Trojaner-Board - Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung (https://www.trojaner-board.de/156045-windows-7-fierfox-ploetzlich-viele-gruen-unterstrichene-woerter-werbung.html)

Windows 7 / In Fierfox plötzlich viele grün unterstrichene wörter mit werbung

Hy erstmal

Bei meinen Eltern ihren Pc existiert plötzlich das problem das im Fierfox browser sehr viel grün unterstrichene Wörter mit werbung auftauchen
Dabei fällt es hauptsächlich bei "ebay" auf anscheinend verlangsamt dies da auch alles.

Was kann man da tun um das wieder weg zu bekommen hab es bei ihnen bereits mit addblocker probiert aber hat net geholfen

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.

Los geht's:

Schritt 1
http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://deeprybka.trojaner-board.de/tdss/codetags.gif

Hy Jürgen

Hier die beiden txt

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014

Ran by Mario (administrator) on MARIO-PC on 04-07-2014 14:43:35

Running from C:\Users\Mario\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

() C:\Program Files (x86)\-best-markit\wdbest-markite.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

() C:\Program Files (x86)\-best-markit\best-markitaQ174.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)

HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ElbyCheckAnyDVD] => "C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)

HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: K - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {0f5e8a24-95d7-11e0-88b0-9bce2532dc71} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {150cadf7-187a-11e3-94f1-a1bb80db9c57} - E:\LGAutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {190240a2-051c-11e0-a32c-d993f403aa7a} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {1bfc1b27-f58e-11df-95ee-ea8242c72d1a} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {2211e4a6-efc2-11df-87e0-b424b60a7e33} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {517d3034-efeb-11df-a374-f8ae6adb6b46} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22eded-0503-11e0-be56-89003f547270} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22edf7-0503-11e0-be56-89003f547270} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {8aff38f1-89ec-11e0-9dba-d15e43301347} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {92fc88c1-ea5a-11df-a673-97a87723c579} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {938908af-d149-11e0-88a1-fb3808ebba0c} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fb5-8931-11e0-995e-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fe4-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876ffd-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad877009-8931-11e0-995e-c22bca150f45} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48540-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48575-0507-11e0-b077-c85349b80e7b} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f4857e-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea23-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea29-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fda59519-8450-11e0-afa3-eac0ef9fe2de} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fefde87f-1759-11e0-9133-8687ea80ae45} - E:\setup_vmc_lite.exe /checkApplicationPresence

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

ProxyEnable: Internet Explorer proxy is enabled.

ProxyServer: http=127.0.0.1:14092;https=127.0.0.1:14092

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM-x32 - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=2416a5f2000000000000002511665b71

SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322196&octid=EB_ORIGINAL_CTID&ISID=MABAEA12F-B77A-41CE-83BE-4CB395753519&SearchSource=58&CUI=&UM=5&UP=SP77CBA0E0-91AD-45E1-9E8A-1285E71DE207&q={searchTerms}&SSPV=

SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&AF=110000&babsrc=SP_ss&mntrId=2416a5f2000000000000002511665b71

SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392

SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}

SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: best-markit - {F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA} - C:\Program Files (x86)\-best-markit\174.dll ()

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

Toolbar: HKCU - No Name - {C424171E-592A-415A-9EB1-DFD6D95D3530} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default

FF SelectedSearchEngine: Google

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\user.js

FF SearchPlugin: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\ask-web-search.xml

FF SearchPlugin: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\trovi-search.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: VideoDownloadConverter - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013-12-07]

FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]

FF Extension: Babylon - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2014-06-18]

FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi

FF Extension: best-markit - C:\Program Files (x86)\-best-markit\174.xpi [2014-06-29]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 best-markit; C:\Program Files (x86)\-best-markit\best-markitaQ174.exe [178688 2014-06-29] () [File not signed]

R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()

R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
 

==================== Drivers (Whitelisted) ====================
 

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2010-05-15] (ITE Technologies         )

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)

S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-04 14:43 - 2014-07-04 14:44 - 00018744 _____ () C:\Users\Mario\Downloads\FRST.txt

2014-07-04 14:43 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST

2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe

2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe

2014-06-29 17:07 - 2014-06-29 21:08 - 00005294 _____ () C:\Windows\cdplayer.ini

2014-06-29 16:48 - 2014-07-04 14:37 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job

2014-06-29 16:48 - 2014-07-04 14:36 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job

2014-06-29 16:48 - 2014-06-29 17:27 - 00000000 ____D () C:\Program Files (x86)\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update

2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd

2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk

2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit

2014-06-29 16:42 - 2014-06-29 16:43 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe

2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi

2014-06-29 11:22 - 2014-06-29 11:30 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe

2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia

2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav

2014-06-29 09:30 - 2014-06-29 09:31 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav

2014-06-29 08:57 - 2014-06-29 08:58 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe

2014-06-18 21:43 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-07-04 14:44 - 2014-07-04 14:43 - 00018744 _____ () C:\Users\Mario\Downloads\FRST.txt

2014-07-04 14:43 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST

2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe

2014-07-04 14:42 - 2010-08-14 21:13 - 01620244 _____ () C:\Windows\WindowsUpdate.log

2014-07-04 14:37 - 2014-06-29 16:48 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job

2014-07-04 14:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing

2014-07-04 14:36 - 2014-06-29 16:48 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job

2014-07-04 14:36 - 2011-07-08 16:51 - 00000000 ____D () C:\ProgramData\Kodak

2014-07-04 14:36 - 2011-04-03 15:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-07-04 14:36 - 2010-08-21 17:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-04 14:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-04 14:36 - 2009-07-14 06:51 - 00262390 _____ () C:\Windows\setupact.log

2014-07-04 11:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-04 11:50 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-03 22:19 - 2013-10-23 09:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-03 22:10 - 2010-08-21 17:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-02 22:47 - 2011-02-20 11:55 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{896638E2-354A-4B96-AC64-F6A0AD177347}

2014-07-01 19:57 - 2010-08-15 06:15 - 00653928 _____ () C:\Windows\system32\perfh007.dat

2014-07-01 19:57 - 2010-08-15 06:15 - 00129800 _____ () C:\Windows\system32\perfc007.dat

2014-07-01 19:57 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-29 21:08 - 2014-06-29 17:07 - 00005294 _____ () C:\Windows\cdplayer.ini

2014-06-29 17:27 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Audiograbber

2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe

2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update

2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd

2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk

2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit

2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-06-29 16:43 - 2014-06-29 16:42 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe

2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi

2014-06-29 11:30 - 2014-06-29 11:22 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe

2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia

2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:30 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:57 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe

2014-06-25 13:44 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Briefwechsel

2014-06-24 13:05 - 2010-08-21 17:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-24 13:05 - 2010-08-21 17:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-24 12:56 - 2013-08-05 13:28 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-20 17:38 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Witzige Texte, Animationen und Bilder

2014-06-20 16:03 - 2013-10-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-18 21:43 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-06-11 21:50 - 2014-05-03 20:32 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 21:48 - 2010-08-21 15:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-04 13:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 

Some content of TEMP:

====================

C:\Users\Mario\AppData\Local\Temp\avgnt.exe

C:\Users\Mario\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\Mario\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Mario\AppData\Local\Temp\MSN9D40.exe

C:\Users\Mario\AppData\Local\Temp\nsa8C60.exe

C:\Users\Mario\AppData\Local\Temp\nsaDFB3.exe

C:\Users\Mario\AppData\Local\Temp\nsfC9DD.exe

C:\Users\Mario\AppData\Local\Temp\nsgB420.exe

C:\Users\Mario\AppData\Local\Temp\nsiB906.exe

C:\Users\Mario\AppData\Local\Temp\nslB7E8.exe

C:\Users\Mario\AppData\Local\Temp\nslCF2C.exe

C:\Users\Mario\AppData\Local\Temp\nsqDB30.exe

C:\Users\Mario\AppData\Local\Temp\nsv91BE.exe

C:\Users\Mario\AppData\Local\Temp\ResetDevice.exe

C:\Users\Mario\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe

C:\Users\Mario\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-29 12:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014

Ran by Mario at 2014-07-04 14:44:28

Running from C:\Users\Mario\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden

aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden

aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden

Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)

Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)

Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)

Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)

AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - )

Babylon toolbar on IE (HKLM-x32\...\BabylonToolbar) (Version:  - ) <==== ATTENTION

best-markit (HKLM-x32\...\DFD86481-D5B6-1330-4CB5-7D62FFEE1AB7) (Version:  - best-markit-software)

Biet-O-Matic v2.1.00 (HKLM-x32\...\Biet-O-Matic v2.1.00) (Version: Biet-O-Matic v2.1.00 - BOM Development Team)

Blood Ties Deluxe (HKCU\...\Blood Ties Deluxe) (Version: 1.0.0 - Zylom Games)

Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)

C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden

Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)

Can You See What I See Deluxe (HKCU\...\Can You See What I See Deluxe) (Version: 1.0.0 - Zylom Games)

center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)

Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)

Cooking Academy (HKCU\...\Cooking Academy) (Version: 1.0.0 - Zylom Games)

CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.4020 - CyberLink Corp.)

CyberLink PowerDirector (x32 Version: 7.0.4020 - CyberLink Corp.) Hidden

Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)

Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)

Delicious 2 Deluxe (HKCU\...\Delicious 2 Deluxe) (Version: 1.0.0 - Zylom Games)

Delicious Deluxe (HKCU\...\Delicious Deluxe) (Version: 1.0.0 - Zylom Games)

Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)

Dream Sleuth Deluxe (HKCU\...\Dream Sleuth Deluxe) (Version: 1.0.0 - Zylom Games)

DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender und Unternehmer 12.2.0.6412k) (Version: 15.2.13992 - )

eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)

eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)

eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)

eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)

eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)

essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden

Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)

Farm Frenzy 3 - American Pie Deluxe (HKCU\...\Farm Frenzy 3 - American Pie Deluxe) (Version: 1.0.0 - Zylom Games)

Farm Frenzy 3 - Russian Roulette Deluxe (HKCU\...\Farm Frenzy 3 - Russian Roulette Deluxe) (Version: 1.0.0 - Zylom Games)

Farm Frenzy 3 Deluxe (HKCU\...\Farm Frenzy 3 Deluxe) (Version: 1.0.0 - Zylom Games)

Farm Frenzy Deluxe (HKCU\...\Farm Frenzy Deluxe) (Version: 1.0.0 - Zylom Games)

Farmer Deluxe (HKCU\...\Farmer Deluxe) (Version: 1.0.0 - Zylom Games)

First Class Flurry (HKCU\...\First Class Flurry) (Version: 1.0.0 - Zylom Games)

First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)

Fishing Craze Deluxe (HKCU\...\Fishing Craze Deluxe) (Version: 1.0.0 - Zylom Games)

Flower Shop - Big City Break Deluxe (HKCU\...\Flower Shop - Big City Break Deluxe) (Version: 1.0.0 - Zylom Games)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)

Hammer Heads Deluxe (HKCU\...\Hammer Heads Deluxe) (Version: 1.0.0 - Zylom Games)

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)

Hollywood - The Director's Cut Deluxe (HKCU\...\Hollywood - The Director's Cut Deluxe) (Version: 1.0.0 - Zylom Games)

HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{A7096369-9332-466C-8357-08770CDCE277}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Jane's Hotel Deluxe (HKCU\...\Jane's Hotel Deluxe) (Version: 1.0.0 - Zylom Games)

Java Auto Updater (x32 Version: 2.0.6.1 - Sun Microsystems, Inc.) Hidden

Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden

KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)

Little Shop - Road Trip Deluxe (HKCU\...\Little Shop - Road Trip Deluxe) (Version: 1.0.0 - Zylom Games)

Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)

Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60531.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden

Million Dollar Quest Deluxe (HKCU\...\Million Dollar Quest Deluxe) (Version: 1.0.0 - Zylom Games)

Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.06.01.500 - Huawei Technologies Co.,Ltd)

Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version:  - dtp)

Mystery Tales - Insel der Träume (HKLM-x32\...\{F6856F9B-881C-4BAF-8602-1E2DBA0EA8A7}_is1) (Version:  - cerasus.media GmbH)

Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)

Nero 9 Essentials (HKLM-x32\...\{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}) (Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden

Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden

Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden

Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden

Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden

Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden

Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden

Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden

Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden

NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)

ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden

PaperDesigner Plus (HKLM-x32\...\{9B773B11-1C9F-11D5-9B12-00201802CEF5}) (Version:  - )

Paradise Beach Deluxe (HKCU\...\Paradise Beach Deluxe) (Version: 1.0.0 - Zylom Games)

Pirateville Deluxe (HKCU\...\Pirateville Deluxe) (Version: 1.0.0 - Zylom Games)

PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden

ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)

Rainbow Mystery Deluxe (HKCU\...\Rainbow Mystery Deluxe) (Version: 1.0.0 - Zylom Games)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)

Renault Media Nav Toolbox (HKLM-x32\...\Renault Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)

Restaurant Rush Deluxe (HKCU\...\Restaurant Rush Deluxe) (Version: 1.0.0 - Zylom Games)

Robinson Crusoe (HKLM-x32\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version:  - cerasus.media GmbH)

Spirit of Wandering Deluxe (HKCU\...\Spirit of Wandering Deluxe) (Version: 1.0.0 - Zylom Games)

Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{F76D4E7F-4AC6-48DC-9ABB-E9769DD24977}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

Text Express 2 Deluxe (HKCU\...\Text Express 2 Deluxe) (Version: 1.0.0 - Zylom Games)

The Hidden Object Show Deluxe (HKCU\...\The Hidden Object Show Deluxe) (Version: 1.0.0 - Zylom Games)

The Tudors Deluxe (HKCU\...\The Tudors Deluxe) (Version: 1.0.0 - Zylom Games)

Video Grabber (HKLM-x32\...\{65C3253A-E984-4769-BC33-CBC8F059C408}) (Version: 1.00.0000 - dexatek)

Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )

Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3008 - Acer Incorporated)

Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

16-06-2014 19:09:17 Windows-Sicherung

17-06-2014 16:40:46 Windows Update

22-06-2014 17:14:30 Windows-Sicherung

24-06-2014 17:08:03 Windows Update

28-06-2014 05:59:46 Windows Update

29-06-2014 17:00:27 Windows-Sicherung

01-07-2014 17:00:49 Windows Update
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {24AF0EA1-E847-4BD0-B463-669A9335D60E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)

Task: {600BEA74-92F7-4378-8319-4017A9E81947} - System32\Tasks\{87F6D93F-5D2F-4D75-BDE6-A819CC2AF37B} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()

Task: {6CB3FF72-614E-478A-BE32-FE6FCE044F75} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe

Task: {6DAE5EFB-6774-4BD4-871F-0803912BD423} - System32\Tasks\best-markit Update => C:\Program Files (x86)\-best-markit\appbest-markitf99.exe [2014-06-29] ()

Task: {7D8EFB1C-F8A7-45D4-AAC6-A08B142206B8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {82E67281-5910-4C04-A623-BE4F53903417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)

Task: {9DE04B1E-0285-4E71-90FB-FA1AE51DFC1D} - System32\Tasks\best-markit_wd => C:\Program Files (x86)\-best-markit\wdbest-markite.exe [2014-06-29] ()

Task: {9EAB0DBB-1B50-4DA8-AF7D-35A7E227FF6B} - System32\Tasks\{59900C70-4950-40B3-9291-206A1FCB7703} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()

Task: {AB414AD7-38CC-4A7C-AFBB-961D84A4613B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)

Task: {BDE4B03F-959F-4104-9C77-7375381F1B30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {E52F25EC-6A1C-42AB-9A89-50136F157076} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {FF8A7E7A-7A40-4365-8462-344AFD9A34DA} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\best-markit Update.job => C:\Program Files (x86)\-best-markit\appbest-markitf99.exe

Task: C:\Windows\Tasks\best-markit_wd.job => C:\Program Files (x86)\-best-markit\wdbest-markite.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2014-06-29 16:47 - 2014-06-29 16:47 - 00100864 _____ () C:\Program Files (x86)\-best-markit\wdbest-markite.exe

2014-06-29 16:47 - 2014-06-29 16:47 - 00178688 _____ () C:\Program Files (x86)\-best-markit\best-markitaQ174.exe

2013-03-02 11:30 - 2008-12-31 06:31 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-06-29 16:47 - 2014-06-29 16:47 - 00172544 _____ () C:\Program Files (x86)\-best-markit\best-markitaQ174.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\Users\Mario:zylomtest

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}

AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0

AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2

AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F

AlternateDataStreams: C:\ProgramData\TEMP:93DE1838

AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA

AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE

AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft PS/2-Maus

Description: Microsoft PS/2-Maus

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 4.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.4:5353   18 4.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/01/2014 07:27:44 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.

Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/01/2014 01:28:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 
 

System errors:

=============

Error: (07/04/2014 11:50:03 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/03/2014 10:30:19 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/03/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/02/2014 10:51:05 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/01/2014 10:53:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/01/2014 02:09:44 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/01/2014 00:00:52 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (06/30/2014 09:44:27 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (06/29/2014 09:09:20 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (06/29/2014 05:29:46 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 
 

Microsoft Office Sessions:

=========================

Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/04/2014 11:43:33 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 3.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/03/2014 07:47:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.3:5353   18 3.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 4.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/02/2014 09:06:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.4:5353   18 4.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/01/2014 07:27:44 PM) (Source: SideBySide) (EventID: 63) (User: )

Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllc:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
 

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/01/2014 06:55:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/01/2014 01:28:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 40%

Total physical RAM: 3071.23 MB

Available physical RAM: 1829.37 MB

Total Pagefile: 6140.61 MB

Available Pagefile: 4648.58 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB
 

==================== Drives ================================
 

Drive c: (eMachines) (Fixed) (Total:917.41 GB) (Free:844.7 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 730E7791)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Hi, so geht's weiter... ;)

Schritt 1

Bitte deinstalliere folgende Programme:

Java(TM) 6 Update 30
Babylon toolbar on IE

Versuche es bei Windows 7 http://deeprybka.trojaner-board.de/b...ne/revo/w7.png zunächst über Systemsteuerung/Programme deinstallieren.

Sollte das nicht gehen, lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.png hier herunter. Entpacke die zip-Datei auf den Desktop.

Starte die Revouninstaller.exe http://deeprybka.trojaner-board.de/b...o/revoport.PNG
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den oben angegebenen Programmen und wähle sie einzeln aus.
Klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
http://deeprybka.trojaner-board.de/b.../uninstall.PNG http://deeprybka.trojaner-board.de/b...o/moderat2.PNG
Reste löschen:
Klicke auf http://deeprybka.trojaner-board.de/b.../selectall.PNG dann auf http://deeprybka.trojaner-board.de/b...evo/delete.PNG und dann auf http://deeprybka.trojaner-board.de/b...evo/weiter.PNG.

Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter:

Schritt 2
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Äm ist das richtig das bei den scan mit FRST diesmal nur eine txt datei kahm ?
jedanfals hier das was ich hab

AdwCleaner :

Code:

# AdwCleaner v3.214 - Bericht erstellt am 04/07/2014 um 16:01:49

# Aktualisiert 29/06/2014 von Xplode

# Betriebssystem : Windows 7 Home Premium  (64 bits)

# Benutzername : Mario - MARIO-PC

# Gestartet von : C:\Users\Mario\Downloads\adwcleaner_3.214.exe

# Option : Löschen
 

***** [ Dienste ] *****
 

Dienst Gelöscht : best-markit
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\Babylon

Ordner Gelöscht : C:\ProgramData\Partner

Ordner Gelöscht : C:\ProgramData\Viewpoint

Ordner Gelöscht : C:\Program Files (x86)\VideoDownloadConverter

Ordner Gelöscht : C:\Program Files (x86)\VideoDownloadConverter_4z

Ordner Gelöscht : C:\Program Files (x86)\Viewpoint

Ordner Gelöscht : C:\Users\Mario\AppData\Local\Babylon

Ordner Gelöscht : C:\Users\Mario\AppData\Local\PackageAware

Ordner Gelöscht : C:\Users\Mario\AppData\LocalLow\BabylonToolbar

Ordner Gelöscht : C:\Users\Mario\AppData\LocalLow\VideoDownloadConverter_4z

Ordner Gelöscht : C:\Users\Mario\AppData\Roaming\Babylon

Ordner Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\VideoDownloadConverter_4z

Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\ffxtlbr@babylon.com

Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk

Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\ask-web-search.xml

Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\searchplugins\trovi-search.xml

Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\user.js

Datei Gelöscht : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\user.js

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\user.js
 

***** [ Verknüpfungen ] *****
 
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\BabylonToolbar

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConfigTask_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConfigTask_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C424171E-592A-415A-9EB1-DFD6D95D3530}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Schlüssel Gelöscht : HKLM\Software\Babylon

Schlüssel Gelöscht : HKLM\Software\MetaStream

Schlüssel Gelöscht : HKLM\Software\Viewpoint

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
 

***** [ Browser ] *****
 

-\\ Internet Explorer v9.0.8112.16476
 
 

-\\ Mozilla Firefox v30.0 (de)
 

[ Datei : C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\prefs.js ]
 

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":220737723,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":220737724,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?n=77fdc8cf&p2=^HJ^xpi000^FF26A^");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013120719");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xpi000^FF26A^");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "5.71.2.58327");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);

Zeile gelöscht : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");

Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");
 

*************************
 

AdwCleaner[R0].txt - [9129 octets] - [04/07/2014 16:01:12]

AdwCleaner[S0].txt - [8672 octets] - [04/07/2014 16:01:49]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8732 octets] ##########

FRST :

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014

Ran by Mario (administrator) on MARIO-PC on 04-07-2014 16:06:37

Running from C:\Users\Mario\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

() C:\Program Files (x86)\-best-markit\wdbest-markite.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)

HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ElbyCheckAnyDVD] => "C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)

HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: K - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {0f5e8a24-95d7-11e0-88b0-9bce2532dc71} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {150cadf7-187a-11e3-94f1-a1bb80db9c57} - E:\LGAutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {190240a2-051c-11e0-a32c-d993f403aa7a} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {1bfc1b27-f58e-11df-95ee-ea8242c72d1a} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {2211e4a6-efc2-11df-87e0-b424b60a7e33} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {517d3034-efeb-11df-a374-f8ae6adb6b46} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22eded-0503-11e0-be56-89003f547270} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22edf7-0503-11e0-be56-89003f547270} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {8aff38f1-89ec-11e0-9dba-d15e43301347} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {92fc88c1-ea5a-11df-a673-97a87723c579} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {938908af-d149-11e0-88a1-fb3808ebba0c} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fb5-8931-11e0-995e-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fe4-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876ffd-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad877009-8931-11e0-995e-c22bca150f45} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48540-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48575-0507-11e0-b077-c85349b80e7b} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f4857e-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea23-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea29-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fda59519-8450-11e0-afa3-eac0ef9fe2de} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fefde87f-1759-11e0-9133-8687ea80ae45} - E:\setup_vmc_lite.exe /checkApplicationPresence

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392

SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}

SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

BHO-x32: best-markit - {F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA} - C:\Program Files (x86)\-best-markit\174.dll ()

Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default

FF SelectedSearchEngine: Google

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: VideoDownloadConverter - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2013-12-07]

FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]

FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi

FF Extension: best-markit - C:\Program Files (x86)\-best-markit\174.xpi [2014-06-29]
 

==================== Services (Whitelisted) =================
 

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [801872 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()

R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
 

==================== Drivers (Whitelisted) ====================
 

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2010-05-15] (ITE Technologies         )

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)

S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner

2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe

2014-07-04 14:44 - 2014-07-04 14:45 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt

2014-07-04 14:43 - 2014-07-04 16:06 - 00016021 _____ () C:\Users\Mario\Downloads\FRST.txt

2014-07-04 14:43 - 2014-07-04 16:06 - 00000000 ____D () C:\FRST

2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe

2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe

2014-06-29 17:07 - 2014-06-29 21:08 - 00005294 _____ () C:\Windows\cdplayer.ini

2014-06-29 16:48 - 2014-07-04 16:03 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job

2014-06-29 16:48 - 2014-07-04 16:03 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job

2014-06-29 16:48 - 2014-06-29 17:27 - 00000000 ____D () C:\Program Files (x86)\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update

2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd

2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk

2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit

2014-06-29 16:42 - 2014-06-29 16:43 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe

2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi

2014-06-29 11:22 - 2014-06-29 11:30 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe

2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia

2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav

2014-06-29 09:30 - 2014-06-29 09:31 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav

2014-06-29 08:57 - 2014-06-29 08:58 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe

2014-06-18 21:43 - 2014-07-04 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-07-04 16:07 - 2014-07-04 14:43 - 00016021 _____ () C:\Users\Mario\Downloads\FRST.txt

2014-07-04 16:06 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST

2014-07-04 16:03 - 2014-06-29 16:48 - 00000408 _____ () C:\Windows\Tasks\best-markit Update.job

2014-07-04 16:03 - 2014-06-29 16:48 - 00000386 _____ () C:\Windows\Tasks\best-markit_wd.job

2014-07-04 16:03 - 2011-07-08 16:51 - 00000000 ____D () C:\ProgramData\Kodak

2014-07-04 16:03 - 2011-04-03 15:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-07-04 16:03 - 2010-08-21 17:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-04 16:03 - 2009-10-29 08:40 - 00476454 _____ () C:\Windows\PFRO.log

2014-07-04 16:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-04 16:03 - 2009-07-14 06:51 - 00262502 _____ () C:\Windows\setupact.log

2014-07-04 16:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing

2014-07-04 16:02 - 2010-08-14 21:13 - 01649169 _____ () C:\Windows\WindowsUpdate.log

2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner

2014-07-04 16:01 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-04 16:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-04 16:01 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe

2014-07-04 14:45 - 2014-07-04 14:44 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt

2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe

2014-07-03 22:19 - 2013-10-23 09:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-03 22:10 - 2010-08-21 17:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-02 22:47 - 2011-02-20 11:55 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{896638E2-354A-4B96-AC64-F6A0AD177347}

2014-07-01 19:57 - 2010-08-15 06:15 - 00653928 _____ () C:\Windows\system32\perfh007.dat

2014-07-01 19:57 - 2010-08-15 06:15 - 00129800 _____ () C:\Windows\system32\perfc007.dat

2014-07-01 19:57 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-29 21:08 - 2014-06-29 17:07 - 00005294 _____ () C:\Windows\cdplayer.ini

2014-06-29 17:27 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Audiograbber

2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe

2014-06-29 16:48 - 2014-06-29 16:48 - 00003056 _____ () C:\Windows\System32\Tasks\best-markit Update

2014-06-29 16:48 - 2014-06-29 16:48 - 00002974 _____ () C:\Windows\System32\Tasks\best-markit_wd

2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk

2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\-best-markit

2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-06-29 16:43 - 2014-06-29 16:42 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe

2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi

2014-06-29 11:30 - 2014-06-29 11:22 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe

2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia

2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:30 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:57 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe

2014-06-25 13:44 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Briefwechsel

2014-06-24 13:05 - 2010-08-21 17:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-24 13:05 - 2010-08-21 17:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-24 12:56 - 2013-08-05 13:28 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-20 17:38 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Witzige Texte, Animationen und Bilder

2014-06-20 16:03 - 2013-10-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-11 21:50 - 2014-05-03 20:32 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 21:48 - 2010-08-21 15:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-04 13:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 

Some content of TEMP:

====================

C:\Users\Mario\AppData\Local\Temp\avgnt.exe

C:\Users\Mario\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\Mario\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Mario\AppData\Local\Temp\MSN9D40.exe

C:\Users\Mario\AppData\Local\Temp\nsa8C60.exe

C:\Users\Mario\AppData\Local\Temp\nsaDFB3.exe

C:\Users\Mario\AppData\Local\Temp\nsfC9DD.exe

C:\Users\Mario\AppData\Local\Temp\nsgB420.exe

C:\Users\Mario\AppData\Local\Temp\nsiB906.exe

C:\Users\Mario\AppData\Local\Temp\nslB7E8.exe

C:\Users\Mario\AppData\Local\Temp\nslCF2C.exe

C:\Users\Mario\AppData\Local\Temp\nsqDB30.exe

C:\Users\Mario\AppData\Local\Temp\nsv91BE.exe

C:\Users\Mario\AppData\Local\Temp\Quarantine.exe

C:\Users\Mario\AppData\Local\Temp\ResetDevice.exe

C:\Users\Mario\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe

C:\Users\Mario\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-29 12:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Hi, ja sonst hätte ich einen Haken bei Addition.txt setzen lassen... ;)

Schritt 1

http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware

Download-Link
Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
Unter Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

muss mal zwischenfrage stellen
hab beim eset online scanner wie beschrieben verfahren (bis dahin wo scan fertig ) jetzt hat der aber ein paar eventuell unerwünschte anwendungen gefunden
muss ich da etwas anderes noch tun oder wie beschrieben fortfahren ? (also fertigstellen cklicken ,fenter schliesen ....)

Nö, die schauen wir uns an und löschen ggf. manuell... ;)

Ok dann hier die txt dateien

MBAM :

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 04.07.2014

Suchlauf-Zeit: 16:43:57

Logdatei: 

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.07.04.06

Rootkit Datenbank: v2014.07.03.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7

CPU: x64

Dateisystem: NTFS

Benutzer: Mario
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 278346

Verstrichene Zeit: 14 Min, 3 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Aktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 1

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\wdbest-markite.exe, 1688, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22]
 

Module: 1

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.dll, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 
 

Registrierungsschlüssel: 7

PUP.Optional.BestMarkIt.A, HKU\S-1-5-21-2040411554-1652058355-27632440-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\best_markit, Löschen bei Neustart, [53cf0d8e304b6cca03cf6e5cca38c63a], 

PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{41B2E210-42A4-62A2-F0B9-948AB3700562}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9C501577-A144-4CF1-4DA2-A370D714E698}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{41B2E210-42A4-62A2-F0B9-948AB3700562}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F29D9E6D-92D3-C4E1-E996-EA97E31FA2FA}, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DFD86481-D5B6-1330-4CB5-7D62FFEE1AB7, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 7

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 
 

Dateien: 47

PUP.Optional.SearchProtect.A, C:\Users\Mario\AppData\Local\Temp\nsa17CD.tmp, In Quarantäne, [9b879efddc9ff83e91df533faa571ee2], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsa8C60.exe, In Quarantäne, [c45ee1babcbf191daaa2c1c7996802fe], 

PUP.Optional.SearchProtect.A, C:\Users\Mario\AppData\Local\Temp\nsaA4CF.tmp, In Quarantäne, [bb672b70205b6acc79f74052dd24ef11], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsaDFB3.exe, In Quarantäne, [0c16e7b4473455e1ce7e4345ad549b65], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsfC9DD.exe, In Quarantäne, [49d938639fdccc6ad9739fe9808121df], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsgB420.exe, In Quarantäne, [d949faa19edd2a0cb993b5d3629fc33d], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsiB906.exe, In Quarantäne, [e53ddebdaccf44f2b19b196f57aa4eb2], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nslB7E8.exe, In Quarantäne, [958d0596e49740f690bc484018e9b848], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nslCF2C.exe, In Quarantäne, [65bdebb05526d363e4684048c8394eb2], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsqDB30.exe, In Quarantäne, [72b0abf0ee8da6901735a5e301000af6], 

PUP.Optional.Conduit.A, C:\Users\Mario\AppData\Local\Temp\nsv91BE.exe, In Quarantäne, [f72bf8a34a31989e14382c5c936e9c64], 

PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\delicious2download.exe, In Quarantäne, [22000c8fe29911256529f7cdac543ec2], 

PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\deliciousdownload.exe, In Quarantäne, [0a185e3d99e273c3dcb27c48758b827e], 

PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\hammerheadsdownload.exe, In Quarantäne, [9b878d0e512a092dc3cbb41027d9c040], 

PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\rainbowmysterydownload.exe, In Quarantäne, [7ba7e8b3671437ff06889232d52b7987], 

PUP.Downloader.ZYL, C:\Users\Mario\Desktop\Telekom Rechnung\SPIELE\textexpress2download.exe, In Quarantäne, [061ce0bbf7842b0bc9c5685cd52b6b95], 

PUP.Optional.BestMarkIt.A, C:\Windows\System32\Tasks\best-markit Update, In Quarantäne, [73af44573e3d013510029421eb176f91], 

PUP.Optional.BestMarkIt.A, C:\Windows\System32\Tasks\best-markit_wd, In Quarantäne, [58cad8c32c4fbe7831e107aefe045ea2], 

PUP.Optional.BestMarkIt.A, C:\Windows\Tasks\best-markit Update.job, In Quarantäne, [3be7415aa3d84ee8804fecde0cf6d12f], 

PUP.Optional.BestMarkIt.A, C:\Windows\Tasks\best-markit_wd.job, In Quarantäne, [e240a7f4403b6ec8458ae1e9857d0ef2], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install.rdf, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\geqtgm00.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome\4zffxtbr.jar, In Quarantäne, [40e2a1fa3744b4825c85227da9591be5], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\bootstrap.js, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome.manifest, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install.rdf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\install_no_bootstrap.rdf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\chrome\4zffxtbr.jar, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\manifest.mf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\zigbert.rsa, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\META-INF\zigbert.sf, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\EXEManager.dll, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\FF-NativeMessagingDispatcher.dll, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.MindSpark.A, C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\extensions\4zffxtbr@VideoDownloadConverter_4z.com\plugins\Verify.dll, In Quarantäne, [aa787625c7b4e353ab36aef1c83a59a7], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.crx, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.dat, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.dll, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\174.xpi, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\a.db, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\appbest-markitf99.exe, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\b.db, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.bin, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.dll, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.exe, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\best-markitaQ174.ini, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\Sqlite3.dll, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\Uninstall.exe, In Quarantäne, [071b9a0185f66ec8118e129d11f1de22], 

PUP.Optional.BestMarkIt.A, C:\Program Files (x86)\-best-markit\wdbest-markite.exe, Löschen bei Neustart, [071b9a0185f66ec8118e129d11f1de22], 
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

ESET Online Scanner:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7587

# api_version=3.0.2

# EOSSerial=59a34991811a1b4e96b390b2442eb90e

# engine=19025

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-07-04 04:09:40

# local_time=2014-07-04 06:09:40 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7600 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 12444 156120030 0 0

# scanned=184966

# found=8

# cleaned=0

# scan_time=3545

sh=A823D4D557D4DEAFBE264CC8760DBFE85C24C4A0 ft=1 fh=c71c001189d1b3db vn="Variante von Win32/Toolbar.Babylon.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\BExternal.dll.vir"

sh=E9966958672AFC5363CD47F153CA2ED0C87112DF ft=1 fh=a2f67e8360868780 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\IECookieLow.dll.vir"

sh=40969E053E001937C71D74EA719F78BF9A5FEF2A ft=1 fh=9a76860661eadcce vn="Win32/Toolbar.Babylon evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\MyBabylonTB.exe.vir"

sh=45D1104CA6BE51EDA80B5994403E9ABD523082A3 ft=1 fh=dc60180b3d8151a5 vn="Variante von Win32/Toolbar.Babylon.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mario\AppData\Local\Babylon\Setup\Setup.exe.vir"

sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H71HL6UC\spstub[1].exe"

sh=A84B46CCDC3F57029C711BE6275A760DD13AC913 ft=1 fh=15908f4a60c02694 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LDFWVB45\SPSetup[2].exe"

sh=0EA8B6FF0D2DD92DE3EB3FD64BF7109D61AF4FC1 ft=1 fh=9094b160c121c80c vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe"

sh=17DE4EBD2BDD63571A61B49BDE5B1767A9FCFE84 ft=1 fh=cda42ca5ebca54a0 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe"

Und von FRST die zwei

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014

Ran by Mario (administrator) on MARIO-PC on 04-07-2014 18:24:54

Running from C:\Users\Mario\Downloads

Platform: Windows 7 Home Premium (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 9

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe

(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Acer) C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company)

HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ElbyCheckAnyDVD] => "C:\Program Files (x86)\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD

HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)

HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234288 2011-12-12] (Eastman Kodak Company)

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-10-29] (Google Inc.)

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: K - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {0f5e8a24-95d7-11e0-88b0-9bce2532dc71} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {150cadf7-187a-11e3-94f1-a1bb80db9c57} - E:\LGAutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {190240a2-051c-11e0-a32c-d993f403aa7a} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {1bfc1b27-f58e-11df-95ee-ea8242c72d1a} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {2211e4a6-efc2-11df-87e0-b424b60a7e33} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {517d3034-efeb-11df-a374-f8ae6adb6b46} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22eded-0503-11e0-be56-89003f547270} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {6c22edf7-0503-11e0-be56-89003f547270} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {8aff38f1-89ec-11e0-9dba-d15e43301347} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {92fc88c1-ea5a-11df-a673-97a87723c579} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {938908af-d149-11e0-88a1-fb3808ebba0c} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fb5-8931-11e0-995e-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876fe4-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad876ffd-8931-11e0-995e-c22bca150f45} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {ad877009-8931-11e0-995e-c22bca150f45} - K:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48540-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f48575-0507-11e0-b077-c85349b80e7b} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {c4f4857e-0507-11e0-b077-c85349b80e7b} - E:\AutoRun.exe

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea23-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {e53dea29-8928-11e0-a759-bdd8332f3131} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fda59519-8450-11e0-afa3-eac0ef9fe2de} - E:\setup_vmc_lite.exe /checkApplicationPresence

HKU\S-1-5-21-2040411554-1652058355-27632440-1000\...\MountPoints2: {fefde87f-1759-11e0-9133-8687ea80ae45} - E:\setup_vmc_lite.exe /checkApplicationPresence

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392

SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}

SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO-x32: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File

Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default

FF SelectedSearchEngine: Google

FF Homepage: about:home

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF Extension: Adblock Plus - C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\uyu7kc7h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-03]

FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi
 

==================== Services (Whitelisted) =================
 

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [811088 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 Greg_Service; C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2008-12-31] ()

R2 Updater Service; C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
 

==================== Drivers (Whitelisted) ====================
 

S3 AF9035HB; C:\Windows\System32\Drivers\AF9035HB.sys [907904 2010-05-15] (ITE Technologies         )

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-24] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-06-24] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2014-06-24] (Avira Operations GmbH & Co. KG)

S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [249856 2010-03-24] (Huawei Technologies Co., Ltd.)

S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.)

S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-04 17:02 - 2014-07-04 17:02 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_deu.exe

2014-07-04 16:56 - 2014-07-04 16:56 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Avira

2014-07-04 16:55 - 2014-07-04 16:55 - 00002035 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-07-04 16:55 - 2014-07-04 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-07-04 16:54 - 2014-07-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-07-04 16:54 - 2014-06-24 20:39 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-07-04 16:54 - 2014-06-24 20:39 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-07-04 16:54 - 2014-06-24 20:39 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-07-04 16:54 - 2014-06-24 20:39 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-07-04 16:32 - 2014-07-04 18:19 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-04 16:32 - 2014-07-04 16:32 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-04 16:32 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-07-04 16:32 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-07-04 16:32 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-07-04 16:29 - 2014-07-04 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-04 16:22 - 2014-07-04 16:35 - 157344328 _____ () C:\Users\Mario\Downloads\avira_antivirus_pro_de.exe

2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner

2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe

2014-07-04 14:44 - 2014-07-04 14:45 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt

2014-07-04 14:43 - 2014-07-04 18:25 - 00015769 _____ () C:\Users\Mario\Downloads\FRST.txt

2014-07-04 14:43 - 2014-07-04 18:25 - 00000000 ____D () C:\FRST

2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe

2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe

2014-06-29 17:07 - 2014-06-29 21:08 - 00005294 _____ () C:\Windows\cdplayer.ini

2014-06-29 16:48 - 2014-06-29 17:27 - 00000000 ____D () C:\Program Files (x86)\Audiograbber

2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk

2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber

2014-06-29 16:42 - 2014-06-29 16:43 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe

2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi

2014-06-29 11:22 - 2014-06-29 11:30 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe

2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia

2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav

2014-06-29 09:30 - 2014-06-29 09:31 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav

2014-06-29 08:57 - 2014-06-29 08:58 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe

2014-06-18 21:43 - 2014-07-04 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
 

==================== One Month Modified Files and Folders =======
 

2014-07-04 18:25 - 2014-07-04 14:43 - 00015769 _____ () C:\Users\Mario\Downloads\FRST.txt

2014-07-04 18:25 - 2014-07-04 14:43 - 00000000 ____D () C:\FRST

2014-07-04 18:19 - 2014-07-04 16:32 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-07-04 18:19 - 2013-10-23 09:15 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-07-04 18:10 - 2010-08-21 17:15 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-07-04 17:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing

2014-07-04 17:08 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-07-04 17:08 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-07-04 17:04 - 2010-08-14 21:13 - 01705381 _____ () C:\Windows\WindowsUpdate.log

2014-07-04 17:02 - 2014-07-04 17:02 - 02347384 _____ (ESET) C:\Users\Mario\Downloads\esetsmartinstaller_deu.exe

2014-07-04 17:00 - 2011-07-08 16:51 - 00000000 ____D () C:\ProgramData\Kodak

2014-07-04 17:00 - 2011-04-03 15:50 - 00065536 _____ () C:\Windows\system32\Ikeext.etl

2014-07-04 17:00 - 2010-08-21 17:15 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-07-04 17:00 - 2009-10-29 08:40 - 00649688 _____ () C:\Windows\PFRO.log

2014-07-04 17:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-07-04 17:00 - 2009-07-14 06:51 - 00262670 _____ () C:\Windows\setupact.log

2014-07-04 17:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security

2014-07-04 16:56 - 2014-07-04 16:56 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Avira

2014-07-04 16:55 - 2014-07-04 16:55 - 00002035 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk

2014-07-04 16:55 - 2014-07-04 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

2014-07-04 16:54 - 2014-07-04 16:54 - 00000000 ____D () C:\Program Files (x86)\Avira

2014-07-04 16:54 - 2010-08-15 10:12 - 00000000 ____D () C:\ProgramData\Avira

2014-07-04 16:35 - 2014-07-04 16:22 - 157344328 _____ () C:\Users\Mario\Downloads\avira_antivirus_pro_de.exe

2014-07-04 16:32 - 2014-07-04 16:32 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-04 16:32 - 2014-07-04 16:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-04 16:31 - 2014-07-04 16:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mario\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-04 16:01 - 2014-07-04 16:01 - 00000000 ____D () C:\AdwCleaner

2014-07-04 16:01 - 2014-06-18 21:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-07-04 16:00 - 2014-07-04 16:00 - 01346519 _____ () C:\Users\Mario\Downloads\adwcleaner_3.214.exe

2014-07-04 14:45 - 2014-07-04 14:44 - 00032435 _____ () C:\Users\Mario\Downloads\Addition.txt

2014-07-04 14:42 - 2014-07-04 14:42 - 02083840 _____ (Farbar) C:\Users\Mario\Downloads\FRST64.exe

2014-07-02 22:47 - 2011-02-20 11:55 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{896638E2-354A-4B96-AC64-F6A0AD177347}

2014-07-01 19:57 - 2010-08-15 06:15 - 00653928 _____ () C:\Windows\system32\perfh007.dat

2014-07-01 19:57 - 2010-08-15 06:15 - 00129800 _____ () C:\Windows\system32\perfc007.dat

2014-07-01 19:57 - 2009-07-14 07:13 - 01498506 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-06-29 21:08 - 2014-06-29 17:07 - 00005294 _____ () C:\Windows\cdplayer.ini

2014-06-29 17:27 - 2014-06-29 16:48 - 00000000 ____D () C:\Program Files (x86)\Audiograbber

2014-06-29 17:24 - 2014-06-29 17:24 - 00468976 _____ () C:\Users\Mario\Downloads\download_audiograbber_mp3_plugin.exe

2014-06-29 16:48 - 2014-06-29 16:48 - 00001092 _____ () C:\Users\Public\Desktop\Audiograbber.lnk

2014-06-29 16:48 - 2014-06-29 16:48 - 00000306 __RSH () C:\ProgramData\ntuser.pol

2014-06-29 16:48 - 2014-06-29 16:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audiograbber

2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

2014-06-29 16:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy

2014-06-29 16:43 - 2014-06-29 16:42 - 00469016 _____ () C:\Users\Mario\Downloads\DLG_audiograbber_product+website_default.exe

2014-06-29 16:33 - 2014-06-29 16:33 - 00000000 ____D () C:\Users\Mario\Desktop\Dacia Navi

2014-06-29 11:30 - 2014-06-29 11:22 - 21719960 _____ ( ) C:\Users\Mario\Downloads\poibase_setup_pocketnavigation.exe

2014-06-29 09:32 - 2014-06-29 09:32 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\dacia

2014-06-29 09:31 - 2014-06-29 09:31 - 00001140 _____ () C:\Users\Mario\Desktop\Dacia Media Nav Toolbox.lnk

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:31 - 00000000 ____D () C:\Program Files (x86)\Dacia Media Nav

2014-06-29 09:31 - 2014-06-29 09:30 - 12793904 _____ (NNG Llc.) C:\Users\Mario\Downloads\Dacia_Media_Nav_Toolbox_Setup.exe

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\renault

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:58 - 00000000 ____D () C:\Program Files (x86)\Renault Media Nav

2014-06-29 08:58 - 2014-06-29 08:57 - 12703088 _____ (NNG Llc.) C:\Users\Mario\Downloads\Renault_Media_Nav_Toolbox_Setup.exe

2014-06-25 13:44 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Briefwechsel

2014-06-24 20:39 - 2014-07-04 16:54 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys

2014-06-24 20:39 - 2014-07-04 16:54 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys

2014-06-24 20:39 - 2014-07-04 16:54 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys

2014-06-24 20:39 - 2014-07-04 16:54 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys

2014-06-24 13:05 - 2010-08-21 17:15 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-06-24 13:05 - 2010-08-21 17:15 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-06-20 17:38 - 2008-07-27 20:24 - 00000000 ____D () C:\Users\Mario\Documents\Witzige Texte, Animationen und Bilder

2014-06-20 16:03 - 2013-10-23 08:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-06-11 21:50 - 2014-05-03 20:32 - 00000000 ____D () C:\Windows\system32\MRT

2014-06-11 21:48 - 2010-08-21 15:35 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-06-04 13:31 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
 

Some content of TEMP:

====================

C:\Users\Mario\AppData\Local\Temp\avgnt.exe

C:\Users\Mario\AppData\Local\Temp\DataCard_Setup64.exe

C:\Users\Mario\AppData\Local\Temp\fp_pl_pfs_installer.exe

C:\Users\Mario\AppData\Local\Temp\MSN9D40.exe

C:\Users\Mario\AppData\Local\Temp\Quarantine.exe

C:\Users\Mario\AppData\Local\Temp\ResetDevice.exe

C:\Users\Mario\AppData\Local\Temp\WEB.DE_Softwareaktualisierung_Setup.exe

C:\Users\Mario\AppData\Local\Temp\WEB.DE_Toolbar_IE_Setup.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-06-29 12:16
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2014

Ran by Mario at 2014-07-04 18:25:57

Running from C:\Users\Mario\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden

aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden

aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden

aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden

Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)

Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)

Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)

Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)

Audiograbber MP3-Plugin (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)

AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - )

Biet-O-Matic v2.1.00 (HKLM-x32\...\Biet-O-Matic v2.1.00) (Version: Biet-O-Matic v2.1.00 - BOM Development Team)

Blood Ties Deluxe (HKCU\...\Blood Ties Deluxe) (Version: 1.0.0 - Zylom Games)

Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)

C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden

Camera RAW Plug-In for EPSON Creativity Suite (HKLM-x32\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)

Can You See What I See Deluxe (HKCU\...\Can You See What I See Deluxe) (Version: 1.0.0 - Zylom Games)

center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden

Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)

Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 3.18.0.342250 - NNG Llc.)

Cooking Academy (HKCU\...\Cooking Academy) (Version: 1.0.0 - Zylom Games)

CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6904 - CyberLink Corp.)

CyberLink PhotoNow (x32 Version: 1.1.6904 - CyberLink Corp.) Hidden

CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.4020 - CyberLink Corp.)

CyberLink PowerDirector (x32 Version: 7.0.4020 - CyberLink Corp.) Hidden

Dacia Media Nav Toolbox (HKLM-x32\...\Dacia Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)

Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)

Delicious 2 Deluxe (HKCU\...\Delicious 2 Deluxe) (Version: 1.0.0 - Zylom Games)

Delicious Deluxe (HKCU\...\Delicious Deluxe) (Version: 1.0.0 - Zylom Games)

Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)

Dream Sleuth Deluxe (HKCU\...\Dream Sleuth Deluxe) (Version: 1.0.0 - Zylom Games)

DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)

ElsterFormular-Upgrade (HKLM-x32\...\ElsterFormular für Privatanwender und Unternehmer 12.2.0.6412k) (Version: 15.2.13992 - )

eMachines GameZone Console (HKLM-x32\...\{31D611A1-03B5-4018-BC6F-DDB5B5616478}_is1) (Version: 5.1.1.3 - Oberon Media, Inc.)

eMachines Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)

eMachines Registration (HKLM-x32\...\eMachines Registration) (Version: 1.02.3006 - Acer Incorporated)

eMachines ScreenSaver (HKLM-x32\...\eMachines Screensaver) (Version: 1.1.0812 - eMachines Incorporated)

eMachines Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)

essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden

Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)

Farm Frenzy 3 - American Pie Deluxe (HKCU\...\Farm Frenzy 3 - American Pie Deluxe) (Version: 1.0.0 - Zylom Games)

Farm Frenzy 3 - Russian Roulette Deluxe (HKCU\...\Farm Frenzy 3 - Russian Roulette Deluxe) (Version: 1.0.0 - Zylom Games)

Farm Frenzy 3 Deluxe (HKCU\...\Farm Frenzy 3 Deluxe) (Version: 1.0.0 - Zylom Games)

Farm Frenzy Deluxe (HKCU\...\Farm Frenzy Deluxe) (Version: 1.0.0 - Zylom Games)

Farmer Deluxe (HKCU\...\Farmer Deluxe) (Version: 1.0.0 - Zylom Games)

First Class Flurry (HKCU\...\First Class Flurry) (Version: 1.0.0 - Zylom Games)

First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)

Fishing Craze Deluxe (HKCU\...\Fishing Craze Deluxe) (Version: 1.0.0 - Zylom Games)

Flower Shop - Big City Break Deluxe (HKCU\...\Flower Shop - Big City Break Deluxe) (Version: 1.0.0 - Zylom Games)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)

Hammer Heads Deluxe (HKCU\...\Hammer Heads Deluxe) (Version: 1.0.0 - Zylom Games)

Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)

Hollywood - The Director's Cut Deluxe (HKCU\...\Hollywood - The Director's Cut Deluxe) (Version: 1.0.0 - Zylom Games)

HP Deskjet 1050 J410 series - Grundlegende Software für das Gerät (HKLM\...\{A7096369-9332-466C-8357-08770CDCE277}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Hilfe (HKLM-x32\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)

ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden

Jane's Hotel Deluxe (HKCU\...\Jane's Hotel Deluxe) (Version: 1.0.0 - Zylom Games)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden

KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company)

Little Shop - Road Trip Deluxe (HKCU\...\Little Shop - Road Trip Deluxe) (Version: 1.0.0 - Zylom Games)

Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2000 Disc 2 (HKLM-x32\...\{00040407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)

Microsoft Office 2000 Premium (HKLM-x32\...\{00000407-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2816 - Microsoft Corporation)

Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60531.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)

Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden

Million Dollar Quest Deluxe (HKCU\...\Million Dollar Quest Deluxe) (Version: 1.0.0 - Zylom Games)

Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 16.001.06.01.500 - Huawei Technologies Co.,Ltd)

Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version:  - dtp)

Mystery Tales - Insel der Träume (HKLM-x32\...\{F6856F9B-881C-4BAF-8602-1E2DBA0EA8A7}_is1) (Version:  - cerasus.media GmbH)

Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - NNG Llc.)

Nero 9 Essentials (HKLM-x32\...\{f2a1968e-87eb-4bb6-b579-27de6f2b8e4f}) (Version:  - Nero AG)

Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden

Nero DiscSpeed (x32 Version: 5.4.7.201 - Nero AG) Hidden

Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden

Nero DriveSpeed (x32 Version: 4.4.7.201 - Nero AG) Hidden

Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden

Nero Express Help (x32 Version: 9.4.9.100 - Nero AG) Hidden

Nero InfoTool (x32 Version: 6.4.7.201 - Nero AG) Hidden

Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden

Nero Installer (x32 Version: 4.4.8.1 - Nero AG) Hidden

Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden

Nero StartSmart (x32 Version: 9.4.11.209 - Nero AG) Hidden

Nero StartSmart Help (x32 Version: 9.4.11.208 - Nero AG) Hidden

Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden

NeroExpress (x32 Version: 9.4.10.505 - Nero AG) Hidden

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.9 - NVIDIA Corporation)

ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden

PaperDesigner Plus (HKLM-x32\...\{9B773B11-1C9F-11D5-9B12-00201802CEF5}) (Version:  - )

Paradise Beach Deluxe (HKCU\...\Paradise Beach Deluxe) (Version: 1.0.0 - Zylom Games)

Pirateville Deluxe (HKCU\...\Pirateville Deluxe) (Version: 1.0.0 - Zylom Games)

PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden

ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)

Rainbow Mystery Deluxe (HKCU\...\Rainbow Mystery Deluxe) (Version: 1.0.0 - Zylom Games)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)

Renault Media Nav Toolbox (HKLM-x32\...\Renault Media Nav Toolbox) (Version: 3.18.0.330918 - NNG Llc.)

Restaurant Rush Deluxe (HKCU\...\Restaurant Rush Deluxe) (Version: 1.0.0 - Zylom Games)

Robinson Crusoe (HKLM-x32\...\{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1) (Version:  - cerasus.media GmbH)

Spirit of Wandering Deluxe (HKCU\...\Spirit of Wandering Deluxe) (Version: 1.0.0 - Zylom Games)

Studie zur Verbesserung von HP Deskjet 1050 J410 series Produkten (HKLM\...\{F76D4E7F-4AC6-48DC-9ABB-E9769DD24977}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

Text Express 2 Deluxe (HKCU\...\Text Express 2 Deluxe) (Version: 1.0.0 - Zylom Games)

The Hidden Object Show Deluxe (HKCU\...\The Hidden Object Show Deluxe) (Version: 1.0.0 - Zylom Games)

The Tudors Deluxe (HKCU\...\The Tudors Deluxe) (Version: 1.0.0 - Zylom Games)

Video Grabber (HKLM-x32\...\{65C3253A-E984-4769-BC33-CBC8F059C408}) (Version: 1.00.0000 - dexatek)

Welcome Center (HKLM-x32\...\eMachines Welcome Center) (Version: 1.00.3008 - Acer Incorporated)

Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden

Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Fotogalerie (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Mobile-Gerätecenter (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
 

==================== Restore Points  =========================
 

16-06-2014 19:09:17 Windows-Sicherung

17-06-2014 16:40:46 Windows Update

22-06-2014 17:14:30 Windows-Sicherung

24-06-2014 17:08:03 Windows Update

28-06-2014 05:59:46 Windows Update

29-06-2014 17:00:27 Windows-Sicherung

01-07-2014 17:00:49 Windows Update

04-07-2014 13:57:30 Removed Java(TM) 6 Update 30
 

==================== Hosts content: ==========================
 

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {24AF0EA1-E847-4BD0-B463-669A9335D60E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)

Task: {600BEA74-92F7-4378-8319-4017A9E81947} - System32\Tasks\{87F6D93F-5D2F-4D75-BDE6-A819CC2AF37B} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()

Task: {6CB3FF72-614E-478A-BE32-FE6FCE044F75} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files (x86)\TuneUp Utilities 2010\OneClick.exe

Task: {7D8EFB1C-F8A7-45D4-AAC6-A08B142206B8} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)

Task: {82E67281-5910-4C04-A623-BE4F53903417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-18] (Google Inc.)

Task: {9EAB0DBB-1B50-4DA8-AF7D-35A7E227FF6B} - System32\Tasks\{59900C70-4950-40B3-9291-206A1FCB7703} => C:\Users\Mario\Documents\setup_vmc.exe [2007-07-16] ()

Task: {AB414AD7-38CC-4A7C-AFBB-961D84A4613B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-17] (Adobe Systems Incorporated)

Task: {BDE4B03F-959F-4104-9C77-7375381F1B30} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {E52F25EC-6A1C-42AB-9A89-50136F157076} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

Task: {FF8A7E7A-7A40-4365-8462-344AFD9A34DA} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-03-02 11:30 - 2008-12-31 06:31 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-06-18 21:43 - 2014-06-18 21:43 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\Users\Mario:zylomtest

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}

AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0

AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2

AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F

AlternateDataStreams: C:\ProgramData\TEMP:93DE1838

AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA

AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE

AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft PS/2-Maus

Description: Microsoft PS/2-Maus

Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: i8042prt

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/04/2014 06:24:32 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 

Error: (07/04/2014 06:18:05 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 

Error: (07/04/2014 05:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 

Error: (07/04/2014 05:03:01 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/04/2014 04:12:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm avcenter.exe, Version 14.0.5.396 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: c60
 

Startzeit: 01cf9791f4842210
 

Endzeit: 11107
 

Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avcenter.exe
 

Berichts-ID: 3a943291-0385-11e4-83e5-de56822c177f
 

Error: (07/04/2014 04:05:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm avcenter.exe, Version 14.0.5.396 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: 103c
 

Startzeit: 01cf9790d7e26910
 

Endzeit: 4430
 

Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avcenter.exe
 

Berichts-ID: 3a000df1-0384-11e4-83e5-de56822c177f
 
 

System errors:

=============

Error: (07/04/2014 04:59:44 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/04/2014 04:41:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/04/2014 04:12:44 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/04/2014 04:02:24 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/04/2014 02:53:41 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/04/2014 11:50:03 AM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/03/2014 10:30:19 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/03/2014 08:42:34 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/02/2014 10:51:05 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 

Error: (07/01/2014 10:53:16 PM) (Source: Service Control Manager) (EventID: 7016) (User: )

Description: Der Dienst "NVIDIA Display Driver Service" hat einen ungültigen aktuellen Status gemeldet: 32
 
 

Microsoft Office Sessions:

=========================

Error: (07/04/2014 06:24:32 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Mario\Downloads\esetsmartinstaller_deu.exe
 

Error: (07/04/2014 06:18:05 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
 

Error: (07/04/2014 05:03:56 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Mario\Downloads\esetsmartinstaller_deu.exe
 

Error: (07/04/2014 05:03:01 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifestC:\Users\Mario\Downloads\esetsmartinstaller_deu.exe
 

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/04/2014 04:42:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.0.168.192.in-addr.arpa. PTR Mario-PC.local.
 

Error: (07/04/2014 04:13:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.0.2:5353   18 2.0.168.192.in-addr.arpa. PTR Mario-PC-2.local.
 

Error: (07/04/2014 04:12:41 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: avcenter.exe14.0.5.396c6001cf9791f484221011107C:\program files (x86)\avira\antivir desktop\avcenter.exe3a943291-0385-11e4-83e5-de56822c177f
 

Error: (07/04/2014 04:05:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: avcenter.exe14.0.5.396103c01cf9790d7e269104430C:\program files (x86)\avira\antivir desktop\avcenter.exe3a000df1-0384-11e4-83e5-de56822c177f
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 50%

Total physical RAM: 3071.23 MB

Available physical RAM: 1511.67 MB

Total Pagefile: 6140.61 MB

Available Pagefile: 4416.35 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB
 

==================== Drives ================================
 

Drive c: (eMachines) (Fixed) (Total:917.41 GB) (Free:844.07 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: 730E7791)

Partition 1: (Not Active) - (Size=14 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=917 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

PS : hab grad mal nachgeschaut die grünen unterstrichenen wörter mit der werbung sind schon mal weg (grade mal auf den seiten geschaut wo sie aufgefallen sind)

Hi,

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

AlternateDataStreams: C:\Users\Mario:zylomtest

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}

AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0

AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2

AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F

AlternateDataStreams: C:\ProgramData\TEMP:93DE1838

AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA

AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE

AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392

SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}

SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

Schritt 2
Lade dir

TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.

Schritt 3
http://deeprybka.trojaner-board.de/b...an/updates.PNGWindows 7 Service Pack 1 installieren.

Hier findest Du nähere Informationen dazu.
Meiner Meinung nach, ist das Runterladen und direkte Installieren des Service Pack empfehlenswert. Hier kannst Du Dir den SP1 für Windows herunterladen. In Deinem Fall: windows6.1-KB976932-X64.exe
Falls es Probleme gibt, dann installiere Dir bitte dieses Tool.
Sollte die Installation erfolgreich gewesen sein, stelle anschließend sicher, dass die Windows Update-Funktion aktiviert ist. Eine Anleitung dazu findest Du hier. Installiere damit alle verfügbaren Updates.

Wenn erledigt dann:

Von hier bitte den neuesten Internet Explorer installieren.

Java installieren.

Flash-Link mit allen Browsern aufrufen. Flash aktualisieren. Optionale Angebote ablehnen.

Schritt 4

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

so erstmal sry das meine antwort so lang auf sich warten lies :pfeiff:

fixlog.txt :

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-07-2014 01

Ran by Mario at 2014-07-07 17:21:39 Run:1

Running from C:\Users\Mario\Downloads

Boot Mode: Normal

==============================================
 

Content of fixlist:

*****************

AlternateDataStreams: C:\Users\Mario:zylomtest

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}

AlternateDataStreams: C:\Users\Mario:zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}

AlternateDataStreams: C:\Users\Mario:zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}

AlternateDataStreams: C:\Users\Mario:zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}

AlternateDataStreams: C:\Users\Mario:zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}

AlternateDataStreams: C:\Users\Mario:zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}

AlternateDataStreams: C:\Users\Mario:zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}

AlternateDataStreams: C:\ProgramData\TEMP:0B9176C0

AlternateDataStreams: C:\ProgramData\TEMP:4D066AD2

AlternateDataStreams: C:\ProgramData\TEMP:5D7E5A8F

AlternateDataStreams: C:\ProgramData\TEMP:93DE1838

AlternateDataStreams: C:\ProgramData\TEMP:AB689DEA

AlternateDataStreams: C:\ProgramData\TEMP:ABE89FFE

AlternateDataStreams: C:\ProgramData\TEMP:E1F04E8D

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

FF HKCU\...\Firefox\Extensions: [{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D}] - C:\Program Files (x86)\-best-markit\174.xpi

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW

SearchScopes: HKCU - {1D855293-8F32-4CED-810A-7104C471F70C} URL = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}

SearchScopes: HKCU - {41AB09FE-0A87-4418-B327-2E4EF29A59F2} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE392

SearchScopes: HKCU - {70F7F677-A369-4AC6-8052-D87A791205CA} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9} URL = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}

SearchScopes: HKCU - {D36B6AB2-9C86-4C46-97E2-104C7530E06D} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

SearchScopes: HKCU - {E4999632-68A8-441D-97E1-8E371D9982A1} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/br/ie9_startpage

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&m=et1831&r=17360810sn06973f54z85bh8514315

         

*****************
 

C:\Users\Mario => ":zylomtest" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-70L9-2A8RJ1B4CVNE}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVN5}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-9MH3-29NVUQ9IEVP4}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVP5}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVQ5}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00013KEU-UKQE-K6V0-GEOR-27TDF94KAVRD}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG1-1VH8-28I0EFCC2VTE}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG1-6E2T-2B6FMQRBGVS9}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG2-7CIS-27D9QT4MMVVB}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG2-J5B1-28UD62RUEVV9}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVRC}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-40QI-27REBT9KOVS5}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUL}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-4AUE-27LR9NHCQVUV}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVUC}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-9P7R-292OFTVD6VSL}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-GQ8O-29APM3QU0VVP}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG3-LKPT-24I6VJ8JOVVS}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VTJ}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG4-B3Q1-28C117F42VV1}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG5-FGLT-28R1BF9D2VUT}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-3908-27H0TJJBT000}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVK3}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-3908-29CNF5LCOVUA}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG6-U4RT-24BEICL2EVVU}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{000HQ7FF-AD7A-3FG7-E9E4-28TU2PQ8AVV3}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UGR3}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{00HF3294-L1FM-PT8K-2DAL-2AJLQ467UI1U}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{03NKKSH2-G2DA-KVPR-FOUA-C4MMGR7A0B84}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{03NKKSH2-G2DA-KVPR-OEI0-2B7UFSJEEJQ0}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{08NHH4IA-GNRC-ULTB-CSUU-2ALTQ9NJ84GN}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{1RQAE8H8-16LA-FSI5-T29L-2BDGV7ND2BEJ}" ADS removed successfully.

C:\Users\Mario => ":zylomtr{1RQAE8H8-16LA-FSQN-A1P8-2B4H36J02HTQ}" ADS removed successfully.

C:\ProgramData\TEMP => ":0B9176C0" ADS removed successfully.

C:\ProgramData\TEMP => ":4D066AD2" ADS removed successfully.

C:\ProgramData\TEMP => ":5D7E5A8F" ADS removed successfully.

C:\ProgramData\TEMP => ":93DE1838" ADS removed successfully.

C:\ProgramData\TEMP => ":AB689DEA" ADS removed successfully.

C:\ProgramData\TEMP => ":ABE89FFE" ADS removed successfully.

C:\ProgramData\TEMP => ":E1F04E8D" ADS removed successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

HKCU\Software\Mozilla\Firefox\Extensions\\{D1AE6DD0-116D-5BEE-0D8E-FF4A4EC2220D} => value deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}' => Key deleted successfully.

'HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1D855293-8F32-4CED-810A-7104C471F70C}' => Key deleted successfully.

'HKCR\CLSID\{1D855293-8F32-4CED-810A-7104C471F70C}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41AB09FE-0A87-4418-B327-2E4EF29A59F2}' => Key deleted successfully.

'HKCR\CLSID\{41AB09FE-0A87-4418-B327-2E4EF29A59F2}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}' => Key deleted successfully.

'HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70F7F677-A369-4AC6-8052-D87A791205CA}' => Key deleted successfully.

'HKCR\CLSID\{70F7F677-A369-4AC6-8052-D87A791205CA}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9}' => Key deleted successfully.

'HKCR\CLSID\{7CFCFBFC-276B-4F40-8C95-3F7AE068F5E9}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36B6AB2-9C86-4C46-97E2-104C7530E06D}' => Key deleted successfully.

'HKCR\CLSID\{D36B6AB2-9C86-4C46-97E2-104C7530E06D}'=> Key not found.

'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E4999632-68A8-441D-97E1-8E371D9982A1}' => Key deleted successfully.

'HKCR\CLSID\{E4999632-68A8-441D-97E1-8E371D9982A1}'=> Key not found.

HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
 
 

The system needed a reboot. 
 

==== End of Fixlog ====

irgendwie meint die seite das text zu lang ist geht auch als anhang posten die .txt dateien ?

Ja, kannst auch als Anhang posten... ;)

irgendwie hab ichs derzeit mit den extrem langsamen reagieren XD

Bitte mal frische Logs, die sind ja schon ne Woche alt... ;)

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.