Ahso sorry das schwer das hier zu machen, weil mein Chrome ja ständig abstürzt.
Also ich hab das jetzt auf meinen Destop gezogen, und nochmals durchlafen lassen,
die alten LOGs habe ich nicht mehr auf dem PC nur noch in meinem Thema der Link ist hier: http://www.trojaner-board.de/153358-...entfernen.html
So also nochmal: 1. FRST:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Sarah (administrator) on SARAH-PC on 30-06-2014 19:06:06
Running from C:\Users\Sarah\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
() C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
() C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
() C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files\003\xmkysecqun32.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Systweak) C:\Program Files\Right Backup\RightBackup.exe
() C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\fst_de_60\fst_de_60.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files\Common Files\Overwolf\0.76.1.0\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\fst_de_70\fst_de_70.exe
() C:\Users\Sarah\AppData\Local\fst_de_70\upfst_de_70.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
(Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-10-13] (Dell Inc.)
HKLM\...\Run: [AVG_UI] => "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [fst_de_60] => C:\Program Files\fst_de_60\fst_de_60.exe [3979760 2014-06-23] ()
HKLM\...\Run: [fst_de_70] => C:\Program Files\fst_de_70\fst_de_70.exe [3980280 2014-06-27] ()
HKLM\...\RunOnce: [upfst_de_60.exe] - C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe -runonce [3353584 2014-06-23] ()
HKLM\...\Runonce: [upfst_de_70.exe] - C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_70.exe -runonce
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-29] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\MountPoints2: {14c2fd0e-f912-11e1-9f4b-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\MountPoints2: {81c5de9c-ef3b-11e3-90e6-002219f395b1} - G:\Startme.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-29] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {14c2fd0e-f912-11e1-9f4b-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {81c5de9c-ef3b-11e3-90e6-002219f395b1} - G:\Startme.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
AppInit_DLLs: C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14247;https=127.0.0.1:14247
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x603A7F37CA6DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400787804&from=cor&uid=TOSHIBAXMK2555GSX_697FTCR5TXX697FTCR5T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400787804&from=cor&uid=TOSHIBAXMK2555GSX_697FTCR5TXX697FTCR5T&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=58&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=58&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: BlockAndSurf - {42D0AB81-D2E9-45AF-920B-364108DDD363} - C:\Program Files\-BlockAndSurfS\174.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Star Stable Online - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\plugin@starstable.com [2014-05-06]
FF Extension: Quick Start - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\quick_start@gmail.com [2014-05-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [{ED75ABA9-372B-880E-9D94-92D475A431DE}] - C:\Program Files\-BlockAndSurfS\174.xpi
FF Extension: BlockAndSurf - C:\Program Files\-BlockAndSurfS\174.xpi [2014-06-23]
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV="
CHR Extension: (BlockAndSurf) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhaejhdlcmboghhjpfmnfiegbmlbjmmn [2014-06-23]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Extension: (Extutil) - C:\Users\Sarah\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-06-30]
CHR Extension: (Managera) - C:\Users\Sarah\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-06-30]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sarah\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)
R2 BlockAndSurf; C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe [180224 2014-06-23] () [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (Client Connect LTD)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [976672 2014-06-10] (Overwolf LTD)
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 SupraSavingsService; C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
R2 vosr; C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe [53248 2014-05-22] () [File not signed]
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-10-13] (Dell Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)
R2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe [541696 2014-05-22] () [File not signed]
S2 avgfws; "C:\Program Files\AVG\AVG2013\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [X]
==================== Drivers (Whitelisted) ====================
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-10-13] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-06-12] (NetFilterSDK.com) [File not signed]
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [269536 2008-09-19] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-30 19:06 - 2014-06-30 19:06 - 00024020 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_70
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files\fst_de_70
2014-06-30 17:29 - 2014-06-30 17:53 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\SearchProtect
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-23 18:58 - 2014-06-30 18:58 - 00000368 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-23 18:58 - 2014-06-30 18:48 - 00000388 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-23 18:58 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_60
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-23 18:57 - 2014-06-23 18:57 - 00000000 ____D () C:\Program Files\fst_de_60
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-17 12:29 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 12:29 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 12:29 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 12:29 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 12:29 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 12:29 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 12:29 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 12:29 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-17 12:29 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-17 12:29 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 12:29 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 12:29 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 12:29 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 12:29 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-05 13:08 - 2014-06-05 13:08 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-03 23:34 - 2014-06-05 13:21 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-01 20:08 - 2014-06-30 18:16 - 00000879 _____ () C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk
==================== One Month Modified Files and Folders =======
2014-06-30 19:06 - 2014-06-30 19:06 - 00024020 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-06-30 19:06 - 2014-05-02 15:18 - 00000000 ____D () C:\FRST
2014-06-30 19:06 - 2012-09-29 21:45 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job
2014-06-30 18:58 - 2014-06-23 18:58 - 00000368 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-30 18:48 - 2014-06-23 18:58 - 00000388 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_70
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files\fst_de_70
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_60
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-30 18:16 - 2014-06-01 20:08 - 00000879 _____ () C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk
2014-06-30 18:16 - 2014-05-02 13:27 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 18:12 - 2012-10-30 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 17:53 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 17:49 - 2008-01-21 03:35 - 01943889 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 17:47 - 2013-06-26 22:30 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Overwolf
2014-06-30 17:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 17:45 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:45 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\SearchProtect
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-30 14:40 - 2012-09-29 21:45 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job
2014-06-23 18:58 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:58 - 2014-04-26 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-23 18:58 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-23 18:57 - 2014-06-23 18:57 - 00000000 ____D () C:\Program Files\fst_de_60
2014-06-22 21:57 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 21:53 - 2012-12-11 13:57 - 00000000 ____D () C:\Users\Sarah\.gimp-2.8
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-22 13:48 - 2012-11-22 19:14 - 00000000 ____D () C:\Users\Sarah\Tracing
2014-06-21 22:14 - 2012-09-29 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-20 14:04 - 2013-06-26 22:33 - 00000000 ____D () C:\Program Files\Overwolf
2014-06-19 11:13 - 2014-05-23 08:35 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-06-18 03:40 - 2012-09-07 18:42 - 00001356 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:17 - 2014-05-02 13:00 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-17 12:16 - 2014-04-27 09:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-17 12:12 - 2008-01-21 04:47 - 00153204 _____ () C:\Windows\PFRO.log
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:51 - 2012-09-07 18:48 - 00641602 _____ () C:\Windows\DPINST.LOG
2014-06-08 20:50 - 2006-11-02 12:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 20:47 - 2006-11-02 14:52 - 00120035 _____ () C:\Windows\setupact.log
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-08 20:45 - 2012-09-29 20:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-05 13:21 - 2014-06-03 23:34 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-05 13:08 - 2014-06-05 13:08 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-05 13:00 - 2012-09-07 18:42 - 00000000 ____D () C:\Users\Sarah
2014-06-04 00:12 - 2014-05-27 19:13 - 00000000 ____D () C:\Users\Sarah\Desktop\geb
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-01 19:38 - 2012-09-07 18:42 - 00105056 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-01 19:38 - 2006-11-02 14:47 - 03780448 _____ () C:\Windows\system32\FNTCACHE.DAT
Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\dlLogic.exe
C:\Users\Sarah\AppData\Local\Temp\dltr.exe
C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Sarah\AppData\Local\Temp\GCVerifier.dll
C:\Users\Sarah\AppData\Local\Temp\nsf2EB5.tmp.exe
C:\Users\Sarah\AppData\Local\Temp\nshB475.exe
C:\Users\Sarah\AppData\Local\Temp\nshBE85.exe
C:\Users\Sarah\AppData\Local\Temp\nsk3A1B.tmp.exe
C:\Users\Sarah\AppData\Local\Temp\nsm730C.exe
C:\Users\Sarah\AppData\Local\Temp\nsmB975.exe
C:\Users\Sarah\AppData\Local\Temp\nsw7741.exe
C:\Users\Sarah\AppData\Local\Temp\nsw7C70.exe
C:\Users\Sarah\AppData\Local\Temp\SpOrder.dll
C:\Users\Sarah\AppData\Local\Temp\verifier.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-30 17:50
==================== End Of Log ============================
--- --- ---
--- --- --- 2. Additions
Find ich immer noch nicht ?:(
Hier die Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Sarah at 2014-06-30 19:37:32
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ATI Catalyst Install Manager (HKLM\...\{E4AAB0A5-482C-0048-3D37-57A3965601B6}) (Version: 3.0.699.0 - ATI Technologies, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2904 - AVG Technologies)
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
BlockAndSurf (HKLM\...\1027EDAE-588F-5338-1B71-C109FF99659F) (Version: - BlockAndSurf-software) <==== ATTENTION
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.22.02 - Broadcom Corporation)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.1114.2149.39131 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization German (Version: 2008.1114.2149.39131 - ATI) Hidden
CCC Help English (Version: 2008.1114.2148.39131 - ATI) Hidden
CCC Help German (Version: 2008.1114.2148.39131 - ATI) Hidden
ccc-core-static (Version: 2008.1114.2149.39131 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.1114.2149.39131 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Die Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims 2: Family Fun - Accessoires (HKLM\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version: - )
Die Sims™ 2 Gute Reise (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version: - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version: - )
Die Sims™ 2: Glamour-Accessoires (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version: - )
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.17 - Dell Inc.)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
fst_de_60 (HKLM\...\fst_de_60_is1) (Version: - FREE_SOFTTODAY) <==== ATTENTION
fst_de_70 (HKLM\...\fst_de_70_is1) (Version: - FREE_SOFTTODAY) <==== ATTENTION
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)
iMesh (HKLM\...\iMesh) (Version: 12.5.0.134600 - iMesh Inc) <==== ATTENTION
Installer (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Integrated Webcam Driver (1.00.03.0919) (HKLM\...\Creative OA008) (Version: - )
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel(R) Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Overwolf (HKLM\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx86.Dist (Version: 1.0.0 - Overwolf) Hidden
PlayCatan Zugangssoftware (HKLM\...\PlayCatan Client) (Version: 3.1148 - Catan GmbH)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.3797 - Systweak Software)
Search Protect (HKLM\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD) <==== ATTENTION
Skins (Version: 2008.1114.2149.39131 - ATI) Hidden
Sony PC Companion 2.10.206 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WPM18.8.0.304 (HKLM\...\WPM) (Version: 18.8.0.304 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
08-06-2014 18:45:54 Sony PC Companion
08-06-2014 18:50:30 Sony PC Companion
21-06-2014 20:04:42 Windows Update
==================== Hosts content: ==========================
2006-11-02 12:23 - 2014-04-26 10:30 - 00008890 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
216.239.32.20 google.com www.google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar
216.239.32.20 google.com www.google.as
216.239.32.20 google.com www.google.at
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az
216.239.32.20 google.com www.google.ba
216.239.32.20 google.com www.google.com.bd
216.239.32.20 google.com www.google.be
216.239.32.20 google.com www.google.bf
216.239.32.20 google.com www.google.bg
216.239.32.20 google.com www.google.com.bh
216.239.32.20 google.com www.google.bi
216.239.32.20 google.com www.google.bj
216.239.32.20 google.com www.google.com.bn
216.239.32.20 google.com www.google.com.bo
216.239.32.20 google.com www.google.com.br
216.239.32.20 google.com www.google.bs
216.239.32.20 google.com www.google.bt
216.239.32.20 google.com www.google.co.bw
There are 163 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51D19989-9A97-43B5-9648-8C75599C7670} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-06-10] (Overwolf LTD)
Task: {697A1811-CF2C-4541-96E7-45C95B03A548} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-04-24] (Systweak)
Task: {6F7AA27B-7E65-4CDA-8048-9761CA5F9081} - System32\Tasks\FF Watcher {7F14B81C-4986-4B8B-9EC8-A4AAD6C6B506} => C:\Program Files\V-bates\PrefHelper.exe
Task: {87EDCD04-35DF-4026-B03D-998C54D4F1AA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9255351A-5EE0-4E85-A13B-08ACB289DA52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.)
Task: {9F96B950-BF20-4FD1-98FC-EB4DD4D07A5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D9F744D5-9360-4621-803D-DF3592EA1B0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E43A4E01-A6C4-41CB-A55E-0D0103A507AD} - System32\Tasks\BlockAndSurf Update => C:\Program Files\-BlockAndSurfS\BlockAndSurfo03.exe [2014-06-23] () <==== ATTENTION
Task: {E4D4A9F5-B69C-4AFB-A189-D4966B782B2D} - System32\Tasks\BlockAndSurf_wd => C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe [2014-06-23] () <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EC45E14C-CECF-4985-9102-B9CF0B3155C6} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe [2014-06-10] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files\-BlockAndSurfS\BlockAndSurfo03.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-23 18:58 - 2014-06-23 18:58 - 00180224 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00172544 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.dll
2014-04-30 20:39 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
2014-06-25 19:58 - 2014-06-25 19:58 - 00151040 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00102400 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00323584 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\ProtocolFilters.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00053248 _____ () C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe
2014-05-22 21:27 - 2014-05-22 21:27 - 00541696 _____ () C:\Program Files\003\xmkysecqun32.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00100864 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe
2012-09-18 10:52 - 2008-11-15 00:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-06-23 18:57 - 2014-06-23 11:33 - 03353584 _____ () C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe
2012-09-29 20:31 - 2008-10-13 14:17 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-06-23 18:57 - 2014-06-23 11:33 - 03979760 _____ () C:\Program Files\fst_de_60\fst_de_60.exe
2014-06-30 18:17 - 2014-06-27 15:13 - 03980280 _____ () C:\Program Files\fst_de_70\fst_de_70.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00131072 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe
2012-09-18 10:54 - 2012-09-18 10:54 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-18 13:25 - 2008-11-18 13:25 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 13692232 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2014-04-25 19:42 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-25 19:42 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/30/2014 07:29:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/30/2014 07:28:04 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (06/30/2014 05:45:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/30/2014 05:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung chrome.exe, Version 34.0.1847.131, Zeitstempel 0x535824c4, fehlerhaftes Modul chrome.dll, Version 34.0.1847.131, Zeitstempel 0x53581e65, Ausnahmecode 0x80000003, Fehleroffset 0x00416cca,
Prozess-ID 0x1e64, Anwendungsstartzeit chrome.exe0.
Error: (06/23/2014 06:43:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.500 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 169c
Anfangszeit: 01cf8f02300b9ad7
Zeitpunkt der Beendigung: 7
Error: (06/23/2014 06:27:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2014 09:44:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SARAH\.THUMBNAILS\NORMAL\FDBA0F123A6A6205043CA6F0A2744481.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/22/2014 09:44:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SARAH\.THUMBNAILS\NORMAL\FDBA0F123A6A6205043CA6F0A2744481.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (06/22/2014 08:56:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2014 01:31:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.500 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 78c
Anfangszeit: 01cf8e0d7049af70
Zeitpunkt der Beendigung: 37
System errors:
=============
Error: (06/30/2014 07:32:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Avgldx86
netfilter2
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimsptsk%%2
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%2
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVG WatchDog%%3
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVGIDSAgent%%3
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVG Firewall%%3
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dell Wireless WLAN Tray Service%%2
Error: (06/30/2014 07:29:07 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Microsoft Office Sessions:
=========================
Error: (10/24/2012 05:06:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6092 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-30 19:36:25.079
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:24.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:24.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:24.307
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:02.997
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:02.439
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:01.817
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:36:01.045
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:06:36.352
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-30 19:06:36.072
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 52%
Total physical RAM: 3066.13 MB
Available physical RAM: 1460.37 MB
Total Pagefile: 6334.54 MB
Available Pagefile: 4342.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:58.5 GB) (Free:7.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
Drive e: () (Fixed) (Total:174.29 GB) (Free:174.19 GB) NTFS
Drive f: (Sims2EP6) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 3FBE4D3F)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=174 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
FRST 32-Bit | FRST 64-Bit
Lesestoff:
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware 
