCJzb3V0aHdlc3QuIiwic3BsZW5kaWEuY29tIiwidHJhdmVsb2NpdHkuY29tIiwidHJpcGFkdmlzb3IuIiwidW5pdGVkLmNvbSIsInZlbmVyZS4iLCJ2aXZhc3RheS5jb20iXSwiZG9tYWluc0V4Y2VwdGlvbiI6WyIiXX1dfSx7ImlkIjoiRWFzeXRvYm9vayIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6IjJlNTA3N2RkLTU2M2MtNDkyMi1iNmEyLTc2YTJlNzlhN2I3YyIsImRvbWFpbnMiOlsiYWdvZGEuIiwiYm9va2luZy4iLCJib29raXQuY29tIiwiZXhwZWRpYS4iLCJob3RlbGNsdWIuY29tIiwiaG90ZWxzLiIsImhvdHdpcmUuY29tIiwia2F5YWsuIiwibGFzdG1pbnV0ZS5jb20iLCJtYWtlbXl0cmlwLiIsIm1hcnJpb3R0LmNvbSIsIm9yYml0ei4iLCJvdGVsLmNvbSIsInByaWNlbGluZS4iLCJyb29ta2V5LiIsInNvdXRod2VzdC4iLCJzcGxlbmRpYS5jb20iLCJ0cmF2ZWxvY2l0eS5jb20iLCJ0cmlwYWR2aXNvci4iLCJ1bml0ZWQuY29tIiwidmVuZXJlLiIsInZpdmFzdGF5LmNvbSJdLCJkb21haW5zRXhjZXB0aW9uIjpbIiJdfV19LHsiaWQiOiJQcmljZUdvbmciLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIwNTEwYWM4ZC1iYjgxLTQ0NDItYWRiZS0xZjYxZTZiYWI0YzMiLCJkb21haW5zIjpbIioiXSwiZG9tYWluc0V4Y2VwdGlvbiI6WyJhZ29kYS4iLCJib29raW5nLiIsImJvb2tpdC5jb20iLCJleHBlZGlhLiIsImhvdGVsY2x1Yi5jb20iLCJob3RlbHMuIiwiaG90d2lyZS5jb20iLCJrYXlhay4iLCJsYXN0bWludXRlLmNvbSIsIm1ha2VteXRyaXAuIiwibWFycmlvdHQuY29tIiwib3JiaXR6LiIsIm90ZWwuY29tIiwicHJpY2VsaW5lLiIsInJvb21rZXkuIiwic291dGh3ZXN0LiIsInNwbGVuZGlhLmNvbSIsInRyYXZlbG9jaXR5LmNvbSIsInRyaXBhZHZpc29yLiIsInVuaXRlZC5jb20iLCJ2ZW5lcmUuIiwidml2YXN0YXkuY29tIl19XX0seyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNzc3NDk0ZjgtMGMxMC00MWUwLTg3OGEtY2IxMmM5YjZlOGI5IiwiZG9tYWlucyI6WyIqIl0sImRvbWFpbnNFeGNlcHRpb24iOlsiYWdvZGEuIiwiYm9va2luZy4iLCJib29raXQuY29tIiwiZXhwZWRpYS4iLCJob3RlbGNsdWIuY29tIiwiaG90ZWxzLiIsImhvdHdpcmUuY29tIiwia2F5YWsuIiwibGFzdG1pbnV0ZS5jb20iLCJtYWtlbXl0cmlwLiIsIm1hcnJpb3R0LmNvbSIsIm9yYml0ei4iLCJvdGVsLmNvbSIsInByaWNlbGluZS4iLCJyb29ta2V5LiIsInNvdXRod2VzdC4iLCJzcGxlbmRpYS5jb20iLCJ0cmF2ZWxvY2l0eS5jb20iLCJ0cmlwYWR2aXNvci4iLCJ1bml0ZWQuY29tIiwidmVuZXJlLiIsInZpdmFzdGF5LmNvbSJdfV19LHsiaWQiOiJXaW5kb3dTaG9wcGVyIiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNzQyY2QyM2EtODBhZC00OTI4LTk0MzctYWJlZDI4NWM1YjA1IiwiZG9tYWlucyI6WyIqIl0sImRvbWFpbnNFeGNlcHRpb24iOlsiYWdvZGEuIiwiYm9va2luZy4iLCJib29raXQuY29tIiwiZXhwZWRpYS4iLCJob3RlbGNsdWIuY29tIiwiaG90ZWxzLiIsImhvdHdpcmUuY29tIiwia2F5YWsuIiwibGFzdG1pbnV0ZS5jb20iLCJtYWtlbXl0cmlwLiIsIm1hcnJpb3R0LmNvbSIsIm9yYml0ei4iLCJvdGVsLmNvbSIsInByaWNlbGluZS4iLCJyb29ta2V5LiIsInNvdXRod2VzdC4iLCJzcGxlbmRpYS5jb20iLCJ0cmF2ZWxvY2l0eS5jb20iLCJ0cmlwYWR2aXNvci4iLCJ1bml0ZWQuY29tIiwidmVuZXJlLiIsInZpdmFzdGF5LmNvbSJdfV19XSwiU3RhdHVzIjoic3VjY2VlZGVkIiwibGFzdFVwZGF0ZVRpbWUiOjEzNzkyMzAwMjY0NDV9");
user_pref("CT2851647.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
user_pref("CT2851647.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
user_pref("CT2851647.mam_gk_first_time.enc", "MQ==");
user_pref("CT2851647.mam_gk_lastLoginTime.enc", "MTM3OTIzMDAyNzM5Mg==");
user_pref("CT2851647.mam_gk_localization.enc", "eyJnYWRnZ), Ersetzt,[5e1b6dd6107ab18560b043dcbc4ac838]
PUP.Optional.Conduit.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2851647.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=");), Ersetzt,[0e6b3d06d6b4a98d74e53ee16a9c3fc1]
PUP.Optional.Conduit.A, C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\prefs.js, Gut: (), Schlecht: (user_pref("CT2851647.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN22191471511795158&SSPV=&Lay=1&UM=UM_ID\"}");), Ersetzt,[d4a5fa49bbcf43f38ed9e53ae026b050]

Physische Sektoren: 0
(Keine schädliche Elemente gefunden)


(end)

AdwCleaner Logfile

Code:

ATTFilter

# AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 12:32:41
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sabrina - SABRINA-PC
# Gestarted von : C:\Users\Sabrina\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\registry mechanic
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Sabrina\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\Extensions\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Datei Gelöscht : C:\Users\Sabrina\daemonprocess.txt
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\522d6deb33aed48
Schlüssel Gelöscht : HKLM\SOFTWARE\522d6deb33aed48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{40857FC5-45C1-42F4-A2BB-46C2B5C0CB6A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{900363C7-69F3-4D67-9B73-12C814D136DB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\SafetyNut
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v37.0.2 (x86 de)

[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"21°C\",\"temperatureClear\":\"21°C\",\"highTemperature\":\"21°C\",\"lowTemperature\":\"16°C\",\"feelsLike\":\"21°C\",[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.embeddedsData", "[{\"appId\":\"129351532245275780\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.perfectgirls.xxx%2F267849%2FSch__be_Br__nette_begl__ckt_ihren_Masseur\",\"EB_MAIN_FRAME_TITLE\":\"Sch%C3%B6be%20[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.originalSearchAddressUrl", "hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=136488667&q=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE\"}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.CTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.Uninstall", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.homepage", true);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyGEhP39g&&i=26&search=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.4ff0a8d3cecd3.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.cntry", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.dfltLng", "EN");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.did", "10650");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.hdrMd5", "C508C0462A89325E8151E3309F07503F");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.hmpg", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.id", "948776190000000000004c809318d2a7");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.instlDay", "15522");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.instlRef", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:45");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.newTab", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.ppd", "21%5F4");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.productid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.sg", "none");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGEhP39g&loc=IB_TB&i=26&search=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.upn2", "6OyGEhP39g");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.upn2n", "92261681972009538");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:45");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.did", "10650");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.id", "948776190000000000004c809318d2a7");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15522");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ppd", "21%5F4");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGEhP39g&loc=IB_TB&i=26&search=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyGEhP39g");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261681972009538");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:45");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"4ff0a8d3cec26@4ff0a8d3cec5f.info\":{\"d\":\"C:\\\\Users\\\\Sabrina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e0r3h4wu.default\\\\[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.firstlaunch", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.guid", "%7BDDDEB7C8-BC42-6BFD-8A79-19EC735E605A%7D");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.hiddenvisual", 0);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar10", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar2", "%12%10%15%17%1B%1B%15%15%14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar3", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar4", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar5", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar6", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar7", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar8", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar9", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var1", "62");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var10", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var2", "136488667");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var3", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var4", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var5", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var6", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var7", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var8", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var9", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic_installed_version", "1.0.20");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&CU[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.machineId", "/BFWJPJBQLZFSGMUQ5CXJKSFEKM9VDKWUIZ4Y9TUZS5BGAED7CPWGMXAPH9LJLO4T81XHRTMQ+SNJFZQ3HXSMW");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.sweetim.com/search.asp?barid={6EEBE0AD-EF48-4988-A41D-B41C598019D0}&src=2&crg=3.1010000&q=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={6EEBE0AD-EF48-4988-A41D-B41C598019D0}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13/8641351410243054");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13/#old_value8641354427838157");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN22191471511795158&SSPV=EB_SSPV&Lay=1&UM=/[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN22191471511795158&SSPV=EB_SSPV&Lay=1&UM[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]

-\\ Google Chrome v43.0.2357.81


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [24550 Bytes] - [30/05/2015 12:26:12]
AdwCleaner[S0].txt - [23839 Bytes] - [30/05/2015 12:32:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23899  Bytes] ##########

AdwCleaner Logfile

Code:

ATTFilter

# AdwCleaner v4.205 - Bericht erstellt 30/05/2015 um 12:32:41
# Aktualisiert 21/05/2015 von Xplode
# Datenbank : 2015-05-25.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Sabrina - SABRINA-PC
# Gestarted von : C:\Users\Sabrina\Downloads\AdwCleaner_4.205.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\ProgramData\SweetIM
Ordner Gelöscht : C:\ProgramData\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Sabrina\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Sabrina\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\registry mechanic
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Sabrina\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\Extensions\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}
Datei Gelöscht : C:\Users\Sabrina\daemonprocess.txt
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\user.js

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKCU\Software\522d6deb33aed48
Schlüssel Gelöscht : HKLM\SOFTWARE\522d6deb33aed48
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\OldSearch
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{40857FC5-45C1-42F4-A2BB-46C2B5C0CB6A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{900363C7-69F3-4D67-9B73-12C814D136DB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
Schlüssel Gelöscht : HKCU\Software\APN DTX
Schlüssel Gelöscht : HKCU\Software\Bitberry
Schlüssel Gelöscht : HKCU\Software\ChatZum Toolbar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\ChatZum Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\ImInstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\SafetyNut
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6EF34C0188ECFA43B48A4BE9C00748E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17801

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v37.0.2 (x86 de)

[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"21°C\",\"temperatureClear\":\"21°C\",\"highTemperature\":\"21°C\",\"lowTemperature\":\"16°C\",\"feelsLike\":\"21°C\",[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.embeddedsData", "[{\"appId\":\"129351532245275780\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.perfectgirls.xxx%2F267849%2FSch__be_Br__nette_begl__ckt_ihren_Masseur\",\"EB_MAIN_FRAME_TITLE\":\"Sch%C3%B6be%20[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.originalSearchAddressUrl", "hxxp://search.chatzum.com/?orig=DS&affid=62&cztbid=136488667&q=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarDE.OurToolbar.com//xpi\"}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_DE\"}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.CTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.Uninstall", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.homepage", true);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("CT2851647.smartbar.toolbarName", "uTorrentBar_DE ");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyGEhP39g&&i=26&search=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.4ff0a8d3cecd3.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.aflt", "orgnl");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.cntry", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.dfltLng", "EN");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.dfltSrch", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.did", "10650");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.excTlbr", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.hdrMd5", "C508C0462A89325E8151E3309F07503F");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.hmpg", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.id", "948776190000000000004c809318d2a7");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.installerproductid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.instlDay", "15522");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.instlRef", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.isDcmntCmplt", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:55:45");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.newTab", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.noFFXTlbr", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.ppd", "21%5F4");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.prdct", "incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.productid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.sg", "none");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.smplGrp", "none");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.tlbrId", "base");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGEhP39g&loc=IB_TB&i=26&search=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.upn2", "6OyGEhP39g");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.upn2n", "92261681972009538");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1421:55:45");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.did", "10650");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.id", "948776190000000000004c809318d2a7");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15522");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.ppd", "21%5F4");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGEhP39g&loc=IB_TB&i=26&search=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyGEhP39g");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261681972009538");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:55:45");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"4ff0a8d3cec26@4ff0a8d3cec5f.info\":{\"d\":\"C:\\\\Users\\\\Sabrina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\e0r3h4wu.default\\\\[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.firstlaunch", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.guid", "%7BDDDEB7C8-BC42-6BFD-8A79-19EC735E605A%7D");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.hiddenvisual", 0);
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar1", "%15%11");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar10", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar2", "%12%10%15%17%1B%1B%15%15%14");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar3", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar4", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar5", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar6", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar7", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar8", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.SVar9", "%13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var1", "62");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var10", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var2", "136488667");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var3", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var4", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var5", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var6", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var7", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var8", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic.variables.Var9", "0");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("id_chatzum_softonic_installed_version", "1.0.20");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartBar.searchInNewTabOwner", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=2&CU[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2851647");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.machineId", "/BFWJPJBQLZFSGMUQ5CXJKSFEKM9VDKWUIZ4Y9TUZS5BGAED7CPWGMXAPH9LJLO4T81XHRTMQ+SNJFZQ3HXSMW");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.sweetim.com/search.asp?barid={6EEBE0AD-EF48-4988-A41D-B41C598019D0}&src=2&crg=3.1010000&q=");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*.*.facebook.com/.*.*.google.com/.*.*.google.co.in/.*.*.google.com.br/.*.*.google.es/.*.*.youtube.com/.*.*.yahoo.com/.*.[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*.*.bing..*.*.live..*.*.msn..*.*.yahoo..*.*.youtube.com.*.*ask.com.*.*.sweetim.com.*");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={6EEBE0AD-EF48-4988-A41D-B41C598019D0}");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13/8641351410243054");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://search.conduit.com/?ctid=CT2851647&SearchSource=13/#old_value8641354427838157");
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLBbabsrc=toolbarbabsrc=tb_ssinvocationType=tb50-ie-aolsoftonic-tbsbox-en-usinvocationType=tb50-ff-aolsoftonic[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN22191471511795158&SSPV=EB_SSPV&Lay=1&UM=/[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://search.conduit.com/?ctid=CT2851647&octid=CT2851647&SearchSource=15&CUI=UN22191471511795158&SSPV=EB_SSPV&Lay=1&UM[...]
[e0r3h4wu.default\prefs.js] - Zeile Gelöscht : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]

-\\ Google Chrome v43.0.2357.81


-\\ Opera v29.0.1795.60


*************************

AdwCleaner[R0].txt - [24550 Bytes] - [30/05/2015 12:26:12]
AdwCleaner[S0].txt - [23839 Bytes] - [30/05/2015 12:32:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23899  Bytes] ##########

Blanca · 30.05.2015, 17:59

JRT.txt

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Sabrina on 30.05.2015 at 12:39:50,16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\mozilla firefox\firefox.cfg
Successfully deleted: [File] C:\Windows\syswow64\shoF74F.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{02AB844A-AC6D-4307-A9C4-0E4CEF06216B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{03EFC249-2890-45EE-BFE6-F8A821484EF9}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{054E6A2B-D374-4139-A7D7-BD46EDC4A593}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{06C9B20A-33B0-46C6-AECF-FDAF51636456}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{08049F2F-4BD1-443A-9BD3-190DAC55D62F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{09681A52-6D77-460F-ACC8-78A59F456895}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{0A27A3B1-54C5-430A-8519-149F9CE2EF15}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{0AA8F684-661A-442F-A207-1DF25165D042}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{0B3BCBF6-FF7D-4FBB-956E-74E9D15060EE}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{0DBCB5AA-4784-4109-A27B-D470414D5CF2}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{0F65772B-2357-43B6-86B2-31281B23A715}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{1135A943-2A34-4A96-89EF-21FE908A8096}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{11B68B87-E0F2-47DD-8120-37DCCFFC9481}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{144A1167-463E-4CFF-A33A-036EE4FDE528}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{16E6C779-78DD-401D-839B-589ABA3BB469}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{19E79E8D-68D8-42A1-BC54-CEF8A9038988}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{1A922CA2-200F-4C34-B975-DE4C29427690}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{1BE10404-5E2E-4EFE-A8E5-D2E9FEA07C96}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{1E93788B-E9A9-4AC0-806E-7308A48B6910}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{1EE0275F-46C2-43FE-A481-E53E2056A581}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{20D2A3F8-7074-46A8-A2D4-86E257A09C34}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2119F044-4FB7-4725-A2C0-F645D3C5A93B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2176C533-90C0-4C59-99B0-0308F0269277}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{219CC62C-9409-45C5-A49D-F3E5B34944D2}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{222A0B15-4C07-488A-8D7C-CF4CA6D3F8CE}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{22FC2CE8-692C-4CA4-A791-BFB4F7CA966F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{23C06C82-CB95-4782-A4EA-10867B759680}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{23F24A77-C4BA-40BE-A0EB-0FBB400585C6}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{26134207-EA19-4B12-9408-33E8602B6006}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{26825D6D-A629-4952-86B7-76A798345A8C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2721B268-046B-40FE-A8CF-D6DE683BA778}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{29F8DC28-9014-48E6-A7FB-09A5253D0816}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2A37C681-690A-4955-BA86-81A684B023CE}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2C9A8683-A559-4161-8512-DCBE14F7B530}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2E78F4CB-5FFD-4BA9-B7B0-AC9E0D38D041}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2E7CD6F8-8DF9-410A-BC51-DDEE5DFE2B3A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2EBED6B7-68DB-4631-976F-2F400490FB34}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{2F36FFE3-4793-488A-B534-92C930388C76}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{32CF3207-FCCE-49BB-BA0E-CE6F4E500796}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{331195DE-DB09-466A-9370-DC4660346A43}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{38C7C66E-D339-4A07-8D3D-0C649756CD14}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3A1AA690-429B-4E6C-AC77-EEAE0AAD828A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3A82082D-F491-430E-B114-A136735BA413}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3BBCBDB8-1D23-453C-B94E-86CD7C89F780}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3BC60396-8661-43A1-8CAD-CA6AF5A951F7}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3C9B1F3E-CDBA-492B-9D7C-BA832728DC27}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3D8452FE-0F52-4D03-AA51-72E3DDFF0DB4}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3DEFADDF-A1AC-4602-B7F8-09D8E8C0290C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{3EA08E3F-CE30-4C89-B4D5-8E2BD768701D}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{41333679-F0FC-449E-A172-5FA8B65D213E}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{46235074-DF88-4BA5-A025-0823A4DEB284}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{4694C234-43BE-4173-BE50-979B8D53AACC}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{4A6746AD-8F26-46A8-A492-26405B0F80F0}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{4CCAB97D-E440-41D0-B1B9-0581845D02B8}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{4D38E74D-BD2B-4F01-A4CC-6F81958A4923}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{4FE19C78-842C-452E-8473-194737EF7436}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{514FD5A2-7DED-4C22-84F5-B1CAD08384E8}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{52D40F40-6594-4939-A3CD-EF677F00EC82}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{53B9AAEA-6711-4C0C-9B94-B0A38F533C7B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{53D9B358-9187-4458-B00D-B56E84BD3943}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{540612A3-B295-4227-A71C-7B7B5B4CA622}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5413A498-9380-4516-AB09-3923B9B01311}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{544DAD40-5364-44C0-A017-C8220A1009D5}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{554731E0-757F-4B9C-9A54-BA2065AAE722}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{55F45BB3-8678-4B27-8821-1DD244993AD6}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{56824213-EFF0-4FA0-BEB7-3910819CA994}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{572C8E24-76D0-428D-9689-49FBF03C527A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{579F89D0-A22B-4156-874B-8A030DD8ABC7}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5882B838-3A80-4B1C-B9DB-CE55492BFA47}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{58923928-26A5-47B0-9FBC-2AD528F60DBA}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{59163032-26C6-4987-89D1-00E614C98155}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5A6245E4-92D3-4CFD-A78D-112BA30BFD5E}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5C25849E-BE9F-4E88-98EC-DD5A926A0A38}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5CA4A415-CF8B-4C07-A138-36F0A0199A55}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5E13B122-AB5E-4B95-9B6F-5CC08133DB7E}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{5E76E90C-4710-4EA2-B004-C4009138B52D}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{6379AACC-97E1-415A-BF13-CC8238A8D7F9}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{6710CD5C-007D-45AB-A1DD-C9CB60495967}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{6860557A-8B62-40E2-8FD7-FE115D1537E4}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{68B71D7A-8138-42C9-9C4E-9F78B644E982}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{6B49689F-5F87-402D-8ECE-6417793BEDBD}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{6B5679F7-BEE1-4663-849F-D9E8944C35A1}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{6D94E24D-14F4-4FFE-AA75-B04C16BA2603}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{706DCF86-3276-44D7-89D3-573AC95EC5D1}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{70B1E40E-6F93-4340-9363-090CC0A293EF}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7176C75E-2C1C-4FD0-A8B7-671903A4849F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{718AC2A6-E4EA-4D4F-A528-5EF126398094}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{71EBF5D6-AAA4-4EC3-9BFC-F4EC80F08CC2}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{722FA2AC-5184-4E02-AE55-60CEA8A45E11}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7243DCA5-B1C4-4F9D-90AF-82EEFA9B588A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{756CCC7B-0D86-462F-9EEB-7AA6CA65F289}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{76F503A4-068A-4E2B-8386-03FC8FF78802}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7794DDEE-D2CE-4645-9B4C-890719C70C45}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7BFA4DC2-F317-47D2-9B8D-1C89A0EB48F1}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7C9E3AAD-57C6-4971-9A1C-39E1011A1766}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7D35758B-0979-4953-8D75-B5CA7A46C063}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7DAAB3BF-B3F0-47EB-BCA5-CC51213CB9C9}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{7E588453-9DC6-4BF6-9ED0-62F412BA36A2}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{82111E80-CF8C-4041-BF53-F600243A90CD}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{825E750A-C091-404B-8D2B-4F9331E12C2F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{82645008-FC26-43E7-B9AC-AEF0376C19F5}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{82BC5A64-1C97-4A27-A804-5AE8B3E878C6}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{83BF8C57-DE67-4BB2-9B83-F0996F8DFA5C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{83DF01A6-DBE9-4C25-8AB3-EDDA5D5938CE}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{89D42F8B-C456-4FDC-AC91-F5AC32E2271D}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{8A763F58-CC4D-4B87-8BDC-0871C6D1FB1C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{8D49EBA0-B869-497A-81BD-C4649005F864}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{8DAF9288-85C7-4F15-8303-963EE12AF7F1}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{8E4987D4-D3B7-4974-B3A5-46E8F027BC95}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{8EEC25B8-5F31-48F1-8616-C40BFB3589BC}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{8F33D203-8C34-46C0-9244-DD16184AFA4F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{905DCD04-DF4D-4276-9EDC-FDDD0484171B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{92E7097F-A02C-44E8-ADFD-2240C13F0C96}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{92F67D9C-C6FE-44AE-8159-AC21783DEEF8}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{93F1796E-D7FC-4DD2-AAF3-CF81AB359E64}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{95C0DC87-D1D5-4285-89D6-554B0396ED4D}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{98CBBAAF-1498-4743-905E-290380ADA760}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{98EA5844-AF75-46C0-A9F8-FE02109FFC02}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{98F166DB-FD7D-4C98-9F40-4ADFD3F30868}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{99C07FE0-433A-466A-8792-397897E42F65}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{9B2AFBDC-266F-4A52-982C-6145734A997C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{9DF84A8B-DDEF-46B3-AB95-AB9DF4456B4C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{9E4AC72C-37BA-498A-881C-36337014645C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{9EFBE0EB-A753-4B8B-AEDD-9F0A07BB9207}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{9F6F916A-F45E-4DD4-A346-1C6D4B0BF020}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A1AFA6E7-2C5C-4474-A0EE-66FF288134D6}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A1D0589C-281B-430A-AB4A-DAEFB2068B40}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A1EA8C07-5156-4906-AA0F-1EF27273EEFB}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A276DC51-2047-4DE7-A1B9-1B37824E1C07}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A511EE65-CE61-4224-B29D-F7A72E9CC5A7}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A5591C69-6605-406F-9C2A-42F49E26ECEB}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A629E66D-2E0F-462B-B2CC-A662A415A41C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{A8956D08-21D4-4457-93FA-6B3BB88C6DBB}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{ACF776F1-1524-4592-8B1E-D13A7362258B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{AE4883FD-0643-4D99-9265-26F307A93BAB}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B10A3023-7CB0-4980-9EF6-20C152B3A509}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B18E2E1B-2009-45B4-A57A-E81F9B60A732}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B21F968A-C05F-49DA-BEEC-95D81EF9950B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B2FD9035-1EA8-45C9-B4FF-A47B34F2642B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B6D6D5A1-2726-4CA2-B0E7-8E2EFCAE5200}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B7B754E6-FA79-4626-A497-1B817382D053}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B83CCE18-A24B-428B-83A6-2C439D584B45}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B896CBAF-D75D-4AD3-B3A9-65645AEB4501}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B8AA7F70-FFD7-44CA-8948-4D6AE40DAE41}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{B9BFBC03-61E4-4644-8154-08441E0CBC1F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{BC483350-E18C-450B-A6C3-8AF235358CAB}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{BCE0B9D9-5864-4253-8C6E-9902F19D9A12}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{BEE02175-38C5-4887-9343-3FC57E81CCD7}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{BF20BEBF-8D3D-45DE-BB9B-FB9BDE0002D6}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C012198A-FF35-4912-98A9-D8C8C6188062}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C10FB227-6702-4430-A192-3E4B17CA15FA}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C115FF1B-3EAE-4EF1-AD82-4A82E996F923}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C211140A-F0F0-45FC-9AAB-C454C7908C82}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C242515C-D8D7-4637-90E7-D3A76DEAD387}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C327A76B-5925-4C37-B6DF-7D9428192FF8}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C47C3CF7-02DB-4BA5-99AE-4E253AB396F1}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C4847FD8-431B-4177-A699-B053589BF855}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C5136CC8-03DE-4F68-895E-285BF0CC661C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C57119CF-7777-483F-B52C-2ABC4331EF1B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C5BDE686-DCD3-48CF-8FA4-17FFE0C75191}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C7E1D633-E55D-43C5-81C6-2BAE237A3167}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{C8A13CD3-2935-4988-987C-03F20E9C9619}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{CD7BB232-2B75-4925-8D1B-D93DF5CE863D}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{CD8A5BF1-5EFB-4E4B-8533-03986C1D71B1}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{CF03F945-8B9B-45E1-B725-C412F6F4B213}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D0669181-3F0E-4B30-99B7-75E4E41C2AC6}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D16BFCB8-AA6E-42D8-B162-DC329264732A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D2D6D08E-F990-42C1-8A2B-699DDDC6FE60}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D39C80F3-F29F-4053-8A43-5DCEFFB4A4B8}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D45CC4E9-1336-4B3B-A8CF-A0CED4980F39}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D6054C49-751E-4512-805B-F803135D70CD}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{D7055FE3-3834-4A01-9B5C-CF07384948C2}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{DC7D0913-ADE1-4735-97B5-1A47EF8D87DB}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{DCDE12AF-604B-4CF1-8C0C-06A9F48FA2FD}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E09CFDFE-1525-4982-8091-9B725A4216E7}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E156106F-0A77-4472-9EA2-8C8BE98E0A30}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E1C02756-FB93-48D9-9ED2-BF02FB861EEA}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E3AED532-3286-4E60-AF87-888154F55EF5}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E4A9B97C-8D88-4FAC-9D4C-04D4CA198F04}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E533C699-576A-4FF4-9D6B-C3B0CDEB265E}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E6C2CC80-1DE9-4C5D-8C0B-EAC578FDA377}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{E956438E-BC60-4570-9241-05D4A6FF131C}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{EA63EE06-F456-475B-8142-D1B5791CBC4B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{EC2C05C8-A75B-4835-A1AF-7C349987DF92}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{EC32F081-E056-4AFF-8DAA-B79DE574928A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{ECF2A45E-023B-4B9A-84C7-AA1E5CF710B9}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{ED4E440F-1D69-4FD7-81F7-55DA04C94DB7}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{EECBC754-501B-4247-BE3A-E7C99C52C9A0}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F03A74F7-BE0D-4AEA-9A23-7649DAF5DE84}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F1ACDCCC-A027-468A-B572-EFC679B2EF49}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F2182D7D-F9CE-464D-A767-116664E54A22}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F3A12A39-6151-4C0E-94EA-12BEBBA3CC75}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F51770DF-FD2B-49AA-A9C8-46E07628FD6B}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F5B300E5-DD18-4CAE-80E8-0EFBFDE1120F}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F6D80AAA-B9A8-46BA-B424-258DCDBCB6BF}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F84CD993-E115-40A5-9F24-1AE105485AB3}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{F87F4E91-4A53-4E83-B104-8C7A26121677}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FAD2B43E-DB63-48C8-A797-C487F7FFC056}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FAE5AA27-3E06-481A-8C23-C4086756E2F3}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FD3475DF-AB02-4B76-BDE5-A4A40A259F2E}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FD62865C-647A-40FA-B6C7-6CDB58A729B5}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FE2364AE-506B-4BB8-A445-E29B6676AE7A}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FE65E5C3-B91D-4E8D-922E-078B6D3EEF58}
Successfully deleted: [Empty Folder] C:\Users\Sabrina\appdata\local\{FFA69CBD-63E1-4B9B-8D88-5EBC3004301D}
Successfully deleted: [Folder] C:\ProgramData\optimizerpro
Successfully deleted: [Folder] C:\Users\Sabrina\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\Sabrina\appdata\locallow\bcool



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\e0r3h4wu.default\smartbar
Successfully deleted the following from C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\e0r3h4wu.default\prefs.js

user_pref(CT2851647.1000234.TWC_TMP_city, ASUNCION);
user_pref(CT2851647.1000234.TWC_TMP_country, PY);
user_pref(CT2851647.1000234.TWC_locId, PAXX0001);
user_pref(CT2851647.1000234.TWC_location, Asuncion, Paraguay);
user_pref(CT2851647.1000234.TWC_region, OT);
user_pref(CT2851647.1000234.TWC_temp_dis, c);
user_pref(CT2851647.1000234.TWC_wind_dis, kmh);
user_pref(CT2851647.CBOpenMAMSettings.enc, MA==);
user_pref(CT2851647.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2851647.FirstTime, true);
user_pref(CT2851647.FirstTimeFF3, true);
user_pref(CT2851647.LoginRevertSettingsEnabled, true);
user_pref(CT2851647.PG_ENABLE, ZmFsc2U=);
user_pref(CT2851647.PG_ENABLE.enc, ZEhKMVpRPT0=);
user_pref(CT2851647.PairingKey.enc, MjdBODVBMkUyMDVDQjVBRDI1Mzc2QkE5M0JDQzBDRjY1Q0E2NUM5Mw==);
user_pref(CT2851647.RevertSettingsEnabled, true);
user_pref(CT2851647.SF_JUST_INSTALLED.enc, RkFMU0U=);
user_pref(CT2851647.SF_STATUS.enc, RU5BQkxFRA==);
user_pref(CT2851647.SF_USER_ID.enc, Y2lkXzE1NzIwMTMxMDMxMTM4OTA4NDg=);
user_pref(CT2851647.UserID, UN22191471511795158);
user_pref(CT2851647.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2851647.autoDisableScopes, 0);
user_pref(CT2851647.browser.search.defaultthis.engineName, true);
user_pref(CT2851647.cb_experience_000.enc, MTU=);
user_pref(CT2851647.cb_firstuse0100.enc, MQ==);
user_pref(CT2851647.cb_user_id_000.enc, Q0IzMjcyODk4OTU5NzVfMTM2Mzc5NTg0OTk2M19GaXJlZm94);
user_pref(CT2851647.cbcountry_001.enc, UFk=);
user_pref(CT2851647.cbfirsttime.enc, TW9uIFNlcCAxNyAyMDEyIDE3OjUzOjE3IEdNVCswMjAw);
user_pref(CT2851647.countryCode, PY);
user_pref(CT2851647.mam_gk_mamEnabled.enc, ZmFsc2U=);
user_pref(CT2851647.mam_gk_pgUnloadedOnce.enc, dHJ1ZQ==);
user_pref(CT2851647.mam_gk_settings1.10.2.5.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT2851647.mam_gk_settings1.10.4.0.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjo
user_pref(CT2851647.mam_gk_settings1.4.3.2.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmll
user_pref(CT2851647.mam_gk_settings1.4.4.6.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJp
user_pref(CT2851647.mam_gk_settings1.6.0.1.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJp
user_pref(CT2851647.mam_gk_settings1.8.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNTRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT2851647.mam_gk_settings1.9.0.4.enc, eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoi
user_pref(CT2851647.mam_gk_showCloseButton.enc, dHJ1ZQ==);
user_pref(CT2851647.mam_gk_showWelcomeGadget.enc, ZmFsc2U=);
user_pref(CT2851647.mam_gk_userId.enc, YTdjODk5NDEtMDNjNy00ZWI2LTg1NDItODhkNWY5ZjY3ODA1);
user_pref(CT2851647.mam_gk_user_approval_interacted.enc, MQ==);
user_pref(CT2851647.mam_gk_user_apps_selection.enc, );
user_pref(CT2851647.mam_gk_welcomeDialogMode.enc, MQ==);
user_pref(CT2851647.migrateAppsAndComponents, true);
user_pref(CT2851647.openThankYouPage, true);
user_pref(CT2851647.openUninstallPage, FALSE);
user_pref(CT2851647.originalHomepage, about:home);
user_pref(CT2851647.price-gong.isManagedApp, true);
user_pref(CT2851647.scriptSource.enc, aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv);
user_pref(CT2851647.search.searchAppId, 129351532245275780);
user_pref(CT2851647.search.searchCount, 0);
user_pref(CT2851647.searchInNewTabEnabledByUser, true);
user_pref(CT2851647.searchInNewTabEnabledInHidden, true);
user_pref(CT2851647.searchSuggestEnabledByUser, true);
user_pref(CT2851647.searchUserMode, UM_ID);
user_pref(CT2851647.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2851647.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2851647.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2851647.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2851647\});
user_pref(CT2851647.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2851647.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2851647.serviceLayer_services_Configuration_lastUpdate, 1379230138989);
user_pref(CT2851647.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1378692984851);
user_pref(CT2851647.serviceLayer_services_appTracking_lastUpdate, 1357033936028);
user_pref(CT2851647.serviceLayer_services_appsMetadata_lastUpdate, 1379230030726);
user_pref(CT2851647.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1378054185454);
user_pref(CT2851647.serviceLayer_services_location_lastUpdate, 1373897082169);
user_pref(CT2851647.serviceLayer_services_login_10.10.27.6_lastUpdate, 1353464743813);
user_pref(CT2851647.serviceLayer_services_login_10.13.40.15_lastUpdate, 1362087206279);
user_pref(CT2851647.serviceLayer_services_login_10.14.370.524_lastUpdate, 1364441265927);
user_pref(CT2851647.serviceLayer_services_login_10.14.65.43_lastUpdate, 1373897081750);
user_pref(CT2851647.serviceLayer_services_login_10.15.0.562_lastUpdate, 1367462875525);
user_pref(CT2851647.serviceLayer_services_login_10.16.2.509_lastUpdate, 1372954330059);
user_pref(CT2851647.serviceLayer_services_login_10.16.4.519_lastUpdate, 1375060468008);
user_pref(CT2851647.serviceLayer_services_login_10.16.70.505_lastUpdate, 1379230139283);
user_pref(CT2851647.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1378054185522);
user_pref(CT2851647.serviceLayer_services_searchAPI_lastUpdate, 1379230141753);
user_pref(CT2851647.serviceLayer_services_serviceMap_lastUpdate, 1379230138257);
user_pref(CT2851647.serviceLayer_services_setupAPI_lastUpdate, 1373897082493);
user_pref(CT2851647.serviceLayer_services_toolbarContextMenu_lastUpdate, 1378054185492);
user_pref(CT2851647.serviceLayer_services_toolbarSettings_lastUpdate, 1379230030746);
user_pref(CT2851647.serviceLayer_services_translation_lastUpdate, 1379230142022);
user_pref(CT2851647.settingsINI, true);
user_pref(CT2851647.shouldFirstTimeDialog, false);
user_pref(CT2851647.showToolbarPermission, false);
user_pref(CT2851647.toolbarBornServerTime, 17-9-2012);
user_pref(CT2851647.toolbarCurrentServerTime, 15-9-2013);
user_pref(CT2851647.toolbarLoginClientTime, Wed Mar 20 2013 13:08:54 GMT-0300 (Paraguay Sommerzeit));
user_pref(CT2851647.uTTorrents.enc, eyJidWlsZCI6Mjk2MjUsInRvcnJlbnRzIjpbWyI4QkY4MDAwMUM3RDY0MUQyNzQ5NzVCM0YwOEIzQTcwQzA4OEZFMTcyIiwyMDEsIkhvdy5JLk1ldC5Zb3VyLk1vdGhlci5TMDhF
user_pref(CT2851647.upgradeFromClearSBVersion, true);
user_pref(CT2851647.url_history0001.enc, amF2YXNjcmlwdDo7Ojo6Y2xpY2toYW5kbGVyOjo6MTM3NzcwNTk3MzcyMSwsLGphdmFzY3JpcHQ6Ozo6OmNsaWNraGFuZGxlcjo6OjEzNzc3MDU5NzUxMDksLCxqYXZhc2N
user_pref(CT2851647_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1379230026345,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(extensions.delta.admin, false);
user_pref(extensions.delta.aflt, babsst);
user_pref(extensions.delta.appId, {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3});
user_pref(extensions.delta.autoRvrt, false);
user_pref(extensions.delta.dfltLng, de);
user_pref(extensions.delta.excTlbr, false);
user_pref(extensions.delta.ffxUnstlRst, true);
user_pref(extensions.delta.id, 948776190000000000004c809318d2a7);
user_pref(extensions.delta.instlDay, 15925);
user_pref(extensions.delta.instlRef, sst);
user_pref(extensions.delta.newTab, false);
user_pref(extensions.delta.prdct, delta);
user_pref(extensions.delta.prtnrId, delta);
user_pref(extensions.delta.rvrt, false);
user_pref(extensions.delta.smplGrp, none);
user_pref(extensions.delta.tlbrId, base);
user_pref(extensions.delta.tlbrSrchUrl, );
user_pref(extensions.delta.vrsn, 1.8.22.0);
user_pref(extensions.delta.vrsnTs, 1.8.22.017:38:34);
user_pref(extensions.delta.vrsni, 1.8.22.0);
user_pref(extensions.delta_i.babExt, );
user_pref(extensions.delta_i.babTrack, affID=121564&tt=070813_wt4&tsp=4968);
user_pref(extensions.delta_i.srcExt, ss);
user_pref(sweetim.toolbar.RevertDialog.enable, false);
user_pref(sweetim.toolbar.UserSelectedSaveSettings, true);
user_pref(sweetim.toolbar.Visibility.VisibilityGuardLastUnHide, 0);
user_pref(sweetim.toolbar.Visibility.enable, true);
user_pref(sweetim.toolbar.Visibility.intervaldays, 7);
user_pref(sweetim.toolbar.cargo, 3.1010000);
user_pref(sweetim.toolbar.cda.DisableOveride.enable, true);
user_pref(sweetim.toolbar.cda.HideOveride.enable, true);
user_pref(sweetim.toolbar.cda.RemoveOveride.enable, true);
user_pref(sweetim.toolbar.cda.returnValue, disable);
user_pref(sweetim.toolbar.dialogs.0.enable, true);
user_pref(sweetim.toolbar.dialogs.0.handler, chrome://sim_toolbar_package/content/optionsdialog-handler.js);
user_pref(sweetim.toolbar.dialogs.0.height, 335);
user_pref(sweetim.toolbar.dialogs.0.id, id_options_dialog);
user_pref(sweetim.toolbar.dialogs.0.title, $string.config.label;);
user_pref(sweetim.toolbar.dialogs.0.width, 761);
user_pref(sweetim.toolbar.dialogs.1.enable, true);
user_pref(sweetim.toolbar.dialogs.1.handler, chrome://sim_toolbar_package/content/exampledialog-handler.js);
user_pref(sweetim.toolbar.dialogs.1.height, 300);
user_pref(sweetim.toolbar.dialogs.1.id, id_example_dialog);
user_pref(sweetim.toolbar.dialogs.1.title, Example (unit-test) dialog);
user_pref(sweetim.toolbar.dialogs.1.url, chrome://sim_toolbar_package/content/exampledialog.html);
user_pref(sweetim.toolbar.dialogs.1.width, 500);
user_pref(sweetim.toolbar.dialogs.2.enable, true);
user_pref(sweetim.toolbar.dialogs.2.handler, chrome://sim_toolbar_package/content/cdadialog-handler.js);
user_pref(sweetim.toolbar.dialogs.2.height, 150);
user_pref(sweetim.toolbar.dialogs.2.id, id_dialog_hide_disable_remove);
user_pref(sweetim.toolbar.dialogs.2.title, Option Dialog);
user_pref(sweetim.toolbar.dialogs.2.width, 530);
user_pref(sweetim.toolbar.highlight.colors, #FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0);
user_pref(sweetim.toolbar.keywordUrlGuard.enable, false);
user_pref(sweetim.toolbar.logger.ConsoleHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.logger.FileHandler.FileName, ff-toolbar.log);
user_pref(sweetim.toolbar.logger.FileHandler.MaxFileSize, 200000);
user_pref(sweetim.toolbar.logger.FileHandler.MinReportLevel, 7);
user_pref(sweetim.toolbar.mode.debug, false);
user_pref(sweetim.toolbar.newtab.created, false);
user_pref(sweetim.toolbar.newtab.enable, true);
user_pref(sweetim.toolbar.previous.browser.search.defaultenginename, );
user_pref(sweetim.toolbar.previous.browser.search.selectedEngine, );
user_pref(sweetim.toolbar.previous.browser.startup.homepage, hxxp://web.de/);
user_pref(sweetim.toolbar.previous.keyword.URL, );
user_pref(sweetim.toolbar.scripts.0.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.0.callback, simVerification);
user_pref(sweetim.toolbar.scripts.0.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.0.domain-whitelist, hxxp://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.0.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.0.enable, false);
user_pref(sweetim.toolbar.scripts.0.id, id_script_fb);
user_pref(sweetim.toolbar.scripts.1.addcontextdiv, true);
user_pref(sweetim.toolbar.scripts.1.callback, simVerification);
user_pref(sweetim.toolbar.scripts.1.domain-blacklist, );
user_pref(sweetim.toolbar.scripts.1.domain-whitelist, hxxps://(www.|apps.)?facebook\\.com.*);
user_pref(sweetim.toolbar.scripts.1.elementid, id_script_sim_fb);
user_pref(sweetim.toolbar.scripts.1.enable, false);
user_pref(sweetim.toolbar.scripts.1.id, id_script_fb_hxxpS);
user_pref(sweetim.toolbar.scripts.2.addcontextdiv, false);
user_pref(sweetim.toolbar.scripts.2.callback, );
user_pref(sweetim.toolbar.scripts.2.domain-whitelist, );
user_pref(sweetim.toolbar.scripts.2.elementid, id_predict_include_script);
user_pref(sweetim.toolbar.scripts.2.enable, false);
user_pref(sweetim.toolbar.scripts.2.id, id_script_prad);
user_pref(sweetim.toolbar.scripts.2.url, hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1);
user_pref(sweetim.toolbar.search.external, <?xml version=\1.0\?><TOOLBAR><EXTERNAL_SEARCH engine=\hxxp://*google.*\ param=\q=\ /><EXTERNAL_SEARCH engine=\hxxp://sear
user_pref(sweetim.toolbar.search.history, erotik%20pornos);
user_pref(sweetim.toolbar.search.history.capacity, 10);
user_pref(sweetim.toolbar.searchguard.enable, false);
user_pref(sweetim.toolbar.searchguard.initialized_by_rc, true);
user_pref(sweetim.toolbar.simapp_id, {6EEBE0AD-EF48-4988-A41D-B41C598019D0});
user_pref(sweetim.toolbar.version, 1.9.0.0);
Emptied folder: C:\Users\Sabrina\AppData\Roaming\mozilla\firefox\profiles\e0r3h4wu.default\minidumps [98 files]



~~~ Chrome


[C:\Users\Sabrina\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sabrina\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Sabrina\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sabrina\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  ajkgkhepjponelmnplpciplmhagpknbg,
  bkomkajifikmkfnjgphkjcfeepbnojok,
  bopakagnckmlgajfccecajhnimjiiedh,
  dnpmlnedpdikbgdghljdepnljfpkhccn,
  jcdgjdiieiljkfkdcloehkohchhpekkn,
  leocdeigfnkaojcapikdjcdbedcjmffc,
  mkfokfffehpeedafpekjeddnmnjhmcmk
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2015 at 12:45:19,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST logfile

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Sabrina (administrator) on SABRINA-PC on 30-05-2015 12:48:46
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: Sabrina (Available Profiles: UpdatusUser & Sabrina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Run: [uTorrent] => C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31276160 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012-02-16]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-23] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-23] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-07] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-23] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-18] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default
FF NewTab: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_276_bl-sw-22__alt__ddc_dsssyctab_bd_com
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-22__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_276_bl-sw-22__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\ChatZumSearch.xml [2013-05-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-07]
FF HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-11-20]
CHR Extension: (Forge of Empires) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2013-11-20]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-28]
CHR Extension: (uBlock Origin) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-07]
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-16]
CHR Extension: (Planner 5D) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2013-11-20]
CHR Extension: (Bookmark Manager) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Avast Online Security) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-07]
CHR Extension: (IP Address) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2013-11-20]
CHR Extension: (Autodesk Homestyler) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-11-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (AudioSauna) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-11-20]
CHR Extension: (Google Wallet) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Deezer) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2012-07-01]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [fbopaofenjnnjgniaeekjkdjipepnbom] - C:\ProgramData\Bcool\fbopaofenjnnjgniaeekjkdjipepnbom.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

Opera: 
=======
OPR StartupUrls: "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Express Find) - C:\Users\Sabrina\AppData\Roaming\Opera Software\Opera Stable\Extensions\ncnadiaifiaoeoelaipabcacbkgjilmn [2015-05-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-23] (Avast Software)
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
S2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
S2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
S2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-23] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-30] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-23] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 12:45 - 2015-05-30 12:45 - 00037483 _____ () C:\Users\Sabrina\Desktop\JRT.txt
2015-05-30 12:40 - 2015-05-30 12:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SABRINA-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-30 12:39 - 2015-05-30 12:39 - 00000000 ____D () C:\RegBackup
2015-05-30 12:38 - 2015-05-30 12:39 - 02947635 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2015-05-30 12:26 - 2015-05-30 12:32 - 00000000 ____D () C:\AdwCleaner
2015-05-30 12:24 - 2015-05-30 12:25 - 02222592 _____ () C:\Users\Sabrina\Downloads\AdwCleaner_4.205.exe
2015-05-30 12:23 - 2015-05-30 12:23 - 00057847 _____ () C:\Users\Sabrina\Desktop\mab....txt
2015-05-30 12:21 - 2015-05-30 12:21 - 00007593 _____ () C:\Users\Sabrina\Desktop\Malware.txt
2015-05-30 10:58 - 2015-05-30 12:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 10:58 - 2015-05-30 10:58 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-30 10:58 - 2015-05-30 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-30 10:58 - 2015-05-30 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-30 10:58 - 2015-05-30 10:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-30 10:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 10:58 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-30 10:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 10:56 - 2015-05-30 10:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-29 09:08 - 2015-05-29 09:08 - 00036709 _____ () C:\ComboFix.txt
2015-05-29 08:10 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-29 08:10 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-29 08:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-29 08:08 - 2015-05-29 09:08 - 00000000 ____D () C:\Qoobox
2015-05-29 08:08 - 2015-05-29 09:06 - 00000000 ____D () C:\Windows\erdnt
2015-05-29 08:07 - 2015-05-29 08:07 - 05628678 ____R (Swearware) C:\Users\Sabrina\Downloads\ComboFix.exe
2015-05-29 07:38 - 2015-05-29 07:38 - 00001272 _____ () C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk
2015-05-29 07:38 - 2015-05-29 07:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-29 07:37 - 2015-05-29 07:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sabrina\Downloads\revosetup95.exe
2015-05-28 08:41 - 2015-05-28 09:22 - 00070019 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2015-05-28 08:40 - 2015-05-30 12:48 - 00022544 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2015-05-28 08:40 - 2015-05-30 12:48 - 00000000 ____D () C:\FRST
2015-05-28 08:39 - 2015-05-28 08:39 - 02108928 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2015-05-23 08:13 - 2015-05-23 08:15 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-23 08:13 - 2015-05-23 08:15 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-23 08:08 - 2015-05-30 12:34 - 00038592 _____ () C:\Windows\PFRO.log
2015-05-23 08:04 - 2015-05-23 08:04 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-23 08:03 - 2015-05-23 08:03 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-21 10:41 - 2015-05-30 12:34 - 00001413 _____ () C:\Windows\setupact.log
2015-05-21 10:41 - 2015-05-21 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-13 19:10 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:10 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:14 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 07:14 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 07:14 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:14 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:14 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 07:14 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 07:14 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:14 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:14 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 07:14 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:14 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 07:14 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:14 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 07:14 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:14 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:14 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:14 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 07:14 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 07:14 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:14 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 07:14 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 07:14 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 07:14 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:14 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 07:14 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 07:14 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 07:14 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 07:14 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 07:14 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 07:14 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:14 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 07:14 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:14 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 07:14 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 07:14 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 07:14 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 07:14 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 07:14 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 07:14 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 07:14 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:14 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 07:14 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 07:14 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 07:14 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:14 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 07:14 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:14 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 07:14 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 07:14 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 07:14 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 07:14 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:14 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 07:14 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 07:14 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 07:14 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 07:14 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:14 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 07:14 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 07:14 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 07:14 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:27 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:27 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:27 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:27 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:22 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:22 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:22 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:22 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:22 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:22 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:22 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:22 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:22 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:22 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:22 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:22 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:22 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:22 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:22 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:22 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:21 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:21 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:20 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:20 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:20 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:20 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:17 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:17 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:17 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:17 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:17 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 06:12 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:12 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:11 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:11 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:11 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:11 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:11 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:11 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:11 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 01:48 - 2015-05-12 01:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-11 17:33 - 2015-05-11 17:33 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Opera Software
2015-05-07 08:34 - 2015-05-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-30 12:48 - 2009-07-14 00:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-30 12:48 - 2009-07-14 00:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-30 12:40 - 2012-09-16 17:59 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\uTorrent
2015-05-30 12:36 - 2012-02-17 12:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Skype
2015-05-30 12:35 - 2012-02-16 06:38 - 00000000 ____D () C:\Users\Sabrina\Documents\Youcam
2015-05-30 12:35 - 2012-02-16 06:28 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-30 12:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-30 12:33 - 2012-02-16 06:25 - 01415461 _____ () C:\Windows\WindowsUpdate.log
2015-05-30 12:32 - 2012-02-16 06:35 - 00000000 ____D () C:\Users\Sabrina
2015-05-30 12:19 - 2012-06-07 05:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-30 12:02 - 2012-02-16 06:28 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-30 11:16 - 2012-07-01 15:54 - 00000000 ____D () C:\ProgramData\InstallMate
2015-05-30 11:16 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2015-05-30 06:38 - 2013-07-07 12:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-29 12:39 - 2011-11-03 21:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-05-29 12:39 - 2011-11-03 21:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-05-29 12:39 - 2009-07-14 01:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-29 09:08 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-05-29 09:04 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 07:57 - 2013-04-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 07:57 - 2012-10-14 22:00 - 00001634 _____ () C:\Users\Sabrina\AppData\Roaming\MyMicroBalanceConfig.ini
2015-05-23 08:04 - 2014-06-20 05:42 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-23 08:04 - 2014-06-20 05:42 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-23 08:04 - 2013-07-07 13:10 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-23 08:04 - 2013-07-07 13:10 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-23 08:04 - 2013-07-07 12:51 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-23 08:04 - 2013-07-07 12:50 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-23 08:03 - 2013-07-07 12:51 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-23 08:02 - 2013-07-07 12:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-20 18:21 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 18:21 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 18:04 - 2014-07-07 14:49 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 18:04 - 2012-03-10 09:39 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\CrashDumps
2015-05-20 14:02 - 2014-09-15 12:13 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410797561
2015-05-20 14:02 - 2014-09-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 07:17 - 2012-02-17 12:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-18 07:17 - 2012-02-17 12:28 - 00000000 ____D () C:\ProgramData\Skype
2015-05-17 18:11 - 2012-06-21 09:21 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\vlc
2015-05-15 10:57 - 2012-02-16 06:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 10:57 - 2012-02-16 06:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 10:43 - 2014-07-24 18:53 - 00000000 ____D () C:\Users\Sabrina\Desktop\Neuer Ordner (2)
2015-05-14 10:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 09:15 - 2009-07-14 00:45 - 00509568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:12 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:29 - 2013-09-18 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:26 - 2013-07-26 23:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:15 - 2011-11-03 16:34 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:10 - 2013-03-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:09 - 2013-03-13 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:09 - 2013-03-13 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-11 17:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-06 10:00 - 2013-07-07 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-02-21 04:49 - 2014-02-21 04:49 - 49940480 _____ () C:\Program Files (x86)\GUT6068.tmp
2012-10-14 22:00 - 2015-05-27 07:57 - 0001634 _____ () C:\Users\Sabrina\AppData\Roaming\MyMicroBalanceConfig.ini
2013-03-14 16:17 - 2014-10-10 16:32 - 0032768 _____ () C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-21 01:22 - 2014-12-21 01:22 - 0007605 _____ () C:\Users\Sabrina\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabrina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 09:21

==================== End of log ============================

schrauber · 31.05.2015, 13:45

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?

Blanca · 01.06.2015, 22:38

ESET Logfile

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f1c43bd03b7ff4da3080112be0ff55e
# engine=24119
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-01 06:13:23
# local_time=2015-06-01 02:13:23 (-0400, Paraguay Normalzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 0 196670493 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 58275086 184729453 0 0
# scanned=256173
# found=25
# cleaned=0
# scan_time=11531
sh=8F18725F30CEEE19ECF630C1F875F93027BA22AA ft=0 fh=0000000000000000 vn="OSX/ChatZum.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ChatZum Toolbar\Chrome_softonic.zip.vir"
sh=C829A94D3E2D9F3DB0116F32D8C0537AB71B5A4D ft=1 fh=6a890bb36470d890 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\Extensions\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ctypes\FirefoxCtype.dll.vir"
sh=55B090C030EC5CD8D381FDD0B1AE32971FD186C1 ft=1 fh=6b24054f9a6e44df vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\Extensions\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\Plugins\npFirefoxPlugin.dll.vir"
sh=415BDD683CBB86DD335721F749FA959FCCAE53FF ft=1 fh=ae2681a7f2626f2d vn="Win32/BrowseFox.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sabrina\AppData\Roaming\RHEng\130A5FFEF6874FF4903CECA3E7B06C85\setup0318.exe.vir"
sh=2ECFC15C2427538484A944A420E2D4EBB47A2B2C ft=1 fh=16ad298bb9822fb9 vn="Variante von Win32/SweetIM.L evtl. unerwünschte Anwendung" ac=I fn="C:\Config.Msi\2aafa.rbf"
sh=CCEABF90DBB62D33FDE35BE8B423FD255B834786 ft=0 fh=0000000000000000 vn="Win32/PriceGong.B evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PriceGong\2.6.4\PriceGong.crx.vir"
sh=003478816669F9577CE9BD4B8C3B7EC8E86F3138 ft=1 fh=c72e4e65f33bdc9c vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll.vir"
sh=45BE7D6C4E7DF0DFE1AF8BC80D50316B2D253A44 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\8BFC69E8DD3A37F29EFADCCF1B281B980AE6259C"
sh=438D14BF22F121ABD39683AF9EE473D36F9C8877 ft=0 fh=0000000000000000 vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\AB0DFB79E6356BBF3F26E31869A2267644391252"
sh=AD7FDE28E36A7908F34C4686922BC245BDD805BA ft=1 fh=c71c0011b7d4bf09 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\BitZipperSetup.exe"
sh=2DE50229B0B0A12BF5A2C2467711C78300A70598 ft=0 fh=0000000000000000 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\FFSetup3.0.1.zip"
sh=B159AFDADCA9C11007062E85FB12B41CC4985471 ft=1 fh=490c3b42e481ca71 vn="Variante von Win32/Toolbar.SearchSuite.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\iMeshSetup-r1444-n-bc.exe"
sh=42D27DA79F1D9F6C4724A8F39F3C655DCF85A113 ft=1 fh=dcc2e17631e57253 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_dvdplayer.exe"
sh=EC88FDA613268A162532439672B99F334B24FD97 ft=1 fh=ce1f5b30aa51a79a vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_nokia-energy-profiler.exe"
sh=1A557B422A148F9D473107CEB1847DC0C15B6ED2 ft=1 fh=3c2e1d6ae06f2480 vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_shazam.exe"
sh=9871EEC97DF39F38763A267B1C6176AFC32377C8 ft=1 fh=b55f994e4dba70fd vn="Win32/SoftonicDownloader.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_vlingo.exe"
sh=3FD6D6CE36D17D0026C6F4C3E0A85337D8CC57FB ft=1 fh=c71c001165917237 vn="Variante von Win32/InstallCore.BY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\WinRARSetup-11550928.exe"
sh=CA1DD1BED1A7B1F1375A9E48AF4E0685609D8B2F ft=1 fh=f9c7abb69ab91005 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\wz165gev.exe"
sh=AB879ADEF143C98A2B9A0EE8E3E82B1B883146A2 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sabrina\Downloads\Setups und anderes\wz175-64gev.msi"
sh=AB879ADEF143C98A2B9A0EE8E3E82B1B883146A2 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\274012.msi"
sh=BAC58CE1412A5558A9F56C42BA840E75B8AA8473 ft=1 fh=19a9219f78a1d7cf vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]"
sh=53006FA8D5BD24121F82FD2D1E4FBF9B9786AD65 ft=1 fh=de7aae64b102cf0c vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]"
sh=BAC58CE1412A5558A9F56C42BA840E75B8AA8473 ft=1 fh=19a9219f78a1d7cf vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]"
sh=53006FA8D5BD24121F82FD2D1E4FBF9B9786AD65 ft=1 fh=de7aae64b102cf0c vn="Variante von Win64/Toolbar.Perion.D evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]"
sh=A9F6A3299D8E5A8B0F8F18915521C8B3E7C9F864 ft=1 fh=a874d3fc82897e2d vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe"

Security Check

Code:

ATTFilter

 Results of screen317's Security Check version 1.002  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java(TM) 6 Update 29  
 Java 7 Update 25  
 Java version 32-bit out of Date! 
 Adobe Flash Player 17.0.0.169  
 Adobe Reader 10.1.1 Adobe Reader out of Date!  
 Mozilla Firefox 37.0.2 Firefox out of Date!  
 Google Chrome (43.0.2357.65) 
 Google Chrome (43.0.2357.81) 
 Google Chrome (dmlconf.dat..) 
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe 
 AVAST Software Avast ng ngservice.exe 
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

FRST Logfile

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-05-2015 01
Ran by Sabrina (administrator) on SABRINA-PC on 01-06-2015 17:30:04
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: UpdatusUser & Sabrina (Available Profiles: UpdatusUser & Sabrina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\PHotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
() C:\Program Files (x86)\watchmi\TvdService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
() C:\Program Files (x86)\PHotkey\PHotkey.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt.exe
() C:\Program Files (x86)\PHotkey\Atouch64.exe
() C:\Program Files (x86)\PHotkey\MsgTranAgt64.exe
() C:\Program Files (x86)\PHotkey\PVDesktop.exe
() C:\Program Files (x86)\PHotkey\PVDAgent.exe
() C:\Program Files (x86)\PHotkey\POsd.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(BitTorrent Inc.) C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(TODO: <Company name>) C:\Program Files (x86)\PHotkey\HCSynApi.exe
() C:\Program Files (x86)\watchmi\TvdTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Sabrina\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-09-15] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3023600 2013-02-25] (Synaptics Incorporated)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-29] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Run: [uTorrent] => C:\Users\Sabrina\AppData\Roaming\uTorrent\uTorrent.exe [1694560 2015-05-06] (BitTorrent Inc.)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31276160 2015-04-17] (Skype Technologies S.A.)
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\MAHJON~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012-02-16]
ShortcutTarget: watchmi tray.lnk -> C:\Windows\Installer\{409DC300-28AF-468F-9624-1F3309701881}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-23] (Avast Software s.r.o.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4226245786-2324592914-3525141995-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://q.search-simple.com/?affID=bl_5666377f-3912-43a9-b8c1-cc212177d72f
HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-23] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-07] (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-02-07] (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-18] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-23] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-18] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-4226245786-2324592914-3525141995-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default
FF NewTab: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd-tab&type=bg_276_bl-sw-22__alt__ddc_dsssyctab_bd_com
FF DefaultSearchUrl: 
FF SelectedSearchEngine: Yahoo Search!
FF Homepage: hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-22__alt__ddc_dsssyc_bd_com
FF Keyword.URL: hxxp://de.search.yahoo.com/yhs/search?hspart=ddc&hsimp=yhs-ddc_bd&type=bg_276_bl-sw-22__alt__ddc_dss_bd_com&p={searchTerms}
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-07] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2013-02-07] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-20] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Sabrina\AppData\Roaming\Mozilla\Firefox\Profiles\e0r3h4wu.default\searchplugins\ChatZumSearch.xml [2013-05-02]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-07]
FF HKU\S-1-5-21-4226245786-2324592914-3525141995-1001\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome: 
=======
CHR Profile: C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-11-20]
CHR Extension: (Forge of Empires) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\anaphblkfplenhkephgneolhnmjminjg [2013-11-20]
CHR Extension: (YouTube) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-28]
CHR Extension: (uBlock Origin) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2015-05-07]
CHR Extension: (Google Search) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-16]
CHR Extension: (Planner 5D) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjfkgdpkecnmfcgfpfibpcnkeakahllc [2013-11-20]
CHR Extension: (Bookmark Manager) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-23]
CHR Extension: (Avast Online Security) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-07]
CHR Extension: (IP Address) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml [2013-11-20]
CHR Extension: (Autodesk Homestyler) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-11-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-22]
CHR Extension: (AudioSauna) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2013-11-20]
CHR Extension: (Google Wallet) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Deezer) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh [2012-07-01]
CHR Extension: (Gmail) - C:\Users\Sabrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-16]
CHR HKLM-x32\...\Chrome\Extension: [fbopaofenjnnjgniaeekjkdjipepnbom] - C:\ProgramData\Bcool\fbopaofenjnnjgniaeekjkdjipepnbom.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]

Opera: 
=======
OPR StartupUrls: "hxxp://de.search.yahoo.com/?fr=hp-ddc-bd&type=bg_276_bl-sw-20__alt__ddc_dsssyc_bd_com"
OPR Extension: (Express Find) - C:\Users\Sabrina\AppData\Roaming\Opera Software\Opera Stable\Extensions\ncnadiaifiaoeoelaipabcacbkgjilmn [2015-05-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASLDRService; C:\Program Files (x86)\PHotkey\ASLDRSrv.exe [104968 2009-12-18] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-23] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-23] (Avast Software)
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1335360 2011-05-19] (Intel Corporation) [File not signed]
R2 Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [995392 2011-05-19] (Intel Corporation) [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-27] (Microsoft Corporation)
R2 GFNEXSrv; C:\Program Files (x86)\PHotkey\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-09-15] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] ()
R2 watchmi; C:\Program Files (x86)\watchmi\TvdService.exe [70144 2011-10-07] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-23] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-23] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R2 PEGAGFN; C:\Program Files (x86)\PHotkey\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-23] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 17:22 - 2015-06-01 17:23 - 00852639 _____ () C:\Users\Sabrina\Downloads\SecurityCheck.exe
2015-06-01 17:22 - 2015-06-01 17:22 - 00852639 _____ () C:\Users\Sabrina\Downloads\Nicht bestätigt 71252.crdownload
2015-06-01 10:31 - 2015-06-01 10:31 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-01 10:30 - 2015-06-01 10:31 - 02347384 _____ (ESET) C:\Users\Sabrina\Downloads\esetsmartinstaller_deu.exe
2015-06-01 07:02 - 2015-06-01 07:02 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\GWX
2015-05-30 12:45 - 2015-05-30 12:45 - 00037483 _____ () C:\Users\Sabrina\Desktop\JRT.txt
2015-05-30 12:40 - 2015-05-30 12:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SABRINA-PC-Windows-7-Home-Premium-(64-bit).dat
2015-05-30 12:39 - 2015-05-30 12:39 - 00000000 ____D () C:\RegBackup
2015-05-30 12:38 - 2015-05-30 12:39 - 02947635 _____ (Thisisu) C:\Users\Sabrina\Downloads\JRT.exe
2015-05-30 12:26 - 2015-05-30 12:32 - 00000000 ____D () C:\AdwCleaner
2015-05-30 12:24 - 2015-05-30 12:25 - 02222592 _____ () C:\Users\Sabrina\Downloads\AdwCleaner_4.205.exe
2015-05-30 12:23 - 2015-05-30 12:23 - 00057847 _____ () C:\Users\Sabrina\Desktop\mab....txt
2015-05-30 12:21 - 2015-05-30 12:21 - 00007593 _____ () C:\Users\Sabrina\Desktop\Malware.txt
2015-05-30 10:58 - 2015-06-01 16:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-30 10:58 - 2015-05-30 10:58 - 00001110 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-30 10:58 - 2015-05-30 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-05-30 10:58 - 2015-05-30 10:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-30 10:58 - 2015-05-30 10:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-05-30 10:58 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-30 10:58 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-30 10:58 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-30 10:56 - 2015-05-30 10:57 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Sabrina\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-29 09:08 - 2015-05-29 09:08 - 00036709 _____ () C:\ComboFix.txt
2015-05-29 08:10 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-29 08:10 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-29 08:10 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-29 08:10 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-29 08:08 - 2015-05-29 09:08 - 00000000 ____D () C:\Qoobox
2015-05-29 08:08 - 2015-05-29 09:06 - 00000000 ____D () C:\Windows\erdnt
2015-05-29 08:07 - 2015-05-29 08:07 - 05628678 ____R (Swearware) C:\Users\Sabrina\Downloads\ComboFix.exe
2015-05-29 07:38 - 2015-05-29 07:38 - 00001272 _____ () C:\Users\Sabrina\Desktop\Revo Uninstaller.lnk
2015-05-29 07:38 - 2015-05-29 07:38 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-29 07:37 - 2015-05-29 07:37 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Sabrina\Downloads\revosetup95.exe
2015-05-28 08:41 - 2015-05-28 09:22 - 00070019 _____ () C:\Users\Sabrina\Downloads\Addition.txt
2015-05-28 08:40 - 2015-06-01 17:30 - 00026254 _____ () C:\Users\Sabrina\Downloads\FRST.txt
2015-05-28 08:40 - 2015-06-01 17:30 - 00000000 ____D () C:\FRST
2015-05-28 08:39 - 2015-05-28 08:39 - 02108928 _____ (Farbar) C:\Users\Sabrina\Downloads\FRST64.exe
2015-05-23 08:13 - 2015-05-23 08:15 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-23 08:13 - 2015-05-23 08:15 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-23 08:08 - 2015-05-30 12:34 - 00038592 _____ () C:\Windows\PFRO.log
2015-05-23 08:04 - 2015-05-23 08:04 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-23 08:03 - 2015-05-23 08:03 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-21 10:41 - 2015-06-01 06:56 - 00001525 _____ () C:\Windows\setupact.log
2015-05-21 10:41 - 2015-05-21 10:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-13 19:10 - 2015-05-01 09:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 19:10 - 2015-05-01 09:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 07:14 - 2015-04-21 22:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-13 07:14 - 2015-04-21 21:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-13 07:14 - 2015-04-21 13:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-13 07:14 - 2015-04-21 13:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-13 07:14 - 2015-04-21 13:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-13 07:14 - 2015-04-21 12:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-13 07:14 - 2015-04-21 12:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-13 07:14 - 2015-04-21 12:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-13 07:14 - 2015-04-21 12:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-13 07:14 - 2015-04-21 12:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-13 07:14 - 2015-04-21 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-13 07:14 - 2015-04-21 12:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-13 07:14 - 2015-04-21 12:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-13 07:14 - 2015-04-21 12:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-13 07:14 - 2015-04-21 12:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-13 07:14 - 2015-04-21 12:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-13 07:14 - 2015-04-21 12:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-13 07:14 - 2015-04-21 12:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-13 07:14 - 2015-04-21 12:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-13 07:14 - 2015-04-21 12:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-13 07:14 - 2015-04-21 12:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-13 07:14 - 2015-04-21 12:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-13 07:14 - 2015-04-21 12:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-13 07:14 - 2015-04-21 12:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-13 07:14 - 2015-04-21 12:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-13 07:14 - 2015-04-21 12:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-13 07:14 - 2015-04-21 12:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-13 07:14 - 2015-04-21 12:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-13 07:14 - 2015-04-21 12:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-13 07:14 - 2015-04-21 12:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-13 07:14 - 2015-04-21 12:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-13 07:14 - 2015-04-21 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-13 07:14 - 2015-04-21 12:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-13 07:14 - 2015-04-21 12:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-13 07:14 - 2015-04-21 12:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-13 07:14 - 2015-04-21 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-13 07:14 - 2015-04-21 11:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-13 07:14 - 2015-04-21 11:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-13 07:14 - 2015-04-21 11:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-13 07:14 - 2015-04-21 11:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-13 07:14 - 2015-04-21 11:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-13 07:14 - 2015-04-21 11:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-13 07:14 - 2015-04-21 11:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-13 07:14 - 2015-04-21 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-13 07:14 - 2015-04-21 11:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-13 07:14 - 2015-04-21 11:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-13 07:14 - 2015-04-21 11:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-13 07:14 - 2015-04-21 11:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-13 07:14 - 2015-04-21 11:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-13 07:14 - 2015-04-21 11:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-13 07:14 - 2015-04-21 11:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-13 07:14 - 2015-04-21 11:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-13 07:14 - 2015-04-21 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-13 07:14 - 2015-04-21 11:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-13 07:14 - 2015-04-21 11:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-13 07:14 - 2015-04-21 11:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-13 07:14 - 2015-04-21 11:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-13 07:14 - 2015-04-21 11:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-13 07:14 - 2015-04-21 10:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-13 07:14 - 2015-04-21 10:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-13 06:27 - 2015-05-04 21:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-13 06:27 - 2015-05-04 21:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-13 06:27 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 06:27 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 06:22 - 2015-04-27 15:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-13 06:22 - 2015-04-27 15:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-13 06:22 - 2015-04-27 15:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-13 06:22 - 2015-04-27 15:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-13 06:22 - 2015-04-27 15:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-13 06:22 - 2015-04-27 15:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-13 06:22 - 2015-04-27 15:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-13 06:22 - 2015-04-27 15:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-13 06:22 - 2015-04-27 15:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 15:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-13 06:22 - 2015-04-27 15:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-13 06:22 - 2015-04-27 15:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-13 06:22 - 2015-04-27 15:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-13 06:22 - 2015-04-27 15:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-13 06:22 - 2015-04-27 15:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-13 06:22 - 2015-04-27 15:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-13 06:22 - 2015-04-27 15:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-13 06:22 - 2015-04-27 15:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-13 06:22 - 2015-04-27 15:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 14:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-13 06:22 - 2015-04-27 13:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-13 06:22 - 2015-04-27 13:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-13 06:22 - 2015-04-27 13:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-13 06:22 - 2015-04-27 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-13 06:22 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 06:21 - 2015-04-27 15:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-13 06:21 - 2015-04-27 15:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-13 06:20 - 2015-04-19 23:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 06:20 - 2015-04-19 23:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 06:20 - 2015-04-19 22:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 06:20 - 2015-04-19 22:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-13 06:17 - 2015-04-07 23:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 06:17 - 2015-04-07 23:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 06:17 - 2015-04-07 23:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 06:17 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 06:17 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-13 06:12 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 06:12 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 06:11 - 2015-03-04 00:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 06:11 - 2015-03-04 00:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 06:11 - 2015-03-04 00:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 06:11 - 2015-03-04 00:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 06:11 - 2015-03-04 00:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 06:11 - 2015-03-04 00:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 06:11 - 2015-03-04 00:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-12 01:48 - 2015-05-12 01:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-11 17:33 - 2015-05-11 17:33 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Opera Software
2015-05-07 08:34 - 2015-05-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-01 17:30 - 2012-02-17 12:28 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\Skype
2015-06-01 17:27 - 2012-09-16 17:59 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\uTorrent
2015-06-01 17:19 - 2012-06-07 05:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-01 17:02 - 2012-02-16 06:28 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 15:55 - 2012-02-16 06:25 - 01498738 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 11:07 - 2009-07-14 00:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 11:07 - 2009-07-14 00:45 - 00024800 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 11:02 - 2012-02-16 06:28 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 10:31 - 2011-11-03 21:51 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-06-01 10:31 - 2011-11-03 21:51 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-06-01 10:31 - 2009-07-14 01:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 07:04 - 2012-02-16 06:38 - 00000000 ____D () C:\Users\Sabrina\Documents\Youcam
2015-06-01 06:56 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 08:47 - 2013-07-07 12:50 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-30 12:32 - 2012-02-16 06:35 - 00000000 ____D () C:\Users\Sabrina
2015-05-30 11:18 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\Performance
2015-05-30 11:16 - 2012-07-01 15:54 - 00000000 ____D () C:\ProgramData\InstallMate
2015-05-29 09:08 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2015-05-29 09:04 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-28 07:57 - 2013-04-25 13:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 07:57 - 2012-10-14 22:00 - 00001634 _____ () C:\Users\Sabrina\AppData\Roaming\MyMicroBalanceConfig.ini
2015-05-23 08:04 - 2014-06-20 05:42 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-23 08:04 - 2014-06-20 05:42 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-23 08:04 - 2013-07-07 13:10 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-23 08:04 - 2013-07-07 13:10 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-23 08:04 - 2013-07-07 12:51 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-23 08:04 - 2013-07-07 12:50 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-23 08:03 - 2013-07-07 12:51 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-23 08:02 - 2013-07-07 12:51 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-20 18:21 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-20 18:21 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-20 18:04 - 2014-07-07 14:49 - 00000000 ____D () C:\Windows\Minidump
2015-05-20 18:04 - 2012-03-10 09:39 - 00000000 ____D () C:\Users\Sabrina\AppData\Local\CrashDumps
2015-05-20 14:02 - 2014-09-15 12:13 - 00003856 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1410797561
2015-05-20 14:02 - 2014-09-15 12:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-05-18 07:17 - 2012-02-17 12:28 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-18 07:17 - 2012-02-17 12:28 - 00000000 ____D () C:\ProgramData\Skype
2015-05-17 18:11 - 2012-06-21 09:21 - 00000000 ____D () C:\Users\Sabrina\AppData\Roaming\vlc
2015-05-15 10:57 - 2012-02-16 06:28 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 10:57 - 2012-02-16 06:28 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-15 10:43 - 2014-07-24 18:53 - 00000000 ____D () C:\Users\Sabrina\Desktop\Neuer Ordner (2)
2015-05-14 10:09 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-05-14 09:15 - 2009-07-14 00:45 - 00509568 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 09:12 - 2011-04-12 04:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-14 09:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-13 19:29 - 2013-09-18 17:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-13 19:26 - 2013-07-26 23:53 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-13 19:15 - 2011-11-03 16:34 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-13 19:10 - 2013-03-13 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-13 19:09 - 2013-03-13 22:17 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-13 19:09 - 2013-03-13 22:17 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-11 17:33 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-05-06 10:00 - 2013-07-07 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

==================== Files in the root of some directories =======

2014-02-21 04:49 - 2014-02-21 04:49 - 49940480 _____ () C:\Program Files (x86)\GUT6068.tmp
2012-10-14 22:00 - 2015-05-27 07:57 - 0001634 _____ () C:\Users\Sabrina\AppData\Roaming\MyMicroBalanceConfig.ini
2013-03-14 16:17 - 2014-10-10 16:32 - 0032768 _____ () C:\Users\Sabrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-21 01:22 - 2014-12-21 01:22 - 0007605 _____ () C:\Users\Sabrina\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Sabrina\AppData\Local\Temp\Quarantine.exe
C:\Users\Sabrina\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 09:21

==================== End of log ============================

So an dieser Stelle einmal vielen lieben Dank für Ihre Zeit, Geduld und die wirklich gut erklärten Anweisungen mit denen ich sehr gut klar kam...

Ich habe viele Infizierte Dateien gefunden und dadurch beheben können

muss aber leider sagen das die Werbungen nicht weniger geworden sind

glg Blanca

schrauber · 02.06.2015, 18:41

Java und Adobe updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Config.Msi\2aafa.rbf
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\8BFC69E8DD3A37F29EFADCCF1B281B980AE6259C

C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\AB0DFB79E6356BBF3F26E31869A2267644391252

C:\Users\Sabrina\Downloads\Setups und anderes\BitZipperSetup.exe

C:\Users\Sabrina\Downloads\Setups und anderes\FFSetup3.0.1.zip

C:\Users\Sabrina\Downloads\Setups und anderes\iMeshSetup-r1444-n-bc.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_dvdplayer.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_nokia-energy-profiler.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_shazam.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_vlingo.exe

C:\Users\Sabrina\Downloads\Setups und anderes\WinRARSetup-11550928.exe

C:\Users\Sabrina\Downloads\Setups und anderes\wz165gev.exe

C:\Users\Sabrina\Downloads\Setups und anderes\wz175-64gev.msi

C:\Windows\Installer\274012.msi

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]

D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Revo Uninstaller - Download - Filepony
damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.mozilla.org/de/kb/fi...einfach-loesen

Jetzt bitte nochmal testen in welchen Browsern welches Problem besteht

Blanca · 08.06.2015, 20:34

Hallo :-)

heute hab ich dann endlich die Zeit gefunden um weiter zu machen ;-)

Hier der Fixlog

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Sabrina at 2015-06-08 14:10:29 Run:1
Running from C:\Users\Sabrina\Downloads
Loaded Profiles: UpdatusUser & Sabrina (Available Profiles: UpdatusUser & Sabrina)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Config.Msi\2aafa.rbf
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\8BFC69E8DD3A37F29EFADCCF1B281B980AE6259C

C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\AB0DFB79E6356BBF3F26E31869A2267644391252

C:\Users\Sabrina\Downloads\Setups und anderes\BitZipperSetup.exe

C:\Users\Sabrina\Downloads\Setups und anderes\FFSetup3.0.1.zip

C:\Users\Sabrina\Downloads\Setups und anderes\iMeshSetup-r1444-n-bc.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_dvdplayer.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_nokia-energy-profiler.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_shazam.exe

C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_vlingo.exe

C:\Users\Sabrina\Downloads\Setups und anderes\WinRARSetup-11550928.exe

C:\Users\Sabrina\Downloads\Setups und anderes\wz165gev.exe

C:\Users\Sabrina\Downloads\Setups und anderes\wz175-64gev.msi

C:\Windows\Installer\274012.msi

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]

D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe
Emptytemp:
*****************

C:\Config.Msi\2aafa.rbf => moved successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\8BFC69E8DD3A37F29EFADCCF1B281B980AE6259C => moved successfully.
C:\Users\Sabrina\AppData\Local\Mozilla\Firefox\Profiles\e0r3h4wu.default\cache2\entries\AB0DFB79E6356BBF3F26E31869A2267644391252 => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\BitZipperSetup.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\FFSetup3.0.1.zip => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\iMeshSetup-r1444-n-bc.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_dvdplayer.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_nokia-energy-profiler.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_shazam.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\SoftonicDownloader_fuer_vlingo.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\WinRARSetup-11550928.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\wz165gev.exe => moved successfully.
C:\Users\Sabrina\Downloads\Setups und anderes\wz175-64gev.msi => moved successfully.
C:\Windows\Installer\274012.msi => moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1]" => File/Folder not found.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2]" => File/Folder not found.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DFX3UK3\update[1] => moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\update[2] => moved successfully.
D:\TOOLS\Medion MediaPack\medion_mediapack_2_ext.exe => moved successfully.
EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 14:12:58 ====

Also hab die Anweisungen befolgt und momentan funktioniert Firefox ohne Werbungen und Fremd verlinkungen.
Bei meinem Standart Browser Chrome sind die Werbungen leider nicht weniger geworden und das Problem mit dem Fremd verinken besteht hier weiterhin.

LG

schrauber · 09.06.2015, 20:00

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de

Blanca · 09.06.2015, 21:41

:O *,*

alles wieder normal...keine Werbungen mehr oder fremd Verlinkungen...*.*

Vielen vielen lieben dank für deine Hilfe und deine Zeit Schrauber...

glg

Verzweiflung wegen Werbung in den Browsern

Log-Analyse und Auswertung: Verzweiflung wegen Werbung in den Browsern