Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   LyricsContainer auf Windows 7 - Wie schmeiße ich es runter? (https://www.trojaner-board.de/140481-lyricscontainer-windows-7-schmeisse-runter.html)

hauskran 26.08.2013 12:07
LyricsContainer auf Windows 7 - Wie schmeiße ich es runter?
 
LyricsContainer auf Windows 7 - Wie schmeiße ich es runter?


Den Beitrag habe ich bei Euch gefunden, kann ihn eins zu eins für mein Problem übernehmen


16.08.2013, 12:30
WritersM
Hey Leute,

Ich habe mich hier registriert, weil ich unbedingt Hilfe brauche (Also ein Fachmannn bin ich nicht im geringsten). Ich habe letztens im Internet Explorer ein Nachricht erhalten: "Java-Sicherheitsupdate ist unbedingt erforderlich!" Normalerweise traue ich dem ganzen nicht und schließe das Fenster auch gleich. In diesem Fall konnte ich es aber nicht wegXen, da sich immer wieder erst das Fenster "Wollen sie diese Seite wirklich verlassen? --> JA" und dann wieder "JAVA-Sicherheitsupdate unbedingt erforderlich" kam, wie eine Dauerschleife die ich nicht verlassen konnte, also habe ich auf "Update installieren" gedrückt, da ich dachte es müsse also etwas ernstes sein. Das Update wurde heruntergeladen und der Installationsprozess begann. Nach 'ner Zeit (Ich hab mir ALLES durchgelesen) kam mir das aber nicht mehr allzu seriös vor, weil immer wieder Werbung für verschiedene Add-Ons kam, die er (hätte ich nicht auf NEIN gedrückt) installiert hätte. Irgendwann ging das aber mal nicht und deshalb habe ich den Installationsprozess (bzw. das Voreinstellungsmenü) geschlossen. Dann schaue ich in meine Mozilla Add-Ons und plötzlich sehe ich da dennoch "LyricsContainer 1.128". Das kann ich auch nicht so einfach entfernen, weil es dafür keinen Button gibt. Ich informiere mich darüber, was das ist und sehe "Spyware" !
"WHY ME ?!?" Tja und jetzt möchte ich vorsorgen, bevor es meinem PC Schaden zufügt und es herunterlöschen.
Wie mache ich das? Könnte mir einer eine Schritt-für-Schritt Anleitung geben?
Mein PC: Windows 7 Home Premium - 64-Bit

Danke schon mal.

MFG, Ich.

-----------------------------------------------------------------------------------------------------------------

Mit Systemwiederherstellung habe ich auch nichts mehr erreichen können, da mein selbst erstellter Punkt nicht mehr da war.
Was mir noch aufgefallen ist. Bei mir sind immer wieder Wörter doppelt unterstrichen, klicke ich versehentlich drauf, werde ich gleich auf andere Seiten weiter geleitet.


Nun wollte ich die Checkliste schon mal durchgehen, habe aber , glaube ich schon einen Fehler gemacht:


defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:49 on 26/08/2013 (Sigrid)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

cosinus 26.08.2013 12:34
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

hauskran 27.08.2013 06:06
Irgrndwie klappt hier gar nichts. Ereignisse von meinem Avira konnte ich auch nicht exportieren, also habe ich Screen gemacht. ---> https://fotos.gmx.net/ui/external/hY4QJ9-ZSxCNnEzo7fZlKg25301 <--- Mit dem Scan mit Farbar's Recovery Scan Tool (FRST) klappt es auch nicht, da will sich immer noch etwas anderes mit Instalieren, bin anscheinen zu blöd einen PC zu bedienen.

Was ist ein Log mit Farbars Tool ?

Habe jetzt noch einmal alles ausprobiert. Das mit dem Avira klappt immer noch nicht. Das mit FRST hat endlich geklappt.



FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01
Ran by Sigrid (administrator) on 27-08-2013 06:49:19
Running from C:\Users\Sigrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2PSJWHG
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(ACD Systems, Ltd.) C:\Program Files (x86)\ACD Systems\DevDetect\DevDetect.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(IncrediMail, Ltd.) D:\IncrediMail\Bin\IncMail.exe
(IncrediMail, Ltd.) D:\IncrediMail\Bin\ImApp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [283232 2012-10-31] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-06-21] (Garmin Ltd or its subsidiaries)
MountPoints2: {2fc90b86-4d6d-11e1-b4ee-001c4af2c242} - F:\setup.exe -a
MountPoints2: {b96e3044-6c9c-11df-ad7b-806e6f6e6963} - E:\SETUP.EXE /AUTORUN
MountPoints2: {dd7a2bad-b138-11df-a743-90fba6e1659a} - G:\pushinst.exe
MountPoints2: {dd7a2bb0-b138-11df-a743-90fba6e1659a} - K:\pushinst.exe
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1794048 2008-10-28] (AVM Berlin)
HKLM-x32\...\Run: [Camera Detector] - C:\PROGRA~2\ACDSYS~1\DEVDET~1\DEVDET~1.EXE [208896 2002-12-18] (ACD Systems, Ltd.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SMSTray] - C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [484888 2009-03-21] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [220744 2011-12-16] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\Sigrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Sigrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)

==================== Internet (Whitelisted) ====================

ProxyServer: 178.217.14.33:9090
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z516pe4g5v135w46n1t73q
URLSearchHook: (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
URLSearchHook: (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
SearchScopes: HKCU - {2BFF74D9-71F7-42B1-9C29-417A6BD92012} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
SearchScopes: HKCU - {CAA06B31-4162-4683-9F05-FFEC6A813012} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=HIP&o=102875&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=6F&apn_dtid=YYYYYYYYDE&apn_uid=610243CC-8564-445E-A4FD-B44B24A51351&apn_sauid=648C11BE-D87F-4967-9D28-F5FD85790C85
BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} -  No File
Handler: msdaipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default
FF user.js: detected! => C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\user.js
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.Google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=
FF NetworkProxy: "backup.ftp", "178.217.14.33"
FF NetworkProxy: "backup.ftp_port", 9090
FF NetworkProxy: "backup.gopher", "188.94.228.46"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "178.217.14.33"
FF NetworkProxy: "backup.socks_port", 9090
FF NetworkProxy: "backup.ssl", "178.217.14.33"
FF NetworkProxy: "backup.ssl_port", 9090
FF NetworkProxy: "ftp", "178.217.14.33"
FF NetworkProxy: "ftp_port", 9090
FF NetworkProxy: "gopher", "188.94.228.46"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "178.217.14.33"
FF NetworkProxy: "http_port", 9090
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.217.14.33"
FF NetworkProxy: "socks_port", 9090
FF NetworkProxy: "ssl", "178.217.14.33"
FF NetworkProxy: "ssl_port", 9090
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\searchplugins\Web Search.xml
FF Extension: No Name - C:\Users\Sigrid\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Conduit Engine  - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\engine@conduit.com
FF Extension: Garmin Communicator - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: DownloadHelper - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: IMinent Toolbar - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF Extension: No Name - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{e798194d-0d55-e397-a59b-ad2c3b2591ae}
FF Extension: pricepeep - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\pricepeep@getpricepeep.com.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: No Name - C:\Program Files\Web Assistant\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] C:\Program Files\Web Assistant\Firefox
FF Extension: No Name - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox
FF Extension: No Name - C:\Program Files\Web Assistant\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] C:\Program Files\Web Assistant\Firefox
FF Extension: No Name - C:\Program Files\Web Assistant\Firefox

Chrome:
=======
CHR HomePage:                "homepage":        "hxxp://start.iminent.com/?appId=E48A8E4D-E32D-49C4-85CA-54F39671A82B",
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=E48A8E4D-E32D-49C4-85CA-54F39671A82B"
CHR Extension: () - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.611_0
CHR Extension: (PricePeep) - C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [364544 2008-10-28] (AVM Berlin)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219992 2013-06-21] (Garmin Ltd or its subsidiaries)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-07-03] ()
R2 yksvc; C:\Windows\System32\yk62x64.dll [496128 2009-09-28] (Marvell)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2008-10-28] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2008-10-28] (AVM GmbH)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 cpuz132; \??\C:\Users\Sigrid\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-26 16:58 - 2013-08-26 16:58 - 01066648 _____ C:\Users\Sigrid\Downloads\setup (1).exe
2013-08-26 15:59 - 2013-08-26 16:53 - 00000000 ____D C:\Users\Sigrid\Desktop\PC
2013-08-26 15:08 - 2013-08-26 15:08 - 00000000 _____ C:\Users\Sigrid\Downloads\setup.exe.o3y7xx8.partial
2013-08-26 14:17 - 2013-08-26 14:25 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-08-26 14:16 - 2013-08-26 14:16 - 00000000 ____D C:\Users\Sigrid\AppData\Local\Smartbar
2013-08-26 13:51 - 2013-08-26 13:51 - 00000286 _____ C:\Users\Sigrid\Desktop\Ereignisse.txt
2013-08-26 12:49 - 2013-08-26 12:49 - 00000474 _____ C:\Users\Sigrid\Desktop\defogger_disable.log
2013-08-26 12:09 - 2013-08-26 12:09 - 00000000 _____ C:\Users\Sigrid\defogger_reenable
2013-08-21 14:27 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 14:27 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 14:27 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 14:27 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 14:27 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 14:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 14:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 14:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 14:27 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 14:27 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 14:27 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 14:27 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-21 11:47 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-21 11:47 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-21 11:47 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-21 11:47 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-21 11:47 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-21 11:47 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-21 11:47 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-21 11:47 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-21 11:47 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-21 11:47 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-21 11:47 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-21 11:47 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-21 11:47 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-21 11:47 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-21 11:46 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-21 11:46 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 07:41 - 2013-08-26 10:35 - 00000000 ____D C:\Windows\system32\MRT
2013-07-31 19:28 - 2013-08-26 18:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 19:28 - 2013-07-31 19:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 10:13 - 2013-07-31 10:13 - 464292448 _____ C:\Windows\MEMORY.DMP
2013-07-31 10:13 - 2013-07-31 10:13 - 00274784 _____ C:\Windows\Minidump\073113-28969-01.dmp
2013-07-31 09:41 - 2013-07-31 09:41 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00000000 ____D C:\Program Files\Java
2013-07-31 09:39 - 2013-07-31 09:40 - 33150376 _____ (Oracle Corporation) C:\Users\Sigrid\Desktop\jre-7u25-windows-x64.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-31 09:37 - 2013-07-31 09:37 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-08-27 06:49 - 2013-08-27 06:49 - 00000000 ____D C:\FRST
2013-08-27 06:49 - 2010-05-31 12:13 - 01977271 _____ C:\Windows\WindowsUpdate.log
2013-08-27 06:42 - 2013-07-25 15:46 - 00004144 _____ C:\Windows\setupact.log
2013-08-27 06:42 - 2009-10-12 13:56 - 02107684 _____ C:\Windows\PFRO.log
2013-08-27 06:42 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-26 21:05 - 2010-08-26 21:43 - 00000000 ____D C:\Users\Sigrid\AppData\Roaming\FRITZ!
2013-08-26 20:52 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-26 20:52 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-26 18:32 - 2013-07-31 19:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-26 16:58 - 2013-08-26 16:58 - 01066648 _____ C:\Users\Sigrid\Downloads\setup (1).exe
2013-08-26 16:53 - 2013-08-26 15:59 - 00000000 ____D C:\Users\Sigrid\Desktop\PC
2013-08-26 15:08 - 2013-08-26 15:08 - 00000000 _____ C:\Users\Sigrid\Downloads\setup.exe.o3y7xx8.partial
2013-08-26 14:47 - 2010-08-26 20:50 - 00000000 ____D C:\Users\Sigrid
2013-08-26 14:44 - 2013-07-14 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 14:44 - 2012-12-28 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 14:44 - 2012-05-30 15:14 - 00000000 ____D C:\Program Files\Web Assistant
2013-08-26 14:44 - 2011-02-24 22:47 - 00000000 ____D C:\Program Files (x86)\Conduit
2013-08-26 14:44 - 2010-08-27 10:08 - 00000000 ____D C:\Users\Sigrid\AppData\Roaming\vlc
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-26 14:41 - 2010-08-26 20:59 - 00000000 ____D C:\Users\Sigrid\AppData\Local\Google
2013-08-26 14:25 - 2013-08-26 14:17 - 00000000 ____D C:\Program Files (x86)\Wajam
2013-08-26 14:16 - 2013-08-26 14:16 - 00000000 ____D C:\Users\Sigrid\AppData\Local\Smartbar
2013-08-26 13:51 - 2013-08-26 13:51 - 00000286 _____ C:\Users\Sigrid\Desktop\Ereignisse.txt
2013-08-26 12:49 - 2013-08-26 12:49 - 00000474 _____ C:\Users\Sigrid\Desktop\defogger_disable.log
2013-08-26 12:09 - 2013-08-26 12:09 - 00000000 _____ C:\Users\Sigrid\defogger_reenable
2013-08-26 10:35 - 2013-08-14 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-22 18:44 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-21 14:25 - 2010-05-13 03:29 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-21 14:25 - 2010-05-13 03:29 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-21 14:25 - 2009-07-14 07:13 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 14:22 - 2010-08-27 09:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-21 14:22 - 2009-07-14 04:34 - 00000531 _____ C:\Windows\win.ini
2013-08-11 15:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 19:28 - 2013-07-31 19:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 19:28 - 2012-05-20 23:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-31 19:28 - 2011-05-20 05:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-31 19:27 - 2010-08-29 08:34 - 00000000 ____D C:\Users\Sigrid\AppData\Local\Adobe
2013-07-31 11:42 - 2010-08-27 17:53 - 00000000 ___RD C:\Users\Sigrid\Desktop\Verknüpfungen
2013-07-31 10:19 - 2013-07-22 08:23 - 00000000 ____D C:\Users\Sigrid\Documents\Bandicam
2013-07-31 10:13 - 2013-07-31 10:13 - 464292448 _____ C:\Windows\MEMORY.DMP
2013-07-31 10:13 - 2013-07-31 10:13 - 00274784 _____ C:\Windows\Minidump\073113-28969-01.dmp
2013-07-31 10:13 - 2012-01-20 19:54 - 00000000 ____D C:\Windows\Minidump
2013-07-31 09:41 - 2013-07-31 09:41 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00000000 ____D C:\Program Files\Java
2013-07-31 09:40 - 2013-07-31 09:39 - 33150376 _____ (Oracle Corporation) C:\Users\Sigrid\Desktop\jre-7u25-windows-x64.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-31 09:37 - 2013-07-31 09:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-31 09:37 - 2012-06-07 08:33 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-31 09:37 - 2011-10-31 18:16 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-28 07:05 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Sigrid\AppData\Local\Temp\AMPing.exe
C:\Users\Sigrid\AppData\Local\Temp\bdfilters.dll
C:\Users\Sigrid\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Sigrid\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Sigrid\AppData\Local\Temp\LyricsContainertmp.exe
C:\Users\Sigrid\AppData\Local\Temp\SeeSimilarSetup.exe
C:\Users\Sigrid\AppData\Local\Temp\_is1AA2.exe
C:\Users\Sigrid\AppData\Local\Temp\{D6324573-C889-4632-8CF4-089ACB9A27EA}\ISSetup.dll
C:\Users\Sigrid\AppData\Local\Temp\{D6324573-C889-4632-8CF4-089ACB9A27EA}\_Setup.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\CbsProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\CompatProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismCore.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismCorePS.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismHost.exe
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismProv.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DmiProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\FolderProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\IntlProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\LogProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\MsiProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\OSProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\SmiProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\TransmogProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\UnattendProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\wdscore.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\WimProvider.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 15:19

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---





Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 01
Ran by Sigrid at 2013-08-27 06:50:20
Running from C:\Users\Sigrid\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2PSJWHG
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)
ACDSee 3.1 (SR-1) Standard (x32 Version: 3.1.1)
Acer Arcade Deluxe (x32 Version: 3.2.6929)
Acer Backup Manager (x32 Version: 2.0.2.19)
Acer eRecovery Management (x32 Version: 4.05.3005)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0812)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Advertising Center (x32 Version: 0.0.0.2)
Alice Greenfingers (x32)
Amazonia (x32)
AMD DnD V1.0.19 (x32 Version: 1.0.19)
Amun Rising 1.06.07.1  (x32 Version: 1.06.07.1)
ATI AVIVO64 Codecs (Version: 10.11.0.41019)
ATI Catalyst Install Manager (Version: 3.0.750.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
AVM FRITZ!DSL (x32 Version: 2.04.02)
AVM FRITZ!WLAN (x32)
Backup Manager Advance (x32 Version: 2.0.2.19)
Bandicam (x32 Version: 1.8.9.371)
Bandisoft MPEG-1 Decoder (x32)
BDE - Borland Database Engine (x32 Version: )
Benutzerhandbuch - Grundlagen EPSON SX430 Series (x32)
Benutzerhandbuch EPSON SX430 Series (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Light (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center InstallProxy (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Localization All (x32 Version: 2009.1019.2131.36819)
CCC Help Chinese Standard (x32 Version: 2009.1019.2130.36819)
CCC Help Chinese Traditional (x32 Version: 2009.1019.2130.36819)
CCC Help Czech (x32 Version: 2009.1019.2130.36819)
CCC Help Danish (x32 Version: 2009.1019.2130.36819)
CCC Help Dutch (x32 Version: 2009.1019.2130.36819)
CCC Help English (x32 Version: 2009.1019.2130.36819)
CCC Help Finnish (x32 Version: 2009.1019.2130.36819)
CCC Help French (x32 Version: 2009.1019.2130.36819)
CCC Help German (x32 Version: 2009.1019.2130.36819)
CCC Help Greek (x32 Version: 2009.1019.2130.36819)
CCC Help Hungarian (x32 Version: 2009.1019.2130.36819)
CCC Help Italian (x32 Version: 2009.1019.2130.36819)
CCC Help Japanese (x32 Version: 2009.1019.2130.36819)
CCC Help Korean (x32 Version: 2009.1019.2130.36819)
CCC Help Norwegian (x32 Version: 2009.1019.2130.36819)
CCC Help Polish (x32 Version: 2009.1019.2130.36819)
CCC Help Portuguese (x32 Version: 2009.1019.2130.36819)
CCC Help Russian (x32 Version: 2009.1019.2130.36819)
CCC Help Spanish (x32 Version: 2009.1019.2130.36819)
CCC Help Swedish (x32 Version: 2009.1019.2130.36819)
CCC Help Thai (x32 Version: 2009.1019.2130.36819)
CCC Help Turkish (x32 Version: 2009.1019.2130.36819)
ccc-core-static (x32 Version: 2009.1019.2131.36819)
ccc-utility64 (Version: 2009.1019.2131.36819)
Chicken Invaders 2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ContentSAFER for Wizmax (x32)
ConvertHelper 2.2 (x32)
Dairy Dash (x32)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Elevated Installer (x32 Version: 2.2.14)
EmoDio (x32 Version: 1.0)
Epson Easy Photo Print 2 (x32 Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 2.50.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.5.00)
eSobi v2 (x32 Version: 2.0.4.000274)
Farm Frenzy 2 (x32)
First Class Flurry (x32)
Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Garmin Express (x32 Version: 2.2.14)
Garmin Express Tray (x32 Version: 2.2.14)
Garmin Update Service (x32 Version: 2.2.14)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Hotkey Utility (x32 Version: 1.00.3004)
Identity Card (x32 Version: 1.00.3002)
ImagXpress (x32 Version: 7.0.74.0)
IncrediMail (x32 Version: 6.2.9.5203)
IncrediMail 2.0 (x32 Version: 6.2.9.5203)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
king.com (remove only) (x32)
Lightscreen (x32)
Logitech Vid (x32 Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
LSI PCI-SV92PP Soft Modem (Version: 2.2.95)
Luxor 2 1.12m  (x32 Version: 1.12m)
Marvell Miniport Driver (x32 Version: 10.70.3.3)
Merriam Websters Spell Jam (x32)
MFC RunTime files (x32 Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (x32)
MyWinLocker (x32 Version: 3.1.76.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.11.208)
Nero StartSmart OEM (x32 Version: 9.16.0.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Netzwerkhandbuch EPSON SX430 Series (x32)
NVIDIA Drivers (Version: 1.7)
ON SX430 Series Printer Uninstall
PDF24 Creator 4.1.2 (x32)
PENTAX USB DISK Device (x32 Version: 1.02.0000)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009)
PhotoMail Maker (x32 Version: 6.0.0.1007)
PhotoScape (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 8 (x32 Version: 8.0.16642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visitenkarten, Briefbögen & Faxvorlagen (x32)
VLC media player 1.1.3 (x32 Version: 1.1.3)
Web Assistant version 2.0.0.611 (Version: 2.0.0.611)
Welcome Center (x32 Version: 1.00.3008)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinPcap 4.1.1 (x32 Version: 4.1.0.1753)
WinZip 11.1 (x32 Version: 11.3.8261)

==================== Restore Points  =========================

21-08-2013 09:33:25 Wiederherstellungsvorgang
21-08-2013 12:21:20 Windows Update
26-08-2013 06:58:37 Wiederherstellungsvorgang
26-08-2013 08:33:15 Windows Update
26-08-2013 12:19:15 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1B9B6D19-9ABD-4124-9166-ACBCF72174F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {5E7F64C4-E444-48F9-AEFF-26E20EDFD96F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {80162438-2F53-48A6-9970-8B48208AD39A} - System32\Tasks\{BD85B5A6-D861-4C48-BC3D-3A7989DBD4B3} => C:\Program Files (x86)\Skype\Phone\Skype.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2013 03:31:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/26/2013 03:31:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/26/2013 03:31:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/26/2013 03:31:23 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (08/26/2013 03:30:47 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1". Fehler in Manifest- oder Richtliniendatei "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" in Zeile  WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.

Error: (08/26/2013 03:30:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (08/26/2013 02:38:04 PM) (Source: System Restore) (User: )
Description: Unbekannter Fehler bei der Systemwiederherstellung: (Wiederherstellungsvorgang). Zusätzliche Informationen: 0x8000ffff.

Error: (08/26/2013 02:26:42 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Engine wurde verändert oder zerstört!
Fehlercode: 0x9

Error: (08/26/2013 11:20:41 AM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Engine wurde verändert oder zerstört!
Fehlercode: 0x9

Error: (08/26/2013 09:05:49 AM) (Source: Avira Antivirus) (User: NT-AUTORITÄT)
Description: Die Engine wurde verändert oder zerstört!
Fehlercode: 0x9


System errors:
=============
Error: (08/26/2013 02:26:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306.

Error: (08/26/2013 11:20:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306.

Error: (08/26/2013 09:05:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306.

Error: (08/26/2013 08:25:38 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/26/2013 08:25:38 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (08/25/2013 04:27:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/25/2013 04:27:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (08/22/2013 02:51:02 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Garmin Core Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053

Error: (08/22/2013 02:51:02 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Garmin Core Update Service erreicht.

Error: (08/22/2013 02:50:42 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.


Microsoft Office Sessions:
=========================
Error: (08/26/2013 03:31:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe

Error: (08/26/2013 03:31:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe

Error: (08/26/2013 03:31:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe

Error: (08/26/2013 03:31:23 PM) (Source: SideBySide)(User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe

Error: (08/26/2013 03:30:47 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (08/26/2013 03:30:15 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3

Error: (08/26/2013 02:38:04 PM) (Source: System Restore)(User: )
Description: Wiederherstellungsvorgang0x8000ffff

Error: (08/26/2013 02:26:42 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x9

Error: (08/26/2013 11:20:41 AM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x9

Error: (08/26/2013 09:05:49 AM) (Source: Avira Antivirus)(User: NT-AUTORITÄT)
Description: 0x9


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 5871.88 MB
Available physical RAM: 3617.83 MB
Total Pagefile: 11741.93 MB
Available Pagefile: 9337.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:290.95 GB) (Free:225.02 GB) NTFS
Drive d: (DATA) (Fixed) (Total:291 GB) (Free:290.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 9095291E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Hoffe das ich alles richtig gemacht habe.
Gruß Sigrid

cosinus 27.08.2013 11:46
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


hauskran 27.08.2013 11:52
Was meinst du damit.?

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Soll ich mein Avira deaktivieren?

cosinus 27.08.2013 12:00
Ja genau das sollst du tun

hauskran 27.08.2013 12:41
Code:
# AdwCleaner v3.001 - Report created 27/08/2013 at 13:13:29
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Sigrid - SIGRID-PC
# Running from : C:\Users\Sigrid\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Web Assistant

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Iminent
Folder Deleted : C:\Program Files (x86)\Search Settings
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Users\Sigrid\AppData\Local\Smartbar
Folder Deleted : C:\Users\Sigrid\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Sigrid\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Sigrid\AppData\LocalLow\IncrediMail_MediaBar_2
Folder Deleted : C:\Users\Sigrid\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Sigrid\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Desktopicon
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Iminent
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Conduit
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\ConduitEngine
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\r74y5ue3.default-1372489467664\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Deleted : C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
File Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\r74y5ue3.default-1372489467664\Extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\r74y5ue3.default-1372489467664\Extensions\webbooster@iminent.com.xpi
File Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\user.js
File Deleted : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\r74y5ue3.default-1372489467664\user.js
File Deleted : C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader55984_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader55984_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader71282[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader71282[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-free-antivirus-2013_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_avira-free-antivirus-2013_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-hide-ip[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-hide-ip[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hypercam[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_hypercam[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vdownloader_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_vdownloader_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Key Deleted : HKCU\Software\AppDataLow\Software\LyricsContainer
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v22.0 (de)

[ File : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\prefs.js ]

Line Deleted : user_pref("CT2724386..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2724386..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2724386..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2724386.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2724386.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129626311033612748", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129723003199914047", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129847484448267081", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129851872283658385", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_129904362619180486", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_130040907554784951", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_1366729482000", true);
Line Deleted : user_pref("CT2724386.BrowserCompStateIsOpen_1367226373000", true);
Line Deleted : user_pref("CT2724386.CT2724407.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CT2724431.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CT2727162.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CT2727622.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CT2727646.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CT2727678.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CT2727750.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CTID", "ct2724407");
Line Deleted : user_pref("CT2724386.CommunitiesChangesLastCheckTime", "Wed Apr 25 2012 23:13:48 GMT+0200");
Line Deleted : user_pref("CT2724386.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingRequest.ctp?type=ToolbarsInfo&ctids=CT2724407,CT2724431,CT2727162,CT2727622,CT2727646,CT2727678,CT2727750[...]
Line Deleted : user_pref("CT2724386.CommunityChanged", true);
Line Deleted : user_pref("CT2724386.CurrentServerDate", "26-8-2013");
Line Deleted : user_pref("CT2724386.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2724386.DialogsGetterLastCheckTime", "Sat Aug 24 2013 07:29:01 GMT+0200");
Line Deleted : user_pref("CT2724386.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2724386.FirstServerDate", "26-2-2011");
Line Deleted : user_pref("CT2724386.FirstTime", true);
Line Deleted : user_pref("CT2724386.FirstTimeFF3", true);
Line Deleted : user_pref("CT2724386.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2724386.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2724386.GroupingLastCheckTime", "Wed Apr 25 2012 23:13:48 GMT+0200");
Line Deleted : user_pref("CT2724386.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT2724386.GroupingLastResponse", false);
Line Deleted : user_pref("CT2724386.GroupingLastServerUpdateTime", "129428537538270000");
Line Deleted : user_pref("CT2724386.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2724386.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2724386.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2724386.Initialize", true);
Line Deleted : user_pref("CT2724386.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2724386.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2724386.InstallationId", "IncrediMail_MediaBar_2.exe");
Line Deleted : user_pref("CT2724386.InstallationType", "ConduitIntegration");
Line Deleted : user_pref("CT2724386.InstalledDate", "Sat Feb 26 2011 08:43:57 GMT+0100");
Line Deleted : user_pref("CT2724386.InvalidateCache", false);
Line Deleted : user_pref("CT2724386.IsGrouping", false);
Line Deleted : user_pref("CT2724386.IsMulticommunity", false);
Line Deleted : user_pref("CT2724386.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2724386.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2724386.LanguagePackLastCheckTime", "Sat Feb 26 2011 08:43:59 GMT+0100");
Line Deleted : user_pref("CT2724386.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2724386.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2724386.LastLogin_2.7.2.0", "Sun Feb 27 2011 00:15:55 GMT+0100");
Line Deleted : user_pref("CT2724386.LastLogin_3.12.2.3", "Fri Jun 01 2012 20:56:28 GMT+0200");
Line Deleted : user_pref("CT2724386.LastLogin_3.13.0.6", "Tue Jul 17 2012 13:26:28 GMT+0200");
Line Deleted : user_pref("CT2724386.LastLogin_3.14.1.0", "Thu Aug 23 2012 11:29:26 GMT+0200");
Line Deleted : user_pref("CT2724386.LastLogin_3.15.1.0", "Wed Mar 06 2013 09:40:34 GMT+0100");
Line Deleted : user_pref("CT2724386.LastLogin_3.18.0.7", "Mon Jul 15 2013 20:46:49 GMT+0200");
Line Deleted : user_pref("CT2724386.LastLogin_3.19.0.3", "Mon Aug 26 2013 08:31:09 GMT+0200");
Line Deleted : user_pref("CT2724386.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT2724386.Locale", "en");
Line Deleted : user_pref("CT2724386.LoginCache", 4);
Line Deleted : user_pref("CT2724386.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2724386.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2724386.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2724386.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2724386.RadioIsPodcast", false);
Line Deleted : user_pref("CT2724386.RadioLastCheckTime", "Sat Feb 26 2011 08:43:58 GMT+0100");
Line Deleted : user_pref("CT2724386.RadioLastUpdateIPServer", "0");
Line Deleted : user_pref("CT2724386.RadioMediaID", "21080119");
Line Deleted : user_pref("CT2724386.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2724386.RadioMenuSelectedID", "EBRadioMenu_CT272438621080119");
Line Deleted : user_pref("CT2724386.RadioStationName", "Royal-Radio%20");
Line Deleted : user_pref("CT2724386.RadioStationURL", "");
Line Deleted : user_pref("CT2724386.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2724386&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2724386.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2724386.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q=");
Line Deleted : user_pref("CT2724386.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2724386.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2724386.SearchInNewTabLastCheckTime", "Sat Feb 26 2011 08:43:59 GMT+0100");
Line Deleted : user_pref("CT2724386.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2724386.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2724386.SearchProtectorToolbarDisabled", true);
Line Deleted : user_pref("CT2724386.ServiceMapLastCheckTime", "Mon Aug 26 2013 08:31:06 GMT+0200");
Line Deleted : user_pref("CT2724386.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2724386.SettingsLastCheckTime", "Sat Feb 26 2011 08:43:57 GMT+0100");
Line Deleted : user_pref("CT2724386.SettingsLastUpdate", "1298372953");
Line Deleted : user_pref("CT2724386.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2724386.ThirdPartyComponentsLastCheck", "Sat Feb 26 2011 08:43:57 GMT+0100");
Line Deleted : user_pref("CT2724386.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2724386.ToolbarDisabled", true);
Line Deleted : user_pref("CT2724386.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2724386.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2724386");
Line Deleted : user_pref("CT2724386.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2724386.UserID", "UN44288507094877940");
Line Deleted : user_pref("CT2724386.ValidationData_Toolbar", 0);
Line Deleted : user_pref("CT2724386.WeatherNetwork", "");
Line Deleted : user_pref("CT2724386.WeatherPollDate", "Sun Feb 27 2011 00:15:56 GMT+0100");
Line Deleted : user_pref("CT2724386.WeatherUnit", "C");
Line Deleted : user_pref("CT2724386.alertChannelId", "1116652");
Line Deleted : user_pref("CT2724386.clientLogIsEnabled", true);
Line Deleted : user_pref("CT2724386.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2724386.ct2724407.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2724386.ct2724407.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2724386.ct2724407.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT2724386.ct2724407.GroupingLastCheckTime", "Wed Apr 25 2012 23:13:48 GMT+0200");
Line Deleted : user_pref("CT2724386.ct2724407.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT2724386.ct2724407.GroupingLastResponse", false);
Line Deleted : user_pref("CT2724386.ct2724407.GroupingLastServerUpdateTime", "129428749243100000");
Line Deleted : user_pref("CT2724386.ct2724407.InvalidateCache", false);
Line Deleted : user_pref("CT2724386.ct2724407.LanguagePackLastCheckTime", "Mon Aug 26 2013 08:31:09 GMT+0200");
Line Deleted : user_pref("CT2724386.ct2724407.Locale", "de");
Line Deleted : user_pref("CT2724386.ct2724407.RadioLastCheckTime", "Sat Feb 26 2011 08:43:58 GMT+0100");
Line Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2724386.ct2724407.RadioLastUpdateServer", "129249047784100000");
Line Deleted : user_pref("CT2724386.ct2724407.SearchEngine", "Suchen||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2724407&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2724386.ct2724407.SearchInNewTabLastCheckTime", "Mon Aug 26 2013 08:31:07 GMT+0200");
Line Deleted : user_pref("CT2724386.ct2724407.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2724386.ct2724407.SettingsLastCheckTime", "Mon Aug 26 2013 08:31:06 GMT+0200");
Line Deleted : user_pref("CT2724386.ct2724407.SettingsLastUpdate", "1377486721");
Line Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastCheck", "Sat Feb 26 2011 08:43:57 GMT+0100");
Line Deleted : user_pref("CT2724386.ct2724407.ThirdPartyComponentsLastUpdate", "1255348257");
Line Deleted : user_pref("CT2724386.ct2724407.toolbarAppMetaDataLastCheckTime", "Mon Aug 26 2013 08:31:09 GMT+0200");
Line Deleted : user_pref("CT2724386.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2724386.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2724386.initDone", true);
Line Deleted : user_pref("CT2724386.myStuffEnabled", true);
Line Deleted : user_pref("CT2724386.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2724386.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2724386.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2724386.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2724386.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2724386.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2724386.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2724386.testingCtid", "");
Line Deleted : user_pref("CT2724386.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2724386.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2724407/CT2724386", "\"604125ae99b947dc64903f7c84a8ab8f3\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2724407", "\"1367226872\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"803651ba7facb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.5.1", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"97e416bb586ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2724386", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"f9fa8a8e42cd88c8ac04338185306727\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2724386,ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2724386");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon May 30 2011 14:01:46 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jul 15 2011 18:30:50 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "1934532e-1b04-425e-ac9c-127cd65c85b0");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Feb 26 2011 08:43:58 GMT+0100");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "8e19dcac-d900-42cc-b648-c89400dba742");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Jul 15 2011 19:00:52 GMT+0200");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "05/30/2011 15");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Mon May 30 2011 14:01:45 GMT+0200");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.UserID", "UN04513357280686048");
Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Deleted : user_pref("ConduitEngine.engineLocale", "de");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Fri Jul 15 2011 18:30:34 GMT+0200");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{8E9E3331-D360-4f87-8803-52DE43566502}\":{\"descriptor\":\"C:\\\\Program Files\\\\Web Assistant\\\\Firefox\",\"mtim[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]

[ File : C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\r74y5ue3.default-1372489467664\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Sigrid\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [28930 octets] - [27/08/2013 13:06:58]
AdwCleaner[R1].txt - [28921 octets] - [27/08/2013 13:13:09]
AdwCleaner[S0].txt - [29064 octets] - [27/08/2013 13:13:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [29125 octets] ##########
Code:
A~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Sigrid on 27.08.2013 at 13:30:51,61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.08.2013 at 13:34:42,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01
Ran by Sigrid (administrator) on 27-08-2013 13:38:05
Running from C:\Users\Sigrid\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHAE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Program Files (x86)\FRITZ!DSL\StCenter.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
(AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
(ACD Systems, Ltd.) C:\Program Files (x86)\ACD Systems\DevDetect\DevDetect.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(SAMSUNG ELECTRONICS) C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
() C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKCU\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAE.EXE [283232 2012-10-31] (SEIKO EPSON CORPORATION)
HKCU\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-06-21] (Garmin Ltd or its subsidiaries)
MountPoints2: {2fc90b86-4d6d-11e1-b4ee-001c4af2c242} - F:\setup.exe -a
MountPoints2: {b96e3044-6c9c-11df-ad7b-806e6f6e6963} - E:\SETUP.EXE /AUTORUN
MountPoints2: {dd7a2bad-b138-11df-a743-90fba6e1659a} - G:\pushinst.exe
MountPoints2: {dd7a2bb0-b138-11df-a743-90fba6e1659a} - K:\pushinst.exe
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [EgisTecLiveUpdate] - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [1794048 2008-10-28] (AVM Berlin)
HKLM-x32\...\Run: [Camera Detector] - C:\PROGRA~2\ACDSYS~1\DEVDET~1\DEVDET~1.EXE [208896 2002-12-18] (ACD Systems, Ltd.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [SMSTray] - C:\Program Files (x86)\Samsung\EmoDio\SMSTray.exe [484888 2009-03-21] (SAMSUNG ELECTRONICS)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [220744 2011-12-16] (Geek Software GmbH)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [162336 2009-07-22] ()
Startup: C:\Users\Sigrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk
ShortcutTarget: FRITZ!DSL Protect.lnk -> C:\Program Files (x86)\FRITZ!DSL\FwebProt.exe (AVM Berlin)
Startup: C:\Users\Sigrid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Program Files (x86)\FRITZ!DSL\StCenter.exe (AVM Berlin)

==================== Internet (Whitelisted) ====================

ProxyServer: 178.217.14.33:9090
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3203&r=17360810z516pe4g5v135w46n1t73q
URLSearchHook: (No Name) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} -  No File
URLSearchHook: (No Name) - {238d4b4c-d63c-42a7-b6d8-dc96c8c0f5b9} -  No File
SearchScopes: HKCU - {2BFF74D9-71F7-42B1-9C29-417A6BD92012} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=867034&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKCU - No Name - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} -  No File
Toolbar: HKCU - No Name - {238D4B4C-D63C-42A7-B6D8-DC96C8C0F5B9} -  No File
Handler: msdaipp - No CLSID Value -
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msdaipp - No CLSID Value -
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Winsock: Catalog5 07 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 14 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.Google.de
FF Keyword.URL: hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=867034&p=
FF NetworkProxy: "backup.ftp", "178.217.14.33"
FF NetworkProxy: "backup.ftp_port", 9090
FF NetworkProxy: "backup.gopher", "188.94.228.46"
FF NetworkProxy: "backup.gopher_port", 80
FF NetworkProxy: "backup.socks", "178.217.14.33"
FF NetworkProxy: "backup.socks_port", 9090
FF NetworkProxy: "backup.ssl", "178.217.14.33"
FF NetworkProxy: "backup.ssl_port", 9090
FF NetworkProxy: "ftp", "178.217.14.33"
FF NetworkProxy: "ftp_port", 9090
FF NetworkProxy: "gopher", "188.94.228.46"
FF NetworkProxy: "gopher_port", 80
FF NetworkProxy: "http", "178.217.14.33"
FF NetworkProxy: "http_port", 9090
FF NetworkProxy: "no_proxies_on", "localhost,127.0.0.1"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "178.217.14.33"
FF NetworkProxy: "socks_port", 9090
FF NetworkProxy: "ssl", "178.217.14.33"
FF NetworkProxy: "ssl_port", 9090
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\Sigrid\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Garmin Communicator - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: DownloadHelper - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Sigrid\AppData\Roaming\Mozilla\Firefox\Profiles\qyurwghw.default\Extensions\{e798194d-0d55-e397-a59b-ad2c3b2591ae}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage:                "homepage":        "hxxp://start.iminent.com/?appId=E48A8E4D-E32D-49C4-85CA-54F39671A82B",
CHR RestoreOnStartup: "hxxp://start.iminent.com/?appId=E48A8E4D-E32D-49C4-85CA-54F39671A82B"

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [364544 2008-10-28] (AVM Berlin)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219992 2013-06-21] (Garmin Ltd or its subsidiaries)
R2 IGDCTRL; C:\Program Files (x86)\FRITZ!DSL\IGDCTRL.EXE [87344 2007-09-04] (AVM Berlin)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 yksvc; C:\Windows\System32\yk62x64.dll [496128 2009-09-28] (Marvell)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-03-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-30] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2008-10-28] (AVM Berlin)
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2008-10-28] (AVM GmbH)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [47632 2010-01-27] (CACE Technologies, Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 cpuz132; \??\C:\Users\Sigrid\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-27 13:34 - 2013-08-27 13:34 - 00000626 _____ C:\Users\Sigrid\Desktop\JRT.txt
2013-08-27 13:25 - 2013-08-27 13:25 - 00000000 ____D C:\Windows\ERUNT
2013-08-27 13:22 - 2013-08-27 13:22 - 01021434 _____ (Thisisu) C:\Users\Sigrid\Desktop\JRT.exe
2013-08-27 13:17 - 2013-08-27 13:17 - 00029234 _____ C:\Users\Sigrid\Desktop\AdwCleaner[S0].txt
2013-08-27 13:11 - 2013-08-27 13:11 - 00994642 _____ C:\Users\Sigrid\Desktop\adwcleaner.exe
2013-08-27 12:54 - 2013-08-27 13:13 - 00000000 ____D C:\AdwCleaner
2013-08-27 06:49 - 2013-08-27 06:49 - 00000000 ____D C:\FRST
2013-08-26 15:59 - 2013-08-27 07:35 - 00000000 ____D C:\Users\Sigrid\Desktop\PC
2013-08-26 12:09 - 2013-08-26 12:09 - 00000000 _____ C:\Users\Sigrid\defogger_reenable
2013-08-21 14:27 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-21 14:27 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-21 14:27 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-21 14:27 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-21 14:27 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-21 14:27 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-21 14:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-21 14:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-21 14:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-21 14:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-21 14:27 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-21 14:27 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-21 14:27 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-21 14:27 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-21 11:47 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-21 11:47 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-21 11:47 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-21 11:47 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-21 11:47 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-21 11:47 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-21 11:47 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-21 11:47 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-21 11:47 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-21 11:47 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-21 11:47 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-21 11:47 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-21 11:47 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-21 11:47 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-21 11:46 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-21 11:46 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 07:41 - 2013-08-26 10:35 - 00000000 ____D C:\Windows\system32\MRT
2013-07-31 19:28 - 2013-08-27 13:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-31 19:28 - 2013-07-31 19:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 10:13 - 2013-07-31 10:13 - 464292448 _____ C:\Windows\MEMORY.DMP
2013-07-31 10:13 - 2013-07-31 10:13 - 00274784 _____ C:\Windows\Minidump\073113-28969-01.dmp
2013-07-31 09:41 - 2013-07-31 09:41 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00000000 ____D C:\Program Files\Java
2013-07-31 09:39 - 2013-07-31 09:40 - 33150376 _____ (Oracle Corporation) C:\Users\Sigrid\Desktop\jre-7u25-windows-x64.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-31 09:37 - 2013-07-31 09:37 - 00000000 ____D C:\Program Files (x86)\Java

==================== One Month Modified Files and Folders =======

2013-08-27 13:37 - 2013-08-27 13:37 - 01578852 _____ (Farbar) C:\Users\Sigrid\Downloads\FRST64.exe
2013-08-27 13:34 - 2013-08-27 13:34 - 00000626 _____ C:\Users\Sigrid\Desktop\JRT.txt
2013-08-27 13:32 - 2013-07-31 19:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-27 13:25 - 2013-08-27 13:25 - 00000000 ____D C:\Windows\ERUNT
2013-08-27 13:23 - 2010-08-26 21:43 - 00000000 ____D C:\Users\Sigrid\AppData\Roaming\FRITZ!
2013-08-27 13:23 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-27 13:23 - 2009-07-14 06:45 - 00009696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-27 13:22 - 2013-08-27 13:22 - 01021434 _____ (Thisisu) C:\Users\Sigrid\Desktop\JRT.exe
2013-08-27 13:17 - 2013-08-27 13:17 - 00029234 _____ C:\Users\Sigrid\Desktop\AdwCleaner[S0].txt
2013-08-27 13:15 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-27 13:14 - 2013-07-25 15:46 - 00004200 _____ C:\Windows\setupact.log
2013-08-27 13:14 - 2009-10-12 13:56 - 02108174 _____ C:\Windows\PFRO.log
2013-08-27 13:13 - 2013-08-27 12:54 - 00000000 ____D C:\AdwCleaner
2013-08-27 13:13 - 2010-05-31 12:13 - 02024703 _____ C:\Windows\WindowsUpdate.log
2013-08-27 13:11 - 2013-08-27 13:11 - 00994642 _____ C:\Users\Sigrid\Desktop\adwcleaner.exe
2013-08-27 12:56 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-27 07:35 - 2013-08-26 15:59 - 00000000 ____D C:\Users\Sigrid\Desktop\PC
2013-08-27 06:49 - 2013-08-27 06:49 - 00000000 ____D C:\FRST
2013-08-26 14:47 - 2010-08-26 20:50 - 00000000 ____D C:\Users\Sigrid
2013-08-26 14:44 - 2013-07-14 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-26 14:44 - 2012-12-28 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-26 14:44 - 2010-08-27 10:08 - 00000000 ____D C:\Users\Sigrid\AppData\Roaming\vlc
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\servicing
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-26 14:44 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-08-26 14:41 - 2010-08-26 20:59 - 00000000 ____D C:\Users\Sigrid\AppData\Local\Google
2013-08-26 12:09 - 2013-08-26 12:09 - 00000000 _____ C:\Users\Sigrid\defogger_reenable
2013-08-26 10:35 - 2013-08-14 07:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-21 14:25 - 2010-05-13 03:29 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-08-21 14:25 - 2010-05-13 03:29 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-08-21 14:25 - 2009-07-14 07:13 - 01519798 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 14:22 - 2010-08-27 09:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-21 14:22 - 2009-07-14 04:34 - 00000531 _____ C:\Windows\win.ini
2013-08-11 15:10 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-31 19:28 - 2013-07-31 19:28 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-31 19:28 - 2012-05-20 23:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-31 19:28 - 2011-05-20 05:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-31 19:27 - 2010-08-29 08:34 - 00000000 ____D C:\Users\Sigrid\AppData\Local\Adobe
2013-07-31 11:42 - 2010-08-27 17:53 - 00000000 ___RD C:\Users\Sigrid\Desktop\Verknüpfungen
2013-07-31 10:19 - 2013-07-22 08:23 - 00000000 ____D C:\Users\Sigrid\Documents\Bandicam
2013-07-31 10:13 - 2013-07-31 10:13 - 464292448 _____ C:\Windows\MEMORY.DMP
2013-07-31 10:13 - 2013-07-31 10:13 - 00274784 _____ C:\Windows\Minidump\073113-28969-01.dmp
2013-07-31 10:13 - 2012-01-20 19:54 - 00000000 ____D C:\Windows\Minidump
2013-07-31 09:41 - 2013-07-31 09:41 - 01093032 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00972712 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00312232 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00188840 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-31 09:41 - 2013-07-31 09:41 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-07-31 09:41 - 2013-07-31 09:41 - 00000000 ____D C:\Program Files\Java
2013-07-31 09:40 - 2013-07-31 09:39 - 33150376 _____ (Oracle Corporation) C:\Users\Sigrid\Desktop\jre-7u25-windows-x64.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-07-31 09:37 - 2013-07-31 09:37 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-07-31 09:37 - 2013-07-31 09:37 - 00000000 ____D C:\Program Files (x86)\Java
2013-07-31 09:37 - 2012-06-07 08:33 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-07-31 09:37 - 2011-10-31 18:16 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-07-28 07:05 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT

Files to move or delete:
====================
C:\Users\Sigrid\AppData\Local\Temp\AMPing.exe
C:\Users\Sigrid\AppData\Local\Temp\bdfilters.dll
C:\Users\Sigrid\AppData\Local\Temp\InstallManager_BAB_BAB.exe
C:\Users\Sigrid\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Sigrid\AppData\Local\Temp\LyricsContainertmp.exe
C:\Users\Sigrid\AppData\Local\Temp\Quarantine.exe
C:\Users\Sigrid\AppData\Local\Temp\SeeSimilarSetup.exe
C:\Users\Sigrid\AppData\Local\Temp\_is1AA2.exe
C:\Users\Sigrid\AppData\Local\Temp\{D6324573-C889-4632-8CF4-089ACB9A27EA}\ISSetup.dll
C:\Users\Sigrid\AppData\Local\Temp\{D6324573-C889-4632-8CF4-089ACB9A27EA}\_Setup.dll
C:\Users\Sigrid\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\CbsProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\CompatProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismCore.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismCorePS.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismHost.exe
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DismProv.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\DmiProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\FolderProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\IntlProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\LogProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\MsiProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\OSProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\SmiProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\TransmogProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\UnattendProvider.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\wdscore.dll
C:\Users\Sigrid\AppData\Local\Temp\2CFE03AE-B1BA-4C20-BCD9-CB74B3572AA7\WimProvider.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 15:19

==================== End Of Log ============================
--- --- ---

cosinus 27.08.2013 12:50
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


hauskran 27.08.2013 13:20
Bei Malwarebytes wird werden mir 5 Punkte angezeigt. Außerdem steht dort

Suchlauf:
Hier befindet sich die Liste der bösartigen Programme, die auf Ihrem System gefunden wurden. Schließen Sie alle offenen Programme, um eine erfolgreiche Entfernung dieser Schädlinge zu gewährleisten.


Die Liste kann ich aber nicht kopieren, was soll ich tun?

und wie deaktiviere ich Firewall ?

cosinus 27.08.2013 15:41
Es wird doch in der Anleitung ausführlichst erwähnt wie du an das Log kommst und dieses postest. Warum hast du die Anleitung nicht gelesen?

Und wenn es um die Windows-Firewall geht, die lässt du bitte an.

hauskran 27.08.2013 18:17
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3a19d0e08a3fca489d4609065d5a4cb5
# engine=14920
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-27 05:10:30
# local_time=2013-08-27 07:10:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 22953 243046720 15732 0
# compatibility_mode=5893 16776574 100 94 3983832 129253280 0 0
# scanned=218826
# found=1
# cleaned=0
# scan_time=4459
sh=FBA1BDBC8E5E088115C431B48D35990E927B7947 ft=1 fh=78aea811087be60b vn="multiple threats" ac=I fn="C:\Users\Sigrid\AppData\Local\Temp\LyricsContainertmp.exe"

Was ist mit MBAM-log? Soll ich das auch hier posten?
Sorry das ich so dumm frage, bin halt kein Fachmann und bin froh das mir hier so geholfen wird.
Die lästige Werbung und die unterstrichenen Wörter im Internet sind schon verschwunden.
Dafür schon mal ein DANKESCHÖN, auch mit der Geduld, die du mit mir hast DANKESCHÖN!

cosinus 27.08.2013 20:04
Ja das MBAM Log soll gepostet werden

hauskran 28.08.2013 05:55
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Sigrid :: SIGRID-PC [Administrator]

Schutz: Aktiviert

27.08.2013 17:46:17
MBAM-log-2013-08-27 (17-48-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 220097
Laufzeit: 2 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F225A2E3-8EE1-4204-B7A0-F4C551578A87} (PUP.Optional.SeeSimilar) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Sigrid\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 3
C:\Users\Sigrid\AppData\Local\Temp\LyricsContainertmp.exe (PUP.Optional.LyricsAd) -> Keine Aktion durchgeführt.
C:\Users\Sigrid\AppData\Local\Temp\SeeSimilarSetup.exe (PUP.Optional.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\Sigrid\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\empty.localstorage (PUP.Optional.Iminent.A) -> Keine Aktion durchgeführt.

(Ende)

frische FRST Addition hatte ich auch nicht gepostet, hole ich hiermit noch nach

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2013
Ran by Sigrid at 2013-08-28 06:45:15
Running from C:\Users\Sigrid\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212)
ACDSee 3.1 (SR-1) Standard (x32 Version: 3.1.1)
Acer Arcade Deluxe (x32 Version: 3.2.6929)
Acer Backup Manager (x32 Version: 2.0.2.19)
Acer eRecovery Management (x32 Version: 4.05.3005)
Acer GameZone Console (x32 Version: 5.1.0.2)
Acer Registration (x32 Version: 1.02.3006)
Acer ScreenSaver (x32 Version: 1.1.0812)
Acer Updater (x32 Version: 1.01.3017)
Acrobat.com (x32 Version: 1.6.65)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Advertising Center (x32 Version: 0.0.0.2)
Alice Greenfingers (x32)
Amazonia (x32)
AMD DnD V1.0.19 (x32 Version: 1.0.19)
Amun Rising 1.06.07.1  (x32 Version: 1.06.07.1)
ATI AVIVO64 Codecs (Version: 10.11.0.41019)
ATI Catalyst Install Manager (Version: 3.0.750.0)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
AVM FRITZ!DSL (x32 Version: 2.04.02)
AVM FRITZ!WLAN (x32)
Backup Manager Advance (x32 Version: 2.0.2.19)
Bandicam (x32 Version: 1.8.9.371)
Bandisoft MPEG-1 Decoder (x32)
BDE - Borland Database Engine (x32 Version: )
Benutzerhandbuch - Grundlagen EPSON SX430 Series (x32)
Benutzerhandbuch EPSON SX430 Series (x32)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Full New (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Light (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center InstallProxy (x32 Version: 2009.1019.2131.36819)
Catalyst Control Center Localization All (x32 Version: 2009.1019.2131.36819)
CCC Help Chinese Standard (x32 Version: 2009.1019.2130.36819)
CCC Help Chinese Traditional (x32 Version: 2009.1019.2130.36819)
CCC Help Czech (x32 Version: 2009.1019.2130.36819)
CCC Help Danish (x32 Version: 2009.1019.2130.36819)
CCC Help Dutch (x32 Version: 2009.1019.2130.36819)
CCC Help English (x32 Version: 2009.1019.2130.36819)
CCC Help Finnish (x32 Version: 2009.1019.2130.36819)
CCC Help French (x32 Version: 2009.1019.2130.36819)
CCC Help German (x32 Version: 2009.1019.2130.36819)
CCC Help Greek (x32 Version: 2009.1019.2130.36819)
CCC Help Hungarian (x32 Version: 2009.1019.2130.36819)
CCC Help Italian (x32 Version: 2009.1019.2130.36819)
CCC Help Japanese (x32 Version: 2009.1019.2130.36819)
CCC Help Korean (x32 Version: 2009.1019.2130.36819)
CCC Help Norwegian (x32 Version: 2009.1019.2130.36819)
CCC Help Polish (x32 Version: 2009.1019.2130.36819)
CCC Help Portuguese (x32 Version: 2009.1019.2130.36819)
CCC Help Russian (x32 Version: 2009.1019.2130.36819)
CCC Help Spanish (x32 Version: 2009.1019.2130.36819)
CCC Help Swedish (x32 Version: 2009.1019.2130.36819)
CCC Help Thai (x32 Version: 2009.1019.2130.36819)
CCC Help Turkish (x32 Version: 2009.1019.2130.36819)
ccc-core-static (x32 Version: 2009.1019.2131.36819)
ccc-utility64 (Version: 2009.1019.2131.36819)
Chicken Invaders 2 (x32)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.6612.1000)
ContentSAFER for Wizmax (x32)
ConvertHelper 2.2 (x32)
Dairy Dash (x32)
Dream Day First Home (x32)
eBay Worldwide (x32 Version: 2.1.0901)
Elevated Installer (x32 Version: 2.2.14)
EmoDio (x32 Version: 1.0)
Epson Easy Photo Print 2 (x32 Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)
Epson Event Manager (x32 Version: 2.50.0000)
EPSON Scan (x32)
EpsonNet Print (x32 Version: 2.5.00)
eSobi v2 (x32 Version: 2.0.4.000274)
Farm Frenzy 2 (x32)
First Class Flurry (x32)
Freemake Audio Converter Version 1.1.0 (x32 Version: 1.1.0)
Garmin Communicator Plugin x64 (Version: 4.0.3)
Garmin Express (x32 Version: 2.2.14)
Garmin Express Tray (x32 Version: 2.2.14)
Garmin Update Service (x32 Version: 2.2.14)
Granny In Paradise (x32)
Heroes of Hellas (x32)
Hotkey Utility (x32 Version: 1.00.3004)
Identity Card (x32 Version: 1.00.3002)
ImagXpress (x32 Version: 7.0.74.0)
IncrediMail (x32 Version: 6.2.9.5203)
IncrediMail 2.0 (x32 Version: 6.2.9.5203)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Junk Mail filter update (x32 Version: 14.0.8089.726)
king.com (remove only) (x32)
Lightscreen (x32)
Logitech Vid (x32 Version: 1.10.1009)
Logitech Webcam Software (Version: 12.10.1113)
LSI PCI-SV92PP Soft Modem (Version: 2.2.95)
Luxor 2 1.12m  (x32 Version: 1.12m)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Marvell Miniport Driver (x32 Version: 10.70.3.3)
Merriam Websters Spell Jam (x32)
MFC RunTime files (x32 Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyFreeCodec (x32)
MyWinLocker (x32 Version: 3.1.76.0)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.7.201)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.7.201)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.4.9.100)
Nero InfoTool (x32 Version: 6.4.7.201)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.8.1)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.11.209)
Nero StartSmart Help (x32 Version: 9.4.11.208)
Nero StartSmart OEM (x32 Version: 9.16.0.100)
NeroExpress (x32 Version: 9.4.10.505)
neroxml (x32 Version: 1.0.0)
Netzwerkhandbuch EPSON SX430 Series (x32)
NVIDIA Drivers (Version: 1.7)
ON SX430 Series Printer Uninstall
PDF24 Creator 4.1.2 (x32)
PENTAX USB DISK Device (x32 Version: 1.02.0000)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009)
PhotoMail Maker (x32 Version: 6.0.0.1007)
PhotoScape (x32)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5898)
swMSM (x32 Version: 12.0.0.1)
TeamViewer 8 (x32 Version: 8.0.16642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Visitenkarten, Briefbögen & Faxvorlagen (x32)
VLC media player 1.1.3 (x32 Version: 1.1.3)
Welcome Center (x32 Version: 1.00.3008)
Windows Live Anmelde-Assistent (x32 Version: 5.000.818.5)
Windows Live Call (x32 Version: 14.0.8064.0206)
Windows Live Communications Platform (x32 Version: 14.0.8064.206)
Windows Live Essentials (x32 Version: 14.0.8089.0726)
Windows Live Essentials (x32 Version: 14.0.8089.726)
Windows Live Fotogalerie (x32 Version: 14.0.8081.709)
Windows Live Mail (x32 Version: 14.0.8089.0726)
Windows Live Messenger (x32 Version: 14.0.8089.0726)
Windows Live Movie Maker (x32 Version: 14.0.8091.0730)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live Writer (x32 Version: 14.0.8089.0726)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinPcap 4.1.1 (x32 Version: 4.1.0.1753)
WinZip 11.1 (x32 Version: 11.3.8261)

==================== Restore Points  =========================

21-08-2013 09:33:25 Wiederherstellungsvorgang
21-08-2013 12:21:20 Windows Update
26-08-2013 06:58:37 Wiederherstellungsvorgang
26-08-2013 08:33:15 Windows Update
26-08-2013 12:19:15 Wiederherstellungsvorgang

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {088482FA-65B8-4E17-9ABF-1DCD48E8D373} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {09F06BFE-A3C8-40E3-846A-6E6F4000C238} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\ndfapi.dll [2009-07-14] (Microsoft Corporation)
Task: {101D75D5-8361-4B40-ADB3-B5110D5CDE08} - System32\Tasks\WPD\SqmUpload_S-1-5-21-1593533058-925159921-2467025932-1000 => C:\Windows\System32\portabledeviceapi.dll [2010-11-20] (Microsoft Corporation)
Task: {1B9B6D19-9ABD-4124-9166-ACBCF72174F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-31] (Adobe Systems Incorporated)
Task: {5E7F64C4-E444-48F9-AEFF-26E20EDFD96F} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {80162438-2F53-48A6-9970-8B48208AD39A} - System32\Tasks\{BD85B5A6-D861-4C48-BC3D-3A7989DBD4B3} => C:\Program Files (x86)\Skype\Phone\Skype.exe No File
Task: {994C86AD-A929-4B2C-88A0-4E25A107A029} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\System32\srrstr.dll [2010-11-20] (Microsoft Corporation)
Task: {A5ABFE5B-39BB-412A-B3F1-C5DE645D2D9B} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => C:\Windows\System32\dfdts.dll [2009-07-14] (Microsoft Corporation)
Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\System32\aepdu.dll [2010-11-20] (Microsoft Corporation)
Task: {D7B6E81D-3CF4-432C-84D2-24213F4316E6} - System32\Tasks\Microsoft\Windows\Autochk\Proxy => C:\Windows\System32\acproxy.dll [2009-07-14] (Microsoft Corporation)
Task: {E22A8667-F75B-4BA9-BA46-067ED4429DE8} - System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange => C:\Windows\System32\bfe.dll [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D


==================== Faulty Device Manager Devices =============

Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 07:12:43 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/27/2013 05:53:33 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (08/27/2013 05:53:17 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/27/2013 05:46:23 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


Microsoft Office Sessions:
=========================
Error: (08/27/2013 07:12:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (08/27/2013 05:53:33 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sigrid\Desktop\esetsmartinstaller_enu.exe

Error: (08/27/2013 05:53:17 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Sigrid\Desktop\esetsmartinstaller_enu.exe


==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 5871.88 MB
Available physical RAM: 4137.27 MB
Total Pagefile: 11741.93 MB
Available Pagefile: 9708.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:290.95 GB) (Free:224.33 GB) NTFS
Drive d: (DATA) (Fixed) (Total:291 GB) (Free:290.81 GB) NTFS
Drive f: (USB SIGRID) (Removable) (Total:28.85 GB) (Free:28.06 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 9095291E)
Partition 1: (Not Active) - (Size=14 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=291 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=291 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)

==================== End Of Log ============================

cosinus 28.08.2013 08:22
Zitat:
-> Keine Aktion durchgeführt
Warum entfernst du die Reste nicht?

hauskran 28.08.2013 12:26
Ich vermute mal, ich weiß jetzt, was ich mit den Funden hätte tun sollen.

Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.27.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Sigrid :: SIGRID-PC [Administrator]

Schutz: Aktiviert

28.08.2013 13:17:38
mbam-log-2013-08-28 (13-17-38).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219838
Laufzeit: 4 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:20 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131