Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Positive finds ads Problem! (https://www.trojaner-board.de/163630-positive-finds-ads-problem.html)

lauretta18 05.02.2015 10:20
Positive finds ads Problem!
 
Windows 7 Laptop: Seit 1 Tag Positive Finds eingefangen.
Habe das Programm entfernt. Trotzdem werde ich in Chrom UND in FF bombardiert mit Ads. Bitte freundlich um Hilfe Positive Finds zu entfernen!

Danke!

Laura

schrauber 05.02.2015 10:36
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


lauretta18 05.02.2015 10:52
Guten Morgen! Danke für die schnelle Reaktion. Also hier die gefragte Infos:

FRST.txt
FRST Logfile:

FRST Logfile:
[CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by laura (administrator) on LAURA-PC on 05-02-2015 10:44:48
Running from C:\Users\laura\Desktop
Loaded Profiles: laura & UpdatusUser (Available profiles: laura & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Simplygen) C:\Program Files (x86)\Protected Search\ProtectedSearch.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-18] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Video Web Camera\traybar.exe [630784 2008-12-10] (Chicony)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\RunOnce: [Adobe Speed Launcher] => 1423125917
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_287_Plugin.exe [960176 2015-01-24] (Adobe Systems Incorporated)
HKU\S-1-5-21-695859740-1481973391-1366812827-1001\...\RunOnce: [ScrSav] => C:\Windows\Screensavers\PackardBell\run_PackardBell
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [245008 2015-01-05] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [215312 2015-01-05] (Client Connect LTD)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Gere-Manager.lnk
ShortcutTarget: GoGear SA3MXX Gere-Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Suche
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Nieuws | sport | entertainment | celebrity | gezondheid | MSN.nl
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = Certified-Toolbar Search
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM-x32 -> DefaultScope {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MDC7E82B4-87C1-4E62-8A5C-E033C292F7EB&SearchSource=58&CUI=&UM=6&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MDC7E82B4-87C1-4E62-8A5C-E033C292F7EB&SearchSource=58&CUI=&UM=6&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=115038&tt=0313_7&babsrc=SP_ss&mntrId=a436648800000000000000262d5f6a98
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> {D22167BB-A630-41A0-873A-FFBBE46BA221} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^DE&apn_uid=256f375f-752b-47f5-8c90-ec0cb0fc817f&apn_sauid=AFA68AF5-0973-4753-B79B-CA7E05D6693A
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Conduit Engine -> {30F9B915-B755-4826-820B-08FBA6BD249D} -> C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Aanmeldhulp voor Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: VirtualDJ Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - VirtualDJ Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default
FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE
FF DefaultSearchEngine: Trovi
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF SelectedSearchEngine: Trovi
FF Homepage: hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=55&CUI=&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&SSPV=
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN07878589938687586&UM=&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_287.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_287.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-695859740-1481973391-1366812827-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\babylon1.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\buenosearch.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\trovi.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF Extension: Dowanlload KeeepeR - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\8d1mbmkch@poxyfg-.com [2013-11-03]
FF Extension: YoutubeAdblocker - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\eooiey87@yijfcx-.com [2013-11-03]
FF Extension: BuenoSearch - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\ffxtlbr@buenosearch.com [2014-04-16]
FF Extension: VirtualDJ Toolbar - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\toolbar@ask.com [2012-09-25]
FF Extension: SearchNewTab - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\yog1dw2_coc@oiho-l.com [2013-11-03]
FF Extension: Settings Manager - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0} [2014-04-16]
FF Extension: DVDVideoSoftTB - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2013-12-27]
FF Extension: DivX Web Player - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-09-02]
FF Extension: Positive Finds - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi [2015-02-04]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-19]
FF HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=55&CUI=&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}s ugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (McAfee Security Scan+) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-23]
CHR Extension: (SearchNewTab) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfchadolkcaofikjpfppfgkbneohonfn [2013-11-03]
CHR Extension: (Avira Browser Safety) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-03-13]
CHR Extension: (Google Wallet) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-19]
CHR HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\laura\AppData\Roaming\DVDVideoSoft\DVDVideoSoftBrowserExtension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM-x32\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\laura\AppData\Local\Temp\tbch.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [3342608 2015-01-05] (Client Connect LTD)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-18] (Macrovision Europe Ltd.) [File not signed]
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
R3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

und der Addition:FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by laura at 2015-02-05 10:46:50
Running from C:\Users\laura\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1103 - Alps Electric)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.11.3.0 - Ask.com) <==== ATTENTION
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon iP3600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version:  - )
Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM-x32\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815m.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDP Player (HKLM-x32\...\DDP Player) (Version:  - Sonoris Audio Engineering)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.3.3.3 - DVDVideoSoftTB)
FormatFactory 2.96 (HKLM-x32\...\FormatFactory) (Version: 2.96 - Free Time)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.34.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.34.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
GoGear SA3MXX Device Manager (HKLM-x32\...\{200F62A0-CB7C-4F57-8E79-45D92E901DA2}) (Version: 0.1 - Philips)
GoGear SA3MXX Device Manager (x32 Version: 0.1 - Philips) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Packard Bell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Dutch/Nederlands (HKLM-x32\...\OMUI.nl-nl) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Dutch) (HKLM-x32\...\{95120000-00AF-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{8ed5c8a6-2aee-40dd-8df4-26cd57921222}) (Version:  - Nero AG)
NVIDIA Grafisch stuurprogramma 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Online Sheet Music Viewer 8.3.4.0 (HKLM-x32\...\Online Sheet Music Viewer_is1) (Version: 8.3.4.0 - Online Sheet Music, Inc.)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.02.3004 - Packard Bell)
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Packard Bell)
PackardBell ScreenSaver (HKLM-x32\...\PackardBell Screensaver) (Version: 1.0.1.0302 - PackardBell)
Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14G - NewSoft)
Protected Search 1.1 (HKLM-x32\...\Protected Search_is1) (Version:  - Protected Search) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.10.1210 - Chicony Electronics Co.,Ltd.)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.00.3005 - Packard Bell)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{120831D2-E9AD-4383-AC40-01FE658E11D6}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Apparaatcentrum (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-695859740-1481973391-1366812827-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\laura\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-695859740-1481973391-1366812827-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\laura\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-01-2015 08:50:27 Windows Update
03-02-2015 08:40:02 Windows Update
05-02-2015 09:16:29 TuneUp Utilities 2014 is verwijderd
05-02-2015 09:17:57 TuneUp Utilities 2014 (de-DE) wird entfernt
05-02-2015 09:37:52 Herstelbewerking
05-02-2015 09:53:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D9EDD16-A1D9-4A4A-B46E-F607202EE189} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {2E2D51E9-6C6B-4506-A20B-9CA43A905A76} - System32\Tasks\{F588B0D6-AD16-40FA-BBCC-6E2B269543EE} => pcalua.exe -a C:\Users\laura\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {7E6DBECD-726B-49CD-8F60-F7248E0B4769} - System32\Tasks\{DF430214-1852-49BE-A08D-A03527BD02B0} => pcalua.exe -a C:\Users\laura\Downloads\latest.exe -d C:\Users\laura\Downloads
Task: {8DCD7774-7CBB-4842-B69A-83E2669D1297} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AD3F929B-67FD-4AD6-BF5E-6605979EDCDB} - System32\Tasks\{547B4E59-B8E8-4AE3-B9DE-6051E2536868} => pcalua.exe -a "C:\Users\laura\Downloads\latest (1).exe" -d C:\Users\laura\Downloads
Task: {BC276A43-4428-46DB-B56D-4285A1C3826D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-02-01] () <==== ATTENTION
Task: {E007467C-0824-48F9-AE7F-8B87E27600B9} - System32\Tasks\{4C66037B-E7F6-49AD-8BB9-FFC32B291243} => C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe
Task: {ECD7CDB1-346C-46A8-9100-F0EE49BB4F10} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2012-10-11] (Simplygen) <==== ATTENTION
Task: {F6999B2F-D709-4080-9B58-424AEA28E61A} - System32\Tasks\{6A28521A-E604-4449-9A74-490F68C2D3A2} => C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-19 09:17 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-19 17:14 - 2006-09-20 07:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2011-04-19 17:14 - 2006-09-19 15:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2011-07-29 00:08 - 2011-07-29 00:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-12-29 19:00 - 2011-12-29 19:00 - 03472384 _____ () C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
2011-04-19 04:10 - 2009-04-03 00:03 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
ATTENTION: Missing Desktop Wallpaper Registry entry.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-695859740-1481973391-1366812827-500 - Administrator - Disabled)
Gast (S-1-5-21-695859740-1481973391-1366812827-501 - Limited - Disabled)
laura (S-1-5-21-695859740-1481973391-1366812827-1000 - Administrator - Enabled) => C:\Users\laura
UpdatusUser (S-1-5-21-695859740-1481973391-1366812827-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 08:46:21 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
  at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
  at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
  at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
  at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
  at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
  at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
  at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  at System.Ser...

Error: (02/01/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/25/2015 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/18/2015 09:15:23 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/11/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/04/2015 09:22:27 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/28/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/21/2014 11:09:48 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/14/2014 08:20:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/12/2014 04:20:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: DivXUpdate.exe, versie: 1.0.6.15, tijdstempel: 0x4e31ebcf
Naam van module met fout: RPCRT4.dll, versie: 6.1.7601.18532, tijdstempel: 0x53c3352a
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0003915b
Id van proces met fout: 0x1118
Starttijd van toepassing met fout: 0xDivXUpdate.exe0
Pad naar toepassing met fout: DivXUpdate.exe1
Pad naar module met fout: DivXUpdate.exe2
Rapport-id: DivXUpdate.exe3


System errors:
=============
Error: (02/05/2015 09:38:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/05/2015 09:19:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De UPnP Device Host-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De upnphost-service kan niet als NT AUTHORITY\LocalService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1352

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De UPnP Device Host-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De upnphost-service kan niet als NT AUTHORITY\LocalService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1352

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (02/04/2015 00:05:56 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (02/04/2015 00:05:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/02/2015 10:49:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/02/2015 00:35:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (03/20/2012 06:41:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-12-04 15:43:06.752
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-12-04 15:43:06.642
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-12-04 15:39:29.479
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-12-04 15:39:29.389
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:10:25.999
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:10:25.929
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:03:30.493
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:03:30.423
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:01:49.043
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:01:48.963
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 4090.93 MB
Available physical RAM: 2437.57 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5869.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:224.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2A092A09)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by laura at 2015-02-05 10:46:50
Running from C:\Users\laura\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.2.202.233 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1103 - Alps Electric)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoStudio 5.5 (HKLM-x32\...\{85309D89-7BE9-4094-BB17-24999C6118FC}) (Version:  - ArcSoft)
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.11.3.0 - Ask.com) <==== ATTENTION
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Backup Manager Basic (x32 Version: 2.0.0.22 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}) (Version: 12.26.02 - Broadcom Corporation)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version:  - )
Canon iP3600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3600_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan 4400F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803) (Version:  - )
Compatibiliteitspakket voor het 2007 Microsoft Office system (HKLM-x32\...\{90120000-0020-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conduit Engine (HKLM-x32\...\conduitEngine) (Version:  - Conduit Ltd.) <==== ATTENTION
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.98.9.0 - Conexant)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.2815m.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDP Player (HKLM-x32\...\DDP Player) (Version:  - Sonoris Audio Engineering)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.3.3.3 - DVDVideoSoftTB)
FormatFactory 2.96 (HKLM-x32\...\FormatFactory) (Version: 2.96 - Free Time)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.34.430 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.34.430 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.35.1031 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.35.1031 - DVDVideoSoft Ltd.)
GoGear SA3MXX Device Manager (HKLM-x32\...\{200F62A0-CB7C-4F57-8E79-45D92E901DA2}) (Version: 0.1 - Philips)
GoGear SA3MXX Device Manager (x32 Version: 0.1 - Philips) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Packard Bell)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Packard Bell)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{26257879-B20D-4D30-A429-B387A4890929}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - Dutch/Nederlands (HKLM-x32\...\OMUI.nl-nl) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (Dutch) (HKLM-x32\...\{95120000-00AF-0413-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{5158F1F5-FA1B-4D49-B546-55A5004B89BD}) (Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{8ed5c8a6-2aee-40dd-8df4-26cd57921222}) (Version:  - Nero AG)
NVIDIA Grafisch stuurprogramma 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA HD Audio-stuurprogramma 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Online Sheet Music Viewer 8.3.4.0 (HKLM-x32\...\Online Sheet Music Viewer_is1) (Version: 8.3.4.0 - Online Sheet Music, Inc.)
Packard Bell InfoCentre (HKLM-x32\...\Packard Bell InfoCentre) (Version: 3.02.3000 - Packard Bell)
Packard Bell MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.22 - NewTech Infosystems)
Packard Bell Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3002 - Packard Bell)
Packard Bell Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3003 - Packard Bell)
Packard Bell Registration (HKLM-x32\...\Packard Bell Registration) (Version: 1.02.3004 - Packard Bell)
Packard Bell Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3014 - Packard Bell)
PackardBell ScreenSaver (HKLM-x32\...\PackardBell Screensaver) (Version: 1.0.1.0302 - PackardBell)
Presto! PageManager 7.15.14 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14G - NewSoft)
Protected Search 1.1 (HKLM-x32\...\Protected Search_is1) (Version:  - Protected Search) <==== ATTENTION
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30093 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Web Camera (HKLM-x32\...\{12A1B519-5934-4508-ADBD-335347B0DC87}) (Version: 1.7.10.1210 - Chicony Electronics Co.,Ltd.)
VirtualDJ Home FREE (HKLM-x32\...\{5E1375CB-6792-4464-8715-CC3EC83D48FA}) (Version: 7.0.5 - Atomix Productions)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Packard Bell Welcome Center) (Version: 1.00.3005 - Packard Bell)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{120831D2-E9AD-4383-AC40-01FE658E11D6}) (Version: 14.0.8064.206 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Apparaatcentrum (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinZip 18.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-695859740-1481973391-1366812827-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\laura\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-695859740-1481973391-1366812827-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\laura\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

27-01-2015 08:50:27 Windows Update
03-02-2015 08:40:02 Windows Update
05-02-2015 09:16:29 TuneUp Utilities 2014 is verwijderd
05-02-2015 09:17:57 TuneUp Utilities 2014 (de-DE) wird entfernt
05-02-2015 09:37:52 Herstelbewerking
05-02-2015 09:53:03 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2D9EDD16-A1D9-4A4A-B46E-F607202EE189} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {2E2D51E9-6C6B-4506-A20B-9CA43A905A76} - System32\Tasks\{F588B0D6-AD16-40FA-BBCC-6E2B269543EE} => pcalua.exe -a C:\Users\laura\AppData\Local\Temp\jre-8u31-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1
Task: {7E6DBECD-726B-49CD-8F60-F7248E0B4769} - System32\Tasks\{DF430214-1852-49BE-A08D-A03527BD02B0} => pcalua.exe -a C:\Users\laura\Downloads\latest.exe -d C:\Users\laura\Downloads
Task: {8DCD7774-7CBB-4842-B69A-83E2669D1297} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {AD3F929B-67FD-4AD6-BF5E-6605979EDCDB} - System32\Tasks\{547B4E59-B8E8-4AE3-B9DE-6051E2536868} => pcalua.exe -a "C:\Users\laura\Downloads\latest (1).exe" -d C:\Users\laura\Downloads
Task: {BC276A43-4428-46DB-B56D-4285A1C3826D} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2011-02-01] () <==== ATTENTION
Task: {E007467C-0824-48F9-AE7F-8B87E27600B9} - System32\Tasks\{4C66037B-E7F6-49AD-8BB9-FFC32B291243} => C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe
Task: {ECD7CDB1-346C-46A8-9100-F0EE49BB4F10} - System32\Tasks\ProtectedSearch\Protected Search => C:\Program Files (x86)\Protected Search\ProtectedSearch.exe [2012-10-11] (Simplygen) <==== ATTENTION
Task: {F6999B2F-D709-4080-9B58-424AEA28E61A} - System32\Tasks\{6A28521A-E604-4449-9A74-490F68C2D3A2} => C:\Program Files (x86)\Mio\MioMore Desktop 7.30\MioMore.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-04-19 09:17 - 2013-08-29 23:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-04-19 17:14 - 2006-09-20 07:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2011-04-19 17:14 - 2006-09-19 15:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2011-07-29 00:08 - 2011-07-29 00:08 - 01259376 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\ACE.dll
2011-12-29 19:00 - 2011-12-29 19:00 - 03472384 _____ () C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
2011-04-19 04:10 - 2009-04-03 00:03 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2011-07-29 00:09 - 2011-07-29 00:09 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll
2015-02-01 20:48 - 2015-01-27 04:44 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\laura\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
ATTENTION: Missing Desktop Wallpaper Registry entry.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-695859740-1481973391-1366812827-500 - Administrator - Disabled)
Gast (S-1-5-21-695859740-1481973391-1366812827-501 - Limited - Disabled)
laura (S-1-5-21-695859740-1481973391-1366812827-1000 - Administrator - Enabled) => C:\Users\laura
UpdatusUser (S-1-5-21-695859740-1481973391-1366812827-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 08:46:21 AM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Failed to process session change. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
  at Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
  at Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
  at Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
  at Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
  at Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
  at Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
  at Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
  at Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
  at System.Ser...

Error: (02/01/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/25/2015 07:00:03 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/18/2015 09:15:23 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/11/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (01/04/2015 09:22:27 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/28/2014 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/21/2014 11:09:48 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/14/2014 08:20:08 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: De back-up is niet voltooid vanwege een fout tijdens het schrijven naar back-uplocatie E:\. Fout: Kan de back-uplocatie niet vinden, of de locatie is ongeldig. Controleer uw instellingen voor back-ups en controleer ook de back-uplocatie. (0x81000006).

Error: (12/12/2014 04:20:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Naam van toepassing met fout: DivXUpdate.exe, versie: 1.0.6.15, tijdstempel: 0x4e31ebcf
Naam van module met fout: RPCRT4.dll, versie: 6.1.7601.18532, tijdstempel: 0x53c3352a
Uitzonderingscode: 0xc0000005
Foutoffset: 0x0003915b
Id van proces met fout: 0x1118
Starttijd van toepassing met fout: 0xDivXUpdate.exe0
Pad naar toepassing met fout: DivXUpdate.exe1
Pad naar module met fout: DivXUpdate.exe2
Rapport-id: DivXUpdate.exe3


System errors:
=============
Error: (02/05/2015 09:38:48 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/05/2015 09:19:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De UPnP Device Host-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De upnphost-service kan niet als NT AUTHORITY\LocalService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1352

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: De UPnP Device Host-service kan vanwege de volgende fout niet worden gestart:
%%1069

Error: (02/04/2015 00:05:56 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: De upnphost-service kan niet als NT AUTHORITY\LocalService met het huidig ingestelde wachtwoord worden aangemeld vanwege de volgende fout:
%%1352

Gebruik de module Services in de Microsoft Management Console (MMC) om te controleren of de service juist is geconfigureerd.

Error: (02/04/2015 00:05:56 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (02/04/2015 00:05:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/02/2015 10:49:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (02/02/2015 00:35:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}


Microsoft Office Sessions:
=========================
Error: (03/20/2012 06:41:45 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-12-04 15:43:06.752
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-12-04 15:43:06.642
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-12-04 15:39:29.479
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-12-04 15:39:29.389
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:10:25.999
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:10:25.929
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:03:30.493
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:03:30.423
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:01:49.043
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.

  Date: 2014-11-05 15:01:48.963
  Description: De integriteit van de kopie voor het bestand \Device\HarddiskVolume3\Program Files\Packard Bell\Packard Bell Power Management\SysHook.dll kan niet worden geverifieerd omdat de reeks kopie-hashes per pagina niet is gevonden op het systeem.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 40%
Total physical RAM: 4090.93 MB
Available physical RAM: 2437.57 MB
Total Pagefile: 8180.04 MB
Available Pagefile: 5869.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:286.27 GB) (Free:224.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 2A092A09)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=286.3 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 05.02.2015 13:09
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Ask Toolbar

    Conduit Engine

    Protected Search 1.1

    Search Protect


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

lauretta18 05.02.2015 18:12
Code:
ComboFix 15-02-02.01 - laura 05-02-2015  16:33:35.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.31.1043.18.4091.2191 [GMT 1:00]
Gestart vanuit: c:\users\laura\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((  Andere Verwijderingen  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\packardbell.ico
c:\program files (x86)\YoutubeAdblocker
c:\programdata\SearchNewTab
c:\programdata\SearchNewTab\Znt.dat
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\de\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\en\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\en_US\messages-sim.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\en_US\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\es\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\fr\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\it\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_locales\pt_BR\messages.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_metadata\computed_hashes.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\_metadata\verified_contents.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\api-rules.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\app.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\blocked.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\base\search.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\content.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\engines\ask.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\engines\duckduckgo.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\engines\google.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\content\search.css
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Bold.eot
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Bold.woff
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Light.eot
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro-Light.woff
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro.eot
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\fonts\KievitWebPro.woff
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\animated-overlay.gif
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_diagonals-thick_18_b81900_40x40.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_diagonals-thick_20_666666_40x40.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_flat_10_000000_40x100.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_glass_100_f6f6f6_1x400.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_glass_100_fdf5ce_1x400.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_glass_65_ffffff_1x400.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_gloss-wave_35_f6a828_500x100.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_highlight-soft_100_eeeeee_1x100.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-bg_highlight-soft_75_ffe45c_1x100.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_222222_256x240.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_228ef1_256x240.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_ef8c08_256x240.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_ffd27a_256x240.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\css\images\ui-icons_ffffff_256x240.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\data\effective_tld_names.dat.txt
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\app.html
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\blocked.html
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\locale.html
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\templates\indexed.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\html\top.html
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\de-DE.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\en-US.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\es-ES.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\fr-FR.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\it-IT.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\i18n\pt-BR.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\abs_avira_umbrella_white.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\absb-attention.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\absb-checks.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\absb-close.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon128.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon16.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon24.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon32.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_icon48.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_logo.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\avira_logo.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_safe.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_safe_lg.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_unsafe.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\classification_unsafe_lg.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\close-offers-bar.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\close.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_close.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_close_white.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_feedback.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_dark.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_dark.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_light.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_light.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\dash_search_normal.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\expand-arrow.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\info_empty.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\info_full.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\offers-rating.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\question-mark.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\scroll-down.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\serp_info_safe.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\serp_info_unsafe.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\settings-24.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\switch-on.png
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\trackers_icon.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\trackers_icon_nb.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\img\white_check.svg
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\app.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\background.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\blocked.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\content.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\content_start.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\locale.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\js\bunches\search.js
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk\1.4.4_0\manifest.json
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\005019.ldb
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\005021.ldb
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\005022.log
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\CURRENT
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOCK
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\LOG.old
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flliilndjeohchalpbbcdekjklbdgfkk\MANIFEST-005020
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage-journal
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_flliilndjeohchalpbbcdekjklbdgfkk_0.localstorage
c:\users\laura\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\laura\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((  Bestanden Gemaakt van 2015-01-05 to 2015-02-05  ))))))))))))))))))))))))))))))
.
.
2015-02-05 15:21 . 2015-02-05 15:21        --------        d-sh--w-        c:\users\laura\AppData\Local\EmieBrowserModeList
2015-02-05 15:17 . 2015-02-05 15:17        --------        d-----w-        c:\program files (x86)\VS Revo Group
2015-02-05 09:43 . 2015-02-05 09:48        --------        d-----w-        C:\FRST
2015-02-04 12:56 . 2015-02-04 12:56        --------        d-----w-        c:\users\laura\AppData\Local\TuneUp Software
2015-02-03 13:36 . 2015-02-04 11:02        --------        d-----w-        c:\users\laura\AppData\Local\avaxvavya
2015-01-25 16:13 . 2015-01-25 16:09        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-25 16:10 . 2015-01-25 16:10        --------        d-----w-        c:\program files (x86)\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((  Find3M Rapport  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 15:12 . 2012-04-09 18:43        701616        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 15:12 . 2011-06-15 19:45        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 09:26 . 2011-05-16 12:20        113365784        ----a-w-        c:\windows\system32\MRT.exe
2015-01-06 03:36 . 2014-01-02 18:11        298120        ------w-        c:\windows\system32\MpSigStub.exe
2014-12-13 05:09 . 2014-12-18 07:59        144384        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-12-13 03:33 . 2014-12-18 07:59        115712        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-12-04 02:50 . 2014-12-10 07:39        413184        ----a-w-        c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 07:39        741376        ----a-w-        c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 07:39        396800        ----a-w-        c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 07:39        830976        ----a-w-        c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 07:39        192000        ----a-w-        c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-10 07:39        227328        ----a-w-        c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-10 07:39        1083392        ----a-w-        c:\windows\system32\aeinv.dll
2014-12-02 10:26 . 2015-02-05 08:54        11870360        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{108B4642-2627-4B1B-AF4C-D84664ECB40F}\mpengine.dll
2014-12-01 23:28 . 2014-12-10 07:39        1232040        ----a-w-        c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 07:39        389296        ----a-w-        c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 07:39        25059840        ----a-w-        c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 07:39        2724864        ----a-w-        c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 07:39        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 07:39        66560        ----a-w-        c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 07:39        580096        ----a-w-        c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 07:39        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 07:39        2885120        ----a-w-        c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 07:39        88064        ----a-w-        c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 07:39        54784        ----a-w-        c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 07:39        34304        ----a-w-        c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 07:39        633856        ----a-w-        c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 07:39        114688        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 07:39        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 07:39        6039552        ----a-w-        c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 07:39        968704        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 07:39        490496        ----a-w-        c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 07:39        2724864        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 07:39        77824        ----a-w-        c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 07:39        199680        ----a-w-        c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 07:39        92160        ----a-w-        c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 07:39        501248        ----a-w-        c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 07:39        62464        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 07:39        47616        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 07:39        64000        ----a-w-        c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 07:39        316928        ----a-w-        c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 07:39        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 07:39        718848        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 07:39        800768        ----a-w-        c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 07:39        1359360        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 07:39        2125312        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 07:39        14412800        ----a-w-        c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 07:39        60416        ----a-w-        c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 07:39        4299264        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 07:39        2358272        ----a-w-        c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 07:39        2052096        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 07:39        1155072        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 07:39        1548288        ----a-w-        c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 07:39        800768        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 07:39        1888256        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56        1202848        ----a-w-        c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-10 07:39        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-23 09:27        241152        ----a-w-        c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-23 09:27        728064        ----a-w-        c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 07:39        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-23 09:27        186880        ----a-w-        c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-23 09:27        550912        ----a-w-        c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 07:39        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 07:38        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 07:38        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Opstartpunten  )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54        175912        ----a-w-        c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2009-08-21 262912]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2008-12-10 630784]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-17 702768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-12-31 126712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
GoGear SA3MXX Gere-Manager.lnk - c:\program files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe [2011-11-26 124880]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-01 19:48        1086280        ----a-w-        c:\program files (x86)\Google\Chrome\Application\40.0.2214.94\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 06:32]
.
2015-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 06:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-22 295936]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2009-08-05 828960]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 2114376]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=MDC7E82B4-87C1-4E62-8A5C-E033C292F7EB&SearchSource=55&CUI=&UM=6&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&SSPV=
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
mSearch Bar = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\laura\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Trovi
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=55&CUI=&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&SSPV=
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN07878589938687586&UM=&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a436648800000000000000262d5f6a98&q=
FF - user.js: extensions.BabylonToolbar.id - a436648800000000000000262d5f6a98
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15719
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.213:53
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115038&tt=0313_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Intel® Integrated Performance Primitives 1.1 - c:\windows\system32\UninstIPP.isu
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Voltooingstijd: 2015-02-05  18:10:46 - machine werd herstart
ComboFix-quarantined-files.txt  2015-02-05 17:10
.
Pre-Run: 240.279.785.472 bytes beschikbaar
Post-Run: 240.753.160.192 bytes beschikbaar
.
- - End Of File - - 1130301975300FFCE9A7CF7747A7CE65
5C616939100B85E558DA92B899A0FC36

schrauber 06.02.2015 07:24
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

lauretta18 06.02.2015 12:12
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Guten Morgen! Leider stand nur das im neuen Mbam.txt Protokoll ...

Gruss,

Laura

Code:
# AdwCleaner v4.110 - Logfile created 06/02/2015 at 10:18:48
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : laura - LAURA-PC
# Running from : C:\Users\laura\Downloads\AdwCleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Uniblue
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\Dowanlload  KeeepeR
Folder Deleted : C:\ProgramData\39b559e409962429
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Red Sky
Folder Deleted : C:\Program Files (x86)\Dowanlload  KeeepeR
Folder Deleted : C:\Users\laura\AppData\Local\apn
Folder Deleted : C:\Users\laura\AppData\Local\Conduit
Folder Deleted : C:\Users\laura\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\laura\AppData\LocalLow\DownTangoFTToolbar
Folder Deleted : C:\Users\laura\AppData\Roaming\Babylon
Folder Deleted : C:\Users\laura\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\laura\AppData\Roaming\RHEng
Folder Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{19D73812-1701-1B61-CBA2-12A70C87A0B0}
[!] Folder Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
Folder Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\8d1mbmkch@poxyfg-.com
Folder Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\eooiey87@yijfcx-.com
Folder Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
File Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\{27b7c23c-50cd-4b3c-a6c1-8e45175b2442}.xpi
File Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\Askcom.xml
File Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\searchplugins\ask-search.xml
File Deleted : C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\user.js
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D22167BB-A630-41A0-873A-FFBBE46BA221}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ProtectedSearch
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\simplytech
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v30.0 (de)

[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050./9b+7e9x305.from_oldbar.enc", "JH41Myw/MnhEOTwpcSt7dXl5MCcySExPT0RQTEdUWFxQSDRfVFdELUY3MTU0S0JNY2tdX19zaWtKdWptWkNcTUdLSWFYY3kib3QlKCR5YCwhJHBZcmNdYGh3bnkwOjorKi50QDU4JW0nd3F0eywj[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050./9b+7e:x305.from_oldbar.enc", "JH42Mzs4MnhEOTwpcSt7dnl6MCcySUhVRUQsV0xPPCU+LyotLUM6RVxnVVteP2pfYk84UUI9QD9WTVhvemh4bHFxVCB0d2RNZldSVVNrYm0lfi16ZjInKnZfeGlkZm59dCA3QjIyMkZENXxHRyx0[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050./9b+7e?x305.from_oldbar.enc", "JH47LS8vM0E0QDo6fUlMLXUvICMgfjQrNlJQTFJJVVJWUlw1YFVYRS5HODs4NkxDTmpwb19lY11zb2d1eGhMZXBrVCB0d2RNZldaV1RrYm0qIisvJS5oNCkseGF6a25rZyB2Ij5EQkEzNkE8PiBL[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050./9b+7e@x305.from_oldbar.enc", "JH48QEIrd0M4OyhwKnt2fngvJjFOUlQ9KlVKLUZRPCU+MCszLEM6RWJnVlFiWWVfX0NuY0ZfalU+V0lETERcU157IXR8eCF0WiZ6fWpTbF5ZYGJxaHMxNCkmJm05LjF9ZiBxbHN0JXsnRDY5PT9F[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.InstallationType", "ConduitIntegration");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.SearchEngineBeforeUnload", "DVDVideoSoftTB Customized Web Search");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.SearchInNewTabURLFromSearchAPI", "hxxp://search.conduit.com/?ctid=CT2269050&octid=CT2269050&SearchSource=15&CUI=SB_CUI&SSPV=EB_SSPV&Lay=1&UM=UM_ID");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050._9b_7e.x305.from_oldbar.enc", "JH4qQTc3RDQzekY7PitzLXp9fCEyKTQ/VkZUUkxHSllaSFFQXlFSOWRZXEkySzk8Oz5QR1JdbGprb3htaFBqb3FxdCJWInZ5Zk9oVllYWm1kb3p7Mn1oNCkseGF6aGtqayB2Ii1zL3lFOj0qcix5[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.autocompletepro_enable_auto.from_oldbar.enc", "MQ==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-b035-1616f617316d/.pricesparrowstatus", "64697361626C6564");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.hxxp___storage_conduit_com_marketplace_83_6d_8399d181_be98_42f2_b035_1616f617316d_.pricesparrowstatus.from_oldbar.enc", "ZGlzYWJsZWQ=");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.installType", "ConduitIntegration");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovigo.com/?gd=&ctid=CT2269050&octid=CT2269050&ISID=ISID_ID&SearchSource=15&CUI=UN07878589938687586&SSPV=&La[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.smartbar.CTID", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.smartbar.Uninstall", "0");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"5b480d043900552eedf2efe6a0fc653a3\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/DE", "\"0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DE", "\"0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1365594729\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT2269050", "uG7mdamLoNmpmgC2c0JctQ==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "2E1/v7EfCEDbv3VaBQMELg==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT2269050", "jf4tQQjNr2TQ31uHimzTMg==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT2269050", "I1tfz7EBg4DmNytL9x55lQ==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT2269050", "ZU6zjERHpZr7lBpInn+HyA==");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"380ff24abc2ce1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"807dc126dd28cc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.20.0.4", "\"dfe74040abc2ce1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"07766f5592f76b152ec9246ce6a0b574\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=CT2269050", "\"1322501035\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1311170367\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"968402cf2834e7ec0f38a19f0e9a9eb0\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\laura\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\1onve7qe.default\\conduitCommon\\modules\\3.20.0.4");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v213/gadget.html", "400x449");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_22c9b680", "356x332");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/menu_dlg/pg_dlg.html#pg_ext_msg_key_113cf42d", "100x93");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/07/dd/07caac71-eac9-4963-9fa6-f6c1cc836ddd/Gadgets/9b2c0b7d-47bd-440b-a22f-35bf33416229.html", "800x707");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtubetop.conduitapps.com/youtubetop", "950x530");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 21 2011 09:55:44 GMT+0200");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 13:10:49 GMT+0200");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 22 2011 16:09:45 GMT+0200");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.alert.userId", "9801c8ca-75ca-47ad-bf43-2d287cbf8f9a");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.globalUserId", "b6994bfc-7f5d-4bce-aa92-ec0d0460bbad");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.killedEngine", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Nov 07 2013 14:22:11 GMT+0100");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Nov 07 2013 14:22:20 GMT+0100");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Nov 07 2013 14:22:11 GMT+0100");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.notifications.userId", "3de75398-6b56-44f7-87b4-0c2baba61a36");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("CommunityToolbar.undefined", "");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "DVDVideoSoftTB Customized Web Search");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN07878589938687586&UM=&q=");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7C.AUC_clientCache", "{\"AUC_CACHE\":{\"avira.com\":{\"c\":[1],\"ttl\":1389292260},\"ask.com\":{\"c\":[1],\"ttl\":1389815033},\"live.com\":{\"c\":[1],\"ttl\":1389352167},\[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7C.apn.tldcache", "{\"date\":1388687454850,\"domainList\":[\"ac\",\"com.ac\",\"edu.ac\",\"gov.ac\",\"net.ac\",\"mil.ac\",\"org.ac\",\"ad\",\"nom.ad\",\"ae\",\"co.ae\",\"ne[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7C.com.avira.dnt.rules", "\"{\\\"Version\\\":39,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7C.domain", "\"avira.search.ask.com\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7C.hpr_ff", "\"hxxp://avira.search.ask.com/?tpid=AVIRA-V7C&o=APN11392&pf=V7&trgb=ALL&p2=%5EBAZ%5EYYYYYY%5EYY%5EDE&gct=hp&apn_ptnrs=%5EBAZ&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.AVIRA-V7C.previous-keyword-url", "\"hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CUI=UN07878589938687586&UM=&q=\"");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.id", "a436648800000000000000262d5f6a98");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15719");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=a436648800000000000000262d5f6a98&q=");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115038&tt=0313_7");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.213:53:24");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B872b5b88-9db5-4310-bdd0-ac189557e5f5%7D:10.23.0.822,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2269050");
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&CU[...]
[1onve7qe.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "TI9OIPAVUTEBDWTINMBVJIKIRAFLRAJQMF0GG6WI7BA29KZUQHMH3KO6Z6/ZKLJMWBKEHEEUQTOWTD+7GRU/CQ");

-\\ Google Chrome v40.0.2214.94

[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2937&q={searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.search-guide.info/?l=1&q={searchTerms}&pid=1273&r=2013/11/03&hid=3417341671828216378&lg=EN&cc=DE&unqvl=40
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://tuvaro.com/ws/?q={searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=58&CUI=&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&q={searchTerms}&SSPV=
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=A43600262D5F6A98&affID=128492&tsp=5219
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
[C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?q={searchTerms}&stype=Results&Suggest=&useHistory=0&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&isid=ISID_ID&UM=5&SelfSearch=1&SearchType=SearchWeb&SearchSource=69&ctid=CT3324790&octid=EB_ORIGINAL_CTID

*************************

AdwCleaner[R0].txt - [32585 bytes] - [06/02/2015 10:15:15]
AdwCleaner[S0].txt - [33810 bytes] - [06/02/2015 10:18:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33870  bytes] ##########
Code:
~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\Users\laura\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] "C:\Users\laura\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Windows\launcher.exe"



~~~ Folders



~~~ FireFox

Successfully deleted: [Folder] C:\Users\laura\AppData\Roaming\mozilla\firefox\profiles\1onve7qe.default\conduitcommon
Successfully deleted: [Folder] C:\Users\laura\AppData\Roaming\mozilla\firefox\profiles\1onve7qe.default\smartbar
Successfully deleted the following from C:\Users\laura\AppData\Roaming\mozilla\firefox\profiles\1onve7qe.default\prefs.js

user_pref("CT2269050..clientLogIsEnabled", false);
user_pref("CT2269050./9b+7e+x305.from_oldbar.enc", "JH4nQTM0NjN5RTo9KnIseXp+ejEoMztHSVNGLVhNUD0mPy0uMTVEO0ZOT1tWXmlbQm1iZVI7VEJDRklZUFtjfXN7blUhdXhlTmdVVllbbGNudnwmKzB7aTUqLXl
user_pref("CT2269050./9b+7e,x305.from_oldbar.enc", "JH4oQS8/Pjd5RTo9KnIseXt4fTEoMzxHSEAsV0xPPCU+LC4rL0M6RU5ZUFtXZ2pmQm1iRV5pVD1WREZDRltSXWZxbCFua1h9c2dQaVdZVlhuZXB5MycyfWo2Ky5
user_pref("CT2269050./9b+7e-x305.from_oldbar.enc", "JH4pNjA8NjZ5RTo9KnIseXogezEoMz1GK1VKTUtHSVlNM1NdT0MsRTM0OTRKQUxWW15sZW5wbHFkc21NeG1wXUZfTU5TTWRbZnBVKHwgfXl7MC4kIjAjaTUqLW0
user_pref("CT2269050./9b+7e/x305.from_oldbar.enc", "JH4rQTU2MnhEOTwpcSt4fHt3MCcyPkxDQ1NOLVhbPCU+LDAuNEM6RVFYYmleZ1pBbGFkUTpTQUVDSFhPWmZte3xxdHJucCF0dFsne35rVG1bX11hcml0IS8nJiY
user_pref("CT2269050./9b+7e06cg5el8:.from_oldbar.enc", "bm1rbWpubXV1dg==");
user_pref("CT2269050./9b+7e06cg5el;8i:k.from_oldbar.enc", "JH4tLyJqdHNxc3B0c3t7fCQvS0lHT0I1fV1cPQ==");
user_pref("CT2269050./9b+7e0x305.from_oldbar.enc", "JH4sQDpAd0M4OyhwKnd8dX0vJjE+QSlVR0hNUVpOWlkyXVJVQitEMjcwN0lAS1heaF5wbm5mdGJuaWtNeG1wXUZfTVJLUWRbZnMje3csKiovJWQwJSh0XXZkaWJ
user_pref("CT2269050./9b+7e1x305.from_oldbar.enc", "JH4tQTE9QDJ5RTo9KnIsend5fjEoM0FHPkVHRUgvWk9SPyhBMC0vM0Y9SFZiZWhca2dfbXBgSHNoa1hBWklGSEtfVmFvfCF9dHR6eCdfKyAjb1hxYF1fYXZteCc
user_pref("CT2269050./9b+7e2x305.from_oldbar.enc", "JH4uNUIxPT05OntHPD8sdC55IH0yKTRDVlVORy5ZTlEyXk9BKkM1NzIxSD9KWWVfX2JsW3FzaXVpdXRNeG1wUX5rYEliUlBUUWdeaXgoLXx8Yy8kJ3NcdWRmZmh
user_pref("CT2269050./9b+7e3x305.from_oldbar.enc", "JH4vQT87NjM/R0Y/fUk+QS52MH4iJCE1LDdHS1lXS0pIWFhOXjdiVzpTXkkySzo9PztQR1JibGJddXhtdmp8UXxxdGFKY1JVV1JoX2p6LSYsLCR+LzIuaTUqLXl
user_pref("CT2269050./9b+7e4x305.from_oldbar.enc", "JH4wLEB2Qjc6J28pd3t0di4lMEE+T0lKUitVVTojPCsvKClBOENUUV5dVmFfVmhcQm1iZVI7VENGSUpZUFtsaXp+IXAjcHZZJXl8XSp6bFVuXWBjY3NqdSckMTg
user_pref("CT2269050./9b+7e5x305.from_oldbar.enc", "JH4xNkIrd0M4OyhwKnl1encvJjFDSz1JVkpQWS5ZTjFKVUApQjIuMy9HPklbXVlaal5YcHJiZ0l0aWxZQltLR0tRYFdidHwkc3N3JiAkICpiLiMmclt0ZGBkaXl
user_pref("CT2269050./9b+7e6x305.from_oldbar.enc", "JH4yLD4yMjI4RT58SD1ALXUvfnskJDQrNklTVFJZWFpaUFJONmFWWUYvSDg1PTxNRE9ibG1rcnFqd2FNeG1wXUZfT0xUUWRbZnl7Jnh4KX4vKS0yMGczKCt3YHl
user_pref("CT2269050./9b+7e7x305.from_oldbar.enc", "JH4zPSw/Pj95RTo9KnIse3p5ejEoM0dRP0RVWUJMWjFcUVRBKkMzMjA3SD9KXmhWW1lwYG5sZmFkc0x3bG9cRV5OTUtRY1pleSR6KSN4emEtIiVxWnNjYmBleG9
user_pref("CT2269050./9b+7e8x305.from_oldbar.enc", "JH40PT87NTc7PzZ8R0csdC5+eCMyKTRJVlVARy5ZTlE+J0AwMjUzRTxHXFVYY2plbmJebGFrcGhzS3ZrbltEXU1PUk9iWWR5J3ZyKnkoYCwhJHBZcmJkZ2J3bnk
user_pref("CT2269050./9b+7e;x305.from_oldbar.enc", "JH43PzM/NzhCL3tHPD8sdC5+enoiMyo1TUYsV0xPPCU+LysrMUM6RV1jVldcXFpBbGFkUTpTREBARVhPWnJzcXp4bSJWInZ5Zk9oWVVVWW1kbygkLCcqMiEwJ20
user_pref("CT2269050./9b+7e<x305.from_oldbar.enc", "JH44NDAwRC9GNkQ3fUk+QS52MCF9JCY1LDdQLk9HRzFcUVRBKkM0MTc4SD9KY19aamReYlpHcmdqV0BZSkdNTV5VYHlxJG53eCV2XSl9IW1Wb2BdY2J0a3YwJS0
user_pref("CT2269050./9b+7e=x305.from_oldbar.enc", "JH45MzY/QUE3OTV8SD1ALXUvIH4gIjQrNlBUWVdMVU9RWzRfVFdELUY3Njc4S0JNZ2twbmBvYWZrY2ZNeG1wXUZfUE9QUGRbZiElfHlzemEtIiVxWnNkY2RjeG9
user_pref("CT2269050./9b+7e>x305.from_oldbar.enc", "JH46QTY/MjI4OHtHPD8sdC5+ICF8Myo1UE9TRkgvWk9SPyhBMjM0L0Y9SGNcXWZiakNuY2ZTPFVGR0hCWlFcd3B3cyAjcSFZJXl8aVJrXF1dYXBnci4hLiQ4KDg
user_pref("CT2269050./9b+7eax305.from_oldbar.enc", "JH49PTc4d0M4OyhwKnt6dX4vJjFPT1RKUkBFSFZPWDFcUVRBKkM1NC83SD9KaGRrZF1eYmRiYW1pcXJrbHhqUXxxdGFKY1VUT1ZoX2opJSgnfDEnIjAgaTUqLXl
user_pref("CT2269050./9b+7ebe3g=;d9n9=d.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZJZXFzTTNLVw==");
user_pref("CT2269050./9b+7ebx305.from_oldbar.enc", "JH4+OTFBMD0zRUA2Mn5KP0IvdzF7fSM1LDdWWUlITk9RUlxOTFVTW1RgWlo+aV5hTjdQOz1BVEtWdXVlbXNneW1tfFUhdXhlTmdSVFdrYm0tIiUuIGczKGokL3l
user_pref("CT2269050./9b+7ecx305.from_oldbar.enc", "JH4/PTAwQzEuekY7PitzLXsgfjEoM1NRVlVRV1pPWExeM15TVkMsRTQ4NklAS2tZVmxoa0ZxZmlWP1hHS0hcU15+bGlWInZ5Zk9oV1tXbGNuLzEhJjAjNio1LCw
user_pref("CT2269050./9b+7edx305.from_oldbar.enc", "JH5ANUIqNjh5RTo9KnIsfSAvJjFSR1Q8SEosV0wvSFM+J0AyM0M6RWZbaFBcXkBrbk84UUNDVEtWd2x5YW1vUXxxVHhzY0xlV1ZoX2osIS51IiRlLiN0XXZoZnl
user_pref("CT2269050./9b+7etx305.from_oldbar.enc", "JH5uLy47MjNCNXtEOStzLXp7e3wyKTQjUkxUV0dKTlBWXUphUV9dV1JVZD1oXWBNNk89Pj49VEtWRUhqc21pb1J9cnViS2RSU1NRaWBrWnt7dyYueWczKCt3YHl
user_pref("CT2269050./9b-0?3g>d.from_oldbar.enc", "b2g9bG9wRHF6cHBHRSBKdX56JSB8UiAqJCQjWScmVy8rLSou");
user_pref("CT2269050./9b-0?3g@6:5;.from_oldbar.enc", "AA==");
user_pref("CT2269050./9b-0?3gfa7ef.from_oldbar.enc", "Ky4sPQ==");
user_pref("CT2269050./9b-3=3eccja=f>.from_oldbar.enc", "JH4zPSxFL0E1J28pKiEsOT1EMHgyMyo1REhYTDojLjM+WGBPZFZgT2hSZFhYY15gTjdrcWdhcFk=");
user_pref("CT2269050./9b/>01=9a6k6<im;krie@pdawm.from_oldbar.enc", "amlrcnN0dXY=");
user_pref("CT2269050./9b3=>@44i48?.from_oldbar.enc", "NywtMml1djNCNjNBSEd1IT8+SE9OTUZIUCtWS04uWVlZX0xWTzdkU1dQ");
user_pref("CT2269050./9b5ba==9cjag.from_oldbar.enc", "bWpsb3N0b296eHZHd3N7SXl9fk1Q");
user_pref("CT2269050./9b6b11g4c56b>f;p;anr@p.from_oldbar.enc", "bm1rbWpubXV1dXF6dQ==");
user_pref("CT2269050./9b90e@8ff=eg.from_oldbar.enc", "OT81Lz4=");
user_pref("CT2269050./9b9643g3/9e.from_oldbar.enc", "ag==");
user_pref("CT2269050./9b;45>:bi9i7ie.from_oldbar.enc", "Ky4sPQ==");
user_pref("CT2269050./9b<:222h64<.from_oldbar.enc", "OT81Lz4=");
user_pref("CT2269050./9b=+03eh8h8j?:.from_oldbar.enc", "REM=");
user_pref("CT2269050./9b?+e2a52d8.from_oldbar.enc", "NywtMml1di46PHs6OUNKSUhBQ0smUUZJKWVQRlZkcHJ5UVVeXlI=");
user_pref("CT2269050./9b?b0d:8aj62<h.from_oldbar.enc", "bQ==");
user_pref("CT2269050./9ba@0<0bi6a7gn:6@l?.from_oldbar.enc", "bms=");
user_pref("CT2269050.1000082.isPlayDisplay", "true");
user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
user_pref("CT2269050.1000234.TWC_locId", "GMXX0028");
user_pref("CT2269050.1000234.TWC_temp_dis", "c");
user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2269050.AppTrackingLastCheckTime", "Tue Jan 15 2013 14:20:45 GMT+0100");
user_pref("CT2269050.BrowserCompStateIsOpen_129568601980692121", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
user_pref("CT2269050.BrowserCompStateIsOpen_130100683276316706", true);
user_pref("CT2269050.BrowserCompStateIsOpen_1359634297000", true);
user_pref("CT2269050.CT2269050", "CT2269050");
user_pref("CT2269050.ConfigurationLastCheckTime", "Thu Nov 07 2013 14:22:10 GMT+0100");
user_pref("CT2269050.CurrentServerDate", "7-11-2013");
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DialogsGetterLastCheckTime", "Thu Nov 07 2013 14:22:11 GMT+0100");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Tue Sep 20 2011 12:47:02 GMT+0200");
user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.EnableSearchSuggest", false);
user_pref("CT2269050.FirstServerDate", "21-4-2011");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.HasUserGlobalKeys", true);
user_pref("CT2269050.HomePageProtectorEnabled", false);
user_pref("CT2269050.HomepageBeforeUnload", "hxxp://www.google.com/");
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
user_pref("CT2269050.InstallationId", "StubInstaller");
user_pref("CT2269050.InstalledDate", "Thu Apr 21 2011 10:06:23 GMT+0200");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsAlertDBUpdated", true);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", true);
user_pref("CT2269050.IsOpenUninstallPage", true);
user_pref("CT2269050.LanguagePackLastCheckTime", "Thu Nov 07 2013 14:22:11 GMT+0100");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LastLogin_3.10.0.1", "Mon Apr 23 2012 10:09:56 GMT+0200");
user_pref("CT2269050.LastLogin_3.12.0.7", "Wed Apr 25 2012 12:22:01 GMT+0200");
user_pref("CT2269050.LastLogin_3.12.2.3", "Wed May 30 2012 20:16:00 GMT+0200");
user_pref("CT2269050.LastLogin_3.13.0.6", "Thu Jun 28 2012 09:26:49 GMT+0200");
user_pref("CT2269050.LastLogin_3.14.1.0", "Wed Aug 22 2012 09:56:23 GMT+0200");
user_pref("CT2269050.LastLogin_3.15.1.0", "Thu Nov 08 2012 22:40:00 GMT+0100");
user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Feb 08 2013 00:16:30 GMT+0100");
user_pref("CT2269050.LastLogin_3.16.0.3", "Thu Jan 03 2013 22:23:49 GMT+0100");
user_pref("CT2269050.LastLogin_3.18.0.7", "Mon Jul 15 2013 11:14:01 GMT+0200");
user_pref("CT2269050.LastLogin_3.19.0.3", "Sun Sep 08 2013 21:38:48 GMT+0200");
user_pref("CT2269050.LastLogin_3.20.0.4", "Thu Nov 07 2013 14:22:11 GMT+0100");
user_pref("CT2269050.LastLogin_3.3.3.2", "Wed Jun 22 2011 16:09:47 GMT+0200");
user_pref("CT2269050.LastLogin_3.5.0.12", "Tue Aug 16 2011 09:50:55 GMT+0200");
user_pref("CT2269050.LastLogin_3.6.0.10", "Tue Sep 27 2011 22:57:41 GMT+0200");
user_pref("CT2269050.LastLogin_3.7.0.6", "Mon Nov 07 2011 11:35:54 GMT+0100");
user_pref("CT2269050.LastLogin_3.8.0.8", "Tue Dec 06 2011 10:26:05 GMT+0100");
user_pref("CT2269050.LastLogin_3.8.1.0", "Mon Jan 09 2012 15:42:25 GMT+0100");
user_pref("CT2269050.LastLogin_3.9.0.3", "Tue Feb 14 2012 18:47:14 GMT+0100");
user_pref("CT2269050.LatestVersion", "3.20.0.4");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipShow", false);
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Mon Sep 19 2011 13:11:48 GMT+0200");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioShrinkedFromSetup", false);
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SHRINK_TOOLBAR", 1);
user_pref("CT2269050.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
user_pref("CT2269050.SearchAPILastCheckTime", "Thu Nov 07 2013 14:22:10 GMT+0100");
user_pref("CT2269050.SearchAppState.enc", "Mw==");
user_pref("CT2269050.SearchAppTracking.enc", "MQ==");
user_pref("CT2269050.SearchBoxWidth", 150);
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Sep 08 2013 17:38:47 GMT+0200");
user_pref("CT2269050.SearchInNewTabUserEnabled", false);
user_pref("CT2269050.SearchProtectorEnabled", false);
user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
user_pref("CT2269050.ServiceMapLastCheckTime", "Thu Nov 07 2013 14:22:10 GMT+0100");
user_pref("CT2269050.SettingsLastCheckTime", "Thu Nov 07 2013 14:22:08 GMT+0100");
user_pref("CT2269050.SettingsLastUpdate", "1383814657");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Oct 19 2013 10:01:01 GMT+0200");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
user_pref("CT2269050.UserID", "UN07878589938687586");
user_pref("CT2269050.ValidationData_Search", 2);
user_pref("CT2269050.ValidationData_Toolbar", 2);
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Thu Nov 07 2013 14:22:11 GMT+0100");
user_pref("CT2269050.WeatherUnit", "C");
user_pref("CT2269050._9b_7e.:2z527.from_oldbar.enc", "JH5wcnMwPDgzR3tHPD8sdC5+fXkgIjQrNigqK0dKVF1LWFVTVTdiV1pHMEk6Oj07P09GUUNFRl5HSUpldXZ0e3ZxVHlvY0xlVldYWFZrYm1fYCwkJSE0NiwtN
user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.appOptions", "{\"129466585399606892\":{\"render\":true,\"disabled\":true,\"appGuid\":\"\",\"appClientGuid\":\"\",\"isPersonalApp\":false},\"12988114017081
user_pref("CT2269050.approveUntrustedApps", true);
user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B
user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E707273303C3833477B473C3F2C742E7E7D792022342B36282A2B474A545D4B585553553762575A4730493A3A3D3B3F4F46514345465E47494A6575
user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6B6D6A6E6D757576");
user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747371737074737B7B7C242F4B49474F42357D5D5C3D");
user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F
user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D
user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F683D6C6F7044717A70704745204A757E7A25207C52202A242423592726572F2B2D2A2E");
user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6D6A6C6F73746F6F7A78764777737B49797D7E4D50");
user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6D6A6E6D757575717A75");
user_pref("CT2269050.backendstorage./9b90e@8ff=eg", "393F352F3E");
user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
user_pref("CT2269050.backendstorage.facebook_mode", "32");
user_pref("CT2269050.backendstorage.hxxp://www_pricesparrow_com.pricesparrowstatus", "64697361626C6564");
user_pref("CT2269050.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E647569746170
user_pref("CT2269050.backendstorage.mam_gk_appsdefaultenabled", "66616C7365");
user_pref("CT2269050.backendstorage.mam_gk_appstate_couponbuddy", "6F6666");
user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook", "6F6666");
user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6666");
user_pref("CT2269050.backendstorage.mam_gk_appstate_pricegong", "6F6666");
user_pref("CT2269050.backendstorage.mam_gk_appstatereporttime", "31333635393638313130313135");
user_pref("CT2269050.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225072696365476F6E67222C22637269746572696173223A5B7B226372697465726
user_pref("CT2269050.backendstorage.mam_gk_currentversion", "312E342E342E36");
user_pref("CT2269050.backendstorage.mam_gk_eventscache", "7B2237653235366661362D383237332D343934392D383763332D306365633562333035616162223A7B22746F706963223A2273656E64557361676
user_pref("CT2269050.backendstorage.mam_gk_first_time", "31");
user_pref("CT2269050.backendstorage.mam_gk_gadgetopen", "77656C636F6D65");
user_pref("CT2269050.backendstorage.mam_gk_lastlogintime", "31333635393638313035393432");
user_pref("CT2269050.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E742D52696368746C696E6965227D2C2267616467
user_pref("CT2269050.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2236315
user_pref("CT2269050.backendstorage.mam_gk_showclosebutton", "66616C7365");
user_pref("CT2269050.backendstorage.mam_gk_showwelcomegadget", "74727565");
user_pref("CT2269050.backendstorage.mam_gk_userid", "65613134376439362D346436622D343561662D393138642D326666613336323831386163");
user_pref("CT2269050.backendstorage.pg_enable", "74727565");
user_pref("CT2269050.backendstorage.searchappstate", "33");
user_pref("CT2269050.backendstorage.searchapptracking", "31");
user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "4672692044656320333020323031312032323A32383A353920474D542B30313030");
user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
user_pref("CT2269050.backendstorage.youtubelang", "4445");
user_pref("CT2269050.components.1000034", false);
user_pref("CT2269050.components.1000082", false);
user_pref("CT2269050.components.129023235807856892", false);
user_pref("CT2269050.components.129121052374999726", false);
user_pref("CT2269050.components.129351672002618989", false);
user_pref("CT2269050.components.129351776130744254", false);
user_pref("CT2269050.components.129391330693125668", false);
user_pref("CT2269050.components.129466585396013141", false);
user_pref("CT2269050.components.129466585399606892", false);
user_pref("CT2269050.components.129575150554007677", false);
user_pref("CT2269050.components.129681780741097243", false);
user_pref("CT2269050.components.129705015340022508", false);
user_pref("CT2269050.components.129853623028165512", false);
user_pref("CT2269050.components.129863783591067571", false);
user_pref("CT2269050.components.129881140170815901", false);
user_pref("CT2269050.components.129881141106886992", false);
user_pref("CT2269050.components.129957310771862542", false);
user_pref("CT2269050.components.129977890572899945", false);
user_pref("CT2269050.components.130100683276316706", false);
user_pref("CT2269050.components.1359634297000", false);
user_pref("CT2269050.countryCode", "DE");
user_pref("CT2269050.ct2269050isadsdisabled.from_oldbar.enc", "ZmFsc2U=");
user_pref("CT2269050.enableAlerts", "always");
user_pref("CT2269050.facebook_mode.from_oldbar.enc", "Mg==");
user_pref("CT2269050.firstTimeDialogOpened", true);
user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
user_pref("CT2269050.fullUserID", "UN07878589938687586.UP.202407143636");
user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Thu Nov 07 2013 14:22:12 GMT+0100");
user_pref("CT2269050.homepageProtectorEnableByLogin", true);
user_pref("CT2269050.hxxp___www_pricesparrow_com.pricesparrowstatus.from_oldbar.enc", "ZGlzYWJsZWQ=");
user_pref("CT2269050.initDone", true);
user_pref("CT2269050.installId", "StubInstaller");
user_pref("CT2269050.isAppTrackingManagerOn", false);
user_pref("CT2269050.isCheckedStartAsHidden", true);
user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":false}");
user_pref("CT2269050.isFirstRadioInstallation", false);
user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2269050.keyword", true);
user_pref("CT2269050.lastVersion", "10.23.0.822");
user_pref("CT2269050.mam_gk_appsdata.from_oldbar.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCI
user_pref("CT2269050.mam_gk_appsdefaultenabled.from_oldbar.enc", "ZmFsc2U=");
user_pref("CT2269050.mam_gk_appstate_couponbuddy.from_oldbar.enc", "b2Zm");
user_pref("CT2269050.mam_gk_appstate_easytobook.from_oldbar.enc", "b2Zm");
user_pref("CT2269050.mam_gk_appstate_easytobook_targeted.from_oldbar.enc", "b2Zm");
user_pref("CT2269050.mam_gk_appstate_pricegong.from_oldbar.enc", "b2Zm");
user_pref("CT2269050.mam_gk_appstatereporttime.from_oldbar.enc", "MTM2NTk2ODExMDExNQ==");
user_pref("CT2269050.mam_gk_configuration.from_oldbar.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImNyaXRlcmlhcyI6W3siY3JpdGVyaWFJZCI6ImM5MTJmMWZkLWNmMzMtNGE2ZC1iMm
user_pref("CT2269050.mam_gk_currentversion.from_oldbar.enc", "MS40LjQuNg==");
user_pref("CT2269050.mam_gk_eventscache.from_oldbar.enc", "eyI3ZTI1NmZhNi04MjczLTQ5NDktODdjMy0wY2VjNWIzMDVhYWIiOnsidG9waWMiOiJzZW5kVXNhZ2UiLCJkYXRhIjp7ImNhdGVnb3J5IjoiV2VsY29t
user_pref("CT2269050.mam_gk_first_time.from_oldbar.enc", "MQ==");
user_pref("CT2269050.mam_gk_gadgetopen.from_oldbar.enc", "d2VsY29tZQ==");
user_pref("CT2269050.mam_gk_lastlogintime.from_oldbar.enc", "MTM2NTk2ODEwNTk0Mg==");
user_pref("CT2269050.mam_gk_localization.from_oldbar.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50LVJpY2h0bGluaWUifSwiZ2FkZ2V0RGVzY3JpcHRpb25QcmltYXJ5Ijp7IlRleHQ
user_pref("CT2269050.mam_gk_showclosebutton.from_oldbar.enc", "ZmFsc2U=");
user_pref("CT2269050.mam_gk_showwelcomegadget.from_oldbar.enc", "dHJ1ZQ==");
user_pref("CT2269050.mam_gk_userid.from_oldbar.enc", "ZWExNDdkOTYtNGQ2Yi00NWFmLTkxOGQtMmZmYTM2MjgxOGFj");
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.kleiderkreisel.de%2Fdamenmode%3Fpage%3D2%26time%3D1423126849\",
user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129881140170815901,129391330693125668,129863783591067571,129881141106886992,12
user_pref("CT2269050.originalSearchAddressUrl", "");
user_pref("CT2269050.pg_enable.from_oldbar.enc", "dHJ1ZQ==");
user_pref("CT2269050.revertSettingsEnabled", true);
user_pref("CT2269050.search.searchAppId", "128834881989343895");
user_pref("CT2269050.search.searchCount", 2);
user_pref("CT2269050.searchFromAddressBarEnabledByUser", "true");
user_pref("CT2269050.searchInNewTabEnabledByUser", "false");
user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
user_pref("CT2269050.searchProtectorEnableByLogin", true);
user_pref("CT2269050.searchSuggestEnabledByUser", "true");
user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB \"}");
user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2269050.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
user_pref("CT2269050.serviceLayer_services_Configuration_lastUpdate", "1423126839877");
user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1423126839369");
user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1423126839400");
user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1423126838910");
user_pref("CT2269050.serviceLayer_services_login_10.20.101.5_lastUpdate", "1383996012938");
user_pref("CT2269050.serviceLayer_services_login_10.21.1.507_lastUpdate", "1384891378340");
user_pref("CT2269050.serviceLayer_services_login_10.22.5.510_lastUpdate", "1388148386053");
user_pref("CT2269050.serviceLayer_services_login_10.23.0.822_lastUpdate", "1423126838703");
user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1423126839126");
user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1423126839735");
user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1423126839478");
user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1423126838841");
user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1423126839237");
user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1423126839106");
user_pref("CT2269050.settingsINI", true);
user_pref("CT2269050.showToolbarPermission", "false");
user_pref("CT2269050.testingCtid", "");
user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Thu Nov 07 2013 14:22:11 GMT+0100");
user_pref("CT2269050.toolbarBornServerTime", "21-4-2011");
user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Thu Nov 07 2013 14:22:11 GMT+0100");
user_pref("CT2269050.toolbarCurrentServerTime", "5-2-2015");
user_pref("CT2269050.toolbarLoginClientTime", "Thu Nov 07 2013 14:36:44 GMT+0100");
user_pref("CT2269050.upgradeFromOBVersion", true);
user_pref("CT2269050.usagesFlag", 2);
user_pref("CT2269050.youtubelang.from_oldbar.enc", "REU=");
user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1423126833985,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("valueApps.CT2269050._key_cl_active", "61633236623138332D383764342D343636632D613063642D633066643563373762383834");
user_pref("valueApps.CT2269050._key_cl_active.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appStateReportTime", "31333838313439303931313738");
user_pref("valueApps.CT2269050.mam_gk_appStateReportTime.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appState_Clarity_Active", "6F6E");
user_pref("valueApps.CT2269050.mam_gk_appState_Clarity_Active.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appState_CouponBuddy", "6F6666");
user_pref("valueApps.CT2269050.mam_gk_appState_CouponBuddy.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appState_Easytobook", "6F6666");
user_pref("valueApps.CT2269050.mam_gk_appState_Easytobook.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appState_Easytobook_targeted", "6F6666");
user_pref("valueApps.CT2269050.mam_gk_appState_Easytobook_targeted.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appState_PriceGong", "6F6666");
user_pref("valueApps.CT2269050.mam_gk_appState_PriceGong.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appState_WindowShopper", "6F6666");
user_pref("valueApps.CT2269050.mam_gk_appState_WindowShopper.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_appsDefaultEnabled", "66616C7365");
user_pref("valueApps.CT2269050.mam_gk_appsDefaultEnabled.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_calledSetupService", "31");
user_pref("valueApps.CT2269050.mam_gk_calledSetupService.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_currentVersion", "312E31332E302E3137");
user_pref("valueApps.CT2269050.mam_gk_currentVersion.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_eventsCache", "7B2265303333653635612D366139622D343438612D393363382D376135366130396662393465223A7B22746F706963223A2273656E645573616765222C
user_pref("valueApps.CT2269050.mam_gk_eventsCache.storedInFile", true);
user_pref("valueApps.CT2269050.mam_gk_existingUsersRecoveryDone", "31");
user_pref("valueApps.CT2269050.mam_gk_existingUsersRecoveryDone.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_first_time", "31");
user_pref("valueApps.CT2269050.mam_gk_first_time.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_gadgetOpen", "30");
user_pref("valueApps.CT2269050.mam_gk_gadgetOpen.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_lastLoginTime", "31333838313439303931363631");
user_pref("valueApps.CT2269050.mam_gk_lastLoginTime.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_localization.storedInFile", true);
user_pref("valueApps.CT2269050.mam_gk_mamEnabled", "66616C7365");
user_pref("valueApps.CT2269050.mam_gk_mamEnabled.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_migrated_from_ls", "31");
user_pref("valueApps.CT2269050.mam_gk_migrated_from_ls.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_new_welcome_experience", "31");
user_pref("valueApps.CT2269050.mam_gk_new_welcome_experience.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_settings1.12.0.5.storedInFile", true);
user_pref("valueApps.CT2269050.mam_gk_showWelcomeGadget", "74727565");
user_pref("valueApps.CT2269050.mam_gk_showWelcomeGadget.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_stamp", "313130315F30");
user_pref("valueApps.CT2269050.mam_gk_stamp.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_userBornDate", "4E2F41");
user_pref("valueApps.CT2269050.mam_gk_userBornDate.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_userId", "61386635353339392D326563342D343736302D386237362D656563643638346561396663");
user_pref("valueApps.CT2269050.mam_gk_userId.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_user_approval_interacted", "30");
user_pref("valueApps.CT2269050.mam_gk_user_approval_interacted.storedInFile", false);
user_pref("valueApps.CT2269050.mam_gk_welcomeDialogMode", "30");
user_pref("valueApps.CT2269050.mam_gk_welcomeDialogMode.storedInFile", false);
user_pref("valueApps.storage.mam_gk_userId", "61386635353339392D326563342D343736302D386237362D656563643638346561396663");
Emptied folder: C:\Users\laura\AppData\Roaming\mozilla\firefox\profiles\1onve7qe.default\minidumps [1496 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 06-02-2015 at 10:34:35,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Und das frische FRST!


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by laura (administrator) on LAURA-PC on 06-02-2015 12:09:50
Running from C:\Users\laura\Desktop
Loaded Profiles: laura & UpdatusUser (Available profiles: laura & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Chicony) C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-18] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Video Web Camera\traybar.exe [630784 2008-12-10] (Chicony)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-695859740-1481973391-1366812827-1001\...\RunOnce: [ScrSav] => C:\Windows\Screensavers\PackardBell\run_PackardBell
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Gere-Manager.lnk
ShortcutTarget: GoGear SA3MXX Gere-Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-695859740-1481973391-1366812827-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default
FF NewTab: about:newtab
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-695859740-1481973391-1366812827-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: SearchNewTab - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\yog1dw2_coc@oiho-l.com [2013-11-03]
FF Extension: DivX Web Player - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-19]
FF HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=55&CUI=&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Documenten) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Zoeken) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SearchNewTab) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfchadolkcaofikjpfppfgkbneohonfn [2013-11-03]
CHR Extension: (Google Spreadsheets) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-19]
CHR Extension: (Gmail) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-17] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-18] (Macrovision Europe Ltd.) [File not signed]
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.)
S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 10:34 - 2015-02-06 10:34 - 00037018 _____ () C:\Users\laura\Desktop\JRT.txt
2015-02-06 10:25 - 2015-02-06 10:26 - 01388274 _____ (Thisisu) C:\Users\laura\Downloads\JRT.exe
2015-02-06 10:15 - 2015-02-06 10:19 - 00000000 ____D () C:\AdwCleaner
2015-02-06 10:13 - 2015-02-06 10:14 - 02112512 _____ () C:\Users\laura\Downloads\AdwCleaner_4.110.exe
2015-02-06 10:11 - 2015-02-06 10:11 - 00000049 _____ () C:\Users\laura\Desktop\mbam.txt
2015-02-06 09:13 - 2015-02-06 10:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 09:13 - 2015-02-06 09:13 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 09:13 - 2015-02-06 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 09:12 - 2015-02-06 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 09:12 - 2015-02-06 09:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 09:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 09:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 09:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:10 - 2015-02-06 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\laura\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 18:10 - 2015-02-05 18:10 - 00039415 _____ () C:\ComboFix.txt
2015-02-05 16:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 16:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 16:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 16:28 - 2015-02-05 18:10 - 00000000 ____D () C:\Qoobox
2015-02-05 16:28 - 2015-02-05 16:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 16:27 - 2015-02-05 16:28 - 05611380 ____R (Swearware) C:\Users\laura\Desktop\ComboFix.exe
2015-02-05 16:21 - 2015-02-05 16:21 - 00000000 __SHD () C:\Users\laura\AppData\Local\EmieBrowserModeList
2015-02-05 16:17 - 2015-02-05 16:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\laura\Desktop\revosetup95.exe
2015-02-05 16:17 - 2015-02-05 16:17 - 00001276 _____ () C:\Users\laura\Desktop\Revo Uninstaller.lnk
2015-02-05 16:17 - 2015-02-05 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-05 10:46 - 2015-02-05 10:48 - 00031591 _____ () C:\Users\laura\Desktop\Addition.txt
2015-02-05 10:44 - 2015-02-06 12:09 - 00021133 _____ () C:\Users\laura\Desktop\FRST.txt
2015-02-05 10:43 - 2015-02-06 12:09 - 00000000 ____D () C:\FRST
2015-02-05 10:43 - 2015-02-05 10:43 - 02131968 _____ (Farbar) C:\Users\laura\Desktop\FRST64.exe
2015-02-05 10:41 - 2015-02-05 10:42 - 01123328 _____ (Farbar) C:\Users\laura\Desktop\FRST.exe
2015-02-04 13:56 - 2015-02-04 13:56 - 00000000 ____D () C:\Users\laura\AppData\Local\TuneUp Software
2015-01-25 22:29 - 2015-01-25 22:30 - 138323394 _____ () C:\Users\laura\Downloads\Die Drei  - 142Tödliches Eis.zip
2015-01-25 17:13 - 2015-01-25 17:09 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-25 17:13 - 2015-01-25 17:09 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-25 17:13 - 2015-01-25 17:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 17:09 - 2015-01-25 17:09 - 00003230 _____ () C:\Windows\System32\Tasks\{F588B0D6-AD16-40FA-BBCC-6E2B269543EE}
2015-01-20 20:02 - 2015-01-20 20:04 - 169646433 _____ () C:\Users\laura\Downloads\Die Drei  - 173Dämon der Rache.zip
2015-01-14 09:23 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:23 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:23 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:23 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:23 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:23 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:23 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:23 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:23 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:23 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:23 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:23 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:23 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 12:08 - 2015-01-06 09:21 - 00006664 _____ () C:\Windows\setupact.log
2015-02-06 10:44 - 2011-04-18 19:50 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 10:29 - 2009-07-14 05:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 10:29 - 2009-07-14 05:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 10:27 - 2011-04-18 18:28 - 01329172 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 10:21 - 2011-04-18 19:50 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 10:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 10:20 - 2009-08-22 07:21 - 01471676 _____ () C:\Windows\PFRO.log
2015-02-06 09:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-02-05 16:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 16:12 - 2012-04-09 19:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 16:12 - 2011-06-15 20:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 09:43 - 2011-04-18 19:02 - 00000000 ____D () C:\Users\laura
2015-02-05 09:43 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-05 09:42 - 2014-03-26 11:02 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 09:42 - 2013-04-05 09:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-05 09:42 - 2012-11-21 13:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-05 09:42 - 2012-05-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-05 09:42 - 2011-04-21 07:37 - 00000000 ____D () C:\Users\laura\AppData\Roaming\DVDVideoSoft
2015-02-05 09:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-04 13:53 - 2014-03-26 11:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-01 16:24 - 2011-11-15 15:35 - 00000000 ____D () C:\Users\laura\Desktop\werk
2015-01-31 14:49 - 2014-03-13 13:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 14:49 - 2014-01-02 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 14:49 - 2014-01-02 19:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-29 09:26 - 2011-11-29 09:48 - 00020997 _____ () C:\Users\laura\Documents\NEWSOFT
2015-01-29 09:26 - 2011-11-26 13:12 - 00000000 ____D () C:\temp
2015-01-25 22:31 - 2011-04-19 04:20 - 00750566 _____ () C:\Windows\system32\perfh013.dat
2015-01-25 22:31 - 2011-04-19 04:20 - 00156256 _____ () C:\Windows\system32\perfc013.dat
2015-01-25 22:31 - 2009-07-14 06:13 - 01684136 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 18:45 - 2013-12-11 13:59 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 17:13 - 2014-10-20 13:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 17:09 - 2014-10-20 13:44 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 18:23 - 2014-02-25 09:19 - 01658804 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 10:34 - 2013-08-14 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 10:26 - 2011-05-16 13:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 16:34 - 2009-07-14 06:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-04-16 11:53 - 2014-04-16 12:04 - 0000314 _____ () C:\Users\laura\AppData\Roaming\Karaoke-Sing-n-Burn.INI
2011-05-16 18:48 - 2012-03-20 18:41 - 0008704 _____ () C:\Users\laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-13 10:17 - 2011-06-13 10:17 - 0000000 _____ () C:\Users\laura\AppData\Local\{1CC72CCA-8439-4CFE-99F4-98A4E241822D}
2010-12-13 14:51 - 2010-12-13 14:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-22 07:08 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\laura\AppData\Local\Temp\avgnt.exe
C:\Users\laura\AppData\Local\Temp\Quarantine.exe
C:\Users\laura\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 13:12

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 06.02.2015 14:38

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

lauretta18 07.02.2015 11:53
Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8b478728afc8c14dae83691f1ddd10e7
# engine=22350
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-07 10:28:58
# local_time=2015-02-07 11:28:58 (+0100, West-Europa (standaardtijd))
# country="Netherlands"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 8686 38190466 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 97195 174934788 0 0
# scanned=183878
# found=14
# cleaned=14
# scan_time=4859
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Backup\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Backup\Laura\AppData\LocalLow\ConduitEngine\ConduitEngine.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Backup\Laura\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Backup\Laura\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=19259E6E0245D079A138C92D7B4B05CD08AF9BEA ft=1 fh=c0e494f98288c954 vn="Variante von Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Backup\Laura\Downloads\SoftonicDownloader_for_firefox.exe"
sh=780089853F73F0AD3DD9C5C41A92BACEB3F80367 ft=1 fh=a5ce5f354710725c vn="Win32/Adware.WhenU.SaveNow evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\My Shared Folder\torrentsearcher-61.exe"
sh=13CF36EA100EF3FA00CCD9C04BFB62484558F7F3 ft=1 fh=2d47f39abe493409 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000"
sh=AAC80BF4EC79AE88B4AD581B8E99F9FE5B60DE1A ft=1 fh=4dbf6d4ae14961eb vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001"
sh=F4F998EDED7E5EC3F4C49CB84A0798E42A2B8D7E ft=1 fh=b657adfa892ca201 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000002"
sh=829A4AFB697C14DE838823D4568B6AC6FB88736F ft=1 fh=43d4f1b46ec61601 vn="Win32/AdWare.1ClickDownload.AT Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000003"
sh=267FC9BD7C89A50B79A09C1A1CF1BF64D151616A ft=1 fh=c7b4c9cddc261380 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=399C5C1F7650C6A6CCC079EAA95DE1770DB1F5C7 ft=1 fh=a0474480c1a4e828 vn="Variante von Win32/DomaIQ.BB evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000"
sh=D065DD144C534D352DF93A1535F0F297B0E35606 ft=1 fh=acf23484e7285908 vn="Variante von Win32/Amonetize.DE evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000"
sh=11BE9C2CADFE30D9C424985D40C4548286B320DD ft=1 fh=ac6f76650cd5a14e vn="Win32/OutBrowse.BU evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="C:\Users\laura\Downloads\Niet bevestigd 779795.crdownload"
Code:
Results of screen317's Security Check version 0.99.95 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 31 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.296 
 Adobe Reader XI 
 Mozilla Firefox 30.0 Firefox out of Date! 
 Google Chrome (40.0.2214.111)
 Google Chrome (40.0.2214.94)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by laura (administrator) on LAURA-PC on 07-02-2015 11:40:36
Running from C:\Users\laura\Desktop
Loaded Profiles: laura & UpdatusUser (Available profiles: laura & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Nederlands (Nederland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Acer) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\traybar.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Chicony) C:\Program Files (x86)\Video Web Camera\CEC_MAIN.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(ScanSoft, Inc.) C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\laura\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [503864 2009-07-20] (Conexant Systems, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [828960 2009-08-05] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-11] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2114376 2008-03-18] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [262912 2009-08-21] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files (x86)\Video Web Camera\traybar.exe [630784 2008-12-10] (Chicony)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM-x32\...\Run: [RemoteControl8] => c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] => C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\RunOnce: [Adobe Speed Launcher] => 1423299562
HKU\S-1-5-21-695859740-1481973391-1366812827-1001\...\RunOnce: [ScrSav] => C:\Windows\Screensavers\PackardBell\run_PackardBell
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoGear SA3MXX Gere-Manager.lnk
ShortcutTarget: GoGear SA3MXX Gere-Manager.lnk -> C:\Program Files (x86)\Philips\GoGear SA3MXX Device Manager\main.exe (KeenHigh Tech.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-695859740-1481973391-1366812827-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-695859740-1481973391-1366812827-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-695859740-1481973391-1366812827-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Aanmeldhulp voor Windows Live ID -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-695859740-1481973391-1366812827-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default
FF NewTab: about:newtab
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-695859740-1481973391-1366812827-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101727.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: SearchNewTab - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\yog1dw2_coc@oiho-l.com [2013-11-03]
FF Extension: DivX Web Player - C:\Users\laura\AppData\Roaming\Mozilla\Firefox\Profiles\1onve7qe.default\Extensions\DivXWebPlayer@divx.com.xpi [2011-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-06-19]
FF HKU\S-1-5-21-695859740-1481973391-1366812827-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M3D417746-6EEA-422F-A005-BF7E669E72C7&SearchSource=55&CUI=&UM=5&UP=SP52D2247C-6DE4-4579-9335-73516F2C8DEE&SSPV=
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Presentaties) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Documenten) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Zoeken) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (SearchNewTab) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfchadolkcaofikjpfppfgkbneohonfn [2013-11-03]
CHR Extension: (Google Spreadsheets) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-10]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-06-19]
CHR Extension: (Gmail) - C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [993584 2014-12-17] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [844320 2009-08-05] (Acer Incorporated)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-04-18] (Macrovision Europe Ltd.) [File not signed]
R2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-06-04] (Acer Incorporated)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [62720 2009-08-21] (NewTech Infosystems, Inc.)
R2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-14] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 11:36 - 2015-02-07 11:36 - 00852573 _____ () C:\Users\laura\Downloads\SecurityCheck.exe
2015-02-07 10:04 - 2015-02-07 10:05 - 02347384 _____ (ESET) C:\Users\laura\Downloads\esetsmartinstaller_deu.exe
2015-02-07 10:04 - 2015-02-07 10:05 - 02347384 _____ (ESET) C:\Users\laura\Downloads\esetsmartinstaller_deu (1).exe
2015-02-06 10:34 - 2015-02-06 10:34 - 00037018 _____ () C:\Users\laura\Desktop\JRT.txt
2015-02-06 10:25 - 2015-02-06 10:26 - 01388274 _____ (Thisisu) C:\Users\laura\Downloads\JRT.exe
2015-02-06 10:15 - 2015-02-06 10:19 - 00000000 ____D () C:\AdwCleaner
2015-02-06 10:13 - 2015-02-06 10:14 - 02112512 _____ () C:\Users\laura\Downloads\AdwCleaner_4.110.exe
2015-02-06 10:11 - 2015-02-06 10:11 - 00000049 _____ () C:\Users\laura\Desktop\mbam.txt
2015-02-06 09:13 - 2015-02-07 10:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 09:13 - 2015-02-06 09:13 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 09:13 - 2015-02-06 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 09:12 - 2015-02-06 09:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 09:12 - 2015-02-06 09:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 09:12 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 09:12 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 09:12 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 09:10 - 2015-02-06 09:11 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\laura\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-05 18:10 - 2015-02-05 18:10 - 00039415 _____ () C:\ComboFix.txt
2015-02-05 16:31 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-05 16:31 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-05 16:31 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-05 16:31 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-05 16:28 - 2015-02-05 18:10 - 00000000 ____D () C:\Qoobox
2015-02-05 16:28 - 2015-02-05 16:50 - 00000000 ____D () C:\Windows\erdnt
2015-02-05 16:27 - 2015-02-05 16:28 - 05611380 ____R (Swearware) C:\Users\laura\Desktop\ComboFix.exe
2015-02-05 16:21 - 2015-02-05 16:21 - 00000000 __SHD () C:\Users\laura\AppData\Local\EmieBrowserModeList
2015-02-05 16:17 - 2015-02-05 16:17 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\laura\Desktop\revosetup95.exe
2015-02-05 16:17 - 2015-02-05 16:17 - 00001276 _____ () C:\Users\laura\Desktop\Revo Uninstaller.lnk
2015-02-05 16:17 - 2015-02-05 16:17 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-02-05 10:46 - 2015-02-05 10:48 - 00031591 _____ () C:\Users\laura\Desktop\Addition.txt
2015-02-05 10:44 - 2015-02-07 11:40 - 00021734 _____ () C:\Users\laura\Desktop\FRST.txt
2015-02-05 10:43 - 2015-02-07 11:40 - 00000000 ____D () C:\FRST
2015-02-05 10:43 - 2015-02-05 10:43 - 02131968 _____ (Farbar) C:\Users\laura\Desktop\FRST64.exe
2015-02-05 10:41 - 2015-02-05 10:42 - 01123328 _____ (Farbar) C:\Users\laura\Desktop\FRST.exe
2015-02-04 13:56 - 2015-02-04 13:56 - 00000000 ____D () C:\Users\laura\AppData\Local\TuneUp Software
2015-01-25 22:29 - 2015-01-25 22:30 - 138323394 _____ () C:\Users\laura\Downloads\Die Drei  - 142Tödliches Eis.zip
2015-01-25 17:13 - 2015-01-25 17:09 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-25 17:13 - 2015-01-25 17:09 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-25 17:13 - 2015-01-25 17:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-25 17:09 - 2015-01-25 17:09 - 00003230 _____ () C:\Windows\System32\Tasks\{F588B0D6-AD16-40FA-BBCC-6E2B269543EE}
2015-01-20 20:02 - 2015-01-20 20:04 - 169646433 _____ () C:\Users\laura\Downloads\Die Drei  - 173Dämon der Rache.zip
2015-01-14 09:23 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:23 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:23 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:23 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:23 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:23 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:23 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:23 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:23 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:23 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:23 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:23 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:23 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-07 11:36 - 2011-04-18 18:28 - 01355683 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 11:28 - 2010-09-26 21:53 - 00000000 ____D () C:\My Shared Folder
2015-02-07 10:48 - 2011-04-18 19:50 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-07 10:06 - 2009-07-14 05:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 10:06 - 2009-07-14 05:45 - 00025616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-07 09:57 - 2015-01-06 09:21 - 00006720 _____ () C:\Windows\setupact.log
2015-02-07 09:57 - 2011-04-18 19:50 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-07 09:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 10:20 - 2009-08-22 07:21 - 01471676 _____ () C:\Windows\PFRO.log
2015-02-06 09:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Globalization
2015-02-05 16:45 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-05 16:12 - 2012-04-09 19:43 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 16:12 - 2011-06-15 20:45 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 09:43 - 2011-04-18 19:02 - 00000000 ____D () C:\Users\laura
2015-02-05 09:43 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-05 09:42 - 2014-03-26 11:02 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-05 09:42 - 2013-04-05 09:41 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2015-02-05 09:42 - 2012-11-21 13:43 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-02-05 09:42 - 2012-05-10 19:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-05 09:42 - 2011-04-21 07:37 - 00000000 ____D () C:\Users\laura\AppData\Roaming\DVDVideoSoft
2015-02-05 09:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-02-04 13:53 - 2014-03-26 11:03 - 00000000 ____D () C:\ProgramData\TuneUp Software
2015-02-01 16:24 - 2011-11-15 15:35 - 00000000 ____D () C:\Users\laura\Desktop\werk
2015-01-31 14:49 - 2014-03-13 13:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-31 14:49 - 2014-01-02 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-01-31 14:49 - 2014-01-02 19:20 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-01-29 09:26 - 2011-11-29 09:48 - 00020997 _____ () C:\Users\laura\Documents\NEWSOFT
2015-01-29 09:26 - 2011-11-26 13:12 - 00000000 ____D () C:\temp
2015-01-25 22:31 - 2011-04-19 04:20 - 00750566 _____ () C:\Windows\system32\perfh013.dat
2015-01-25 22:31 - 2011-04-19 04:20 - 00156256 _____ () C:\Windows\system32\perfc013.dat
2015-01-25 22:31 - 2009-07-14 06:13 - 01684136 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 18:45 - 2013-12-11 13:59 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-25 17:13 - 2014-10-20 13:43 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-25 17:09 - 2014-10-20 13:44 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-21 18:23 - 2014-02-25 09:19 - 01658804 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 10:34 - 2013-08-14 22:11 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 10:26 - 2011-05-16 13:20 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-09 16:34 - 2009-07-14 06:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2014-04-16 11:53 - 2014-04-16 12:04 - 0000314 _____ () C:\Users\laura\AppData\Roaming\Karaoke-Sing-n-Burn.INI
2011-05-16 18:48 - 2012-03-20 18:41 - 0008704 _____ () C:\Users\laura\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-06-13 10:17 - 2011-06-13 10:17 - 0000000 _____ () C:\Users\laura\AppData\Local\{1CC72CCA-8439-4CFE-99F4-98A4E241822D}
2010-12-13 14:51 - 2010-12-13 14:51 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-22 07:08 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\laura\AppData\Local\Temp\avgnt.exe
C:\Users\laura\AppData\Local\Temp\Quarantine.exe
C:\Users\laura\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-04 13:12

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---

UNGLAUBLICH!!! Es hat geklappt! Vielen vielen Dank!!! Gruss, Laura

Danke nochmal, habe eben noch gespendet zur Unterstützung.

schrauber 07.02.2015 15:50
Java und Firefox updaten.

Revo Uninstaller - Download - Filepony
damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren.

Dann:
https://support.google.com/chrome/answer/3296214?hl=de



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\Backup\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll

C:\Backup\Laura\AppData\LocalLow\ConduitEngine\ConduitEngine.dll

C:\Backup\Laura\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll

C:\Backup\Laura\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll

C:\Backup\Laura\Downloads\SoftonicDownloader_for_firefox.exe

C:\My Shared Folder\torrentsearcher-61.exe

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000001

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000002

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000003

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000

C:\Users\laura\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000

C:\Users\laura\Downloads\Niet bevestigd 779795.crdownload
Emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





Fertig :)

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131