Chrome scheint totale Probleme zu haben - wieder virus?

k.sarah · 30.06.2014, 17:00

Hey,

ständig öffnet mein Chrome irgendwelche Seiten wie folgende uvm. Sowie das es eine Phinsing Ware entdeckt hat.
Ich denke mal das da wieder etwas hinter steckt. Ich habe vor einiger Zeit mein Laptop bereinigt und denke das das wieder mal von Nöten ist. Dabei brauche ich nochmals eure Hilfe.

Lg Sarah

cosinus · 30.06.2014, 17:39

Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!

Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

k.sarah · 30.06.2014, 17:52

Hey,

danke erst mal für deine Hilfe... ich geb mein bestes deine Arbeit so gering wie möglich zu halten ich hoffe es gelingt mir also ich habe die schritte gemacht und dabei entstanden ist folgendes

1. FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Sarah (administrator) on SARAH-PC on 30-06-2014 18:45:13
Running from C:\Users\Sarah\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
() C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
() C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
() C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files\003\xmkysecqun32.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Systweak) C:\Program Files\Right Backup\RightBackup.exe
() C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\fst_de_60\fst_de_60.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files\Common Files\Overwolf\0.76.1.0\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\fst_de_70\fst_de_70.exe
() C:\Users\Sarah\AppData\Local\fst_de_70\upfst_de_70.exe
(Farbar) C:\Users\Sarah\Downloads\FRST (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-10-13] (Dell Inc.)
HKLM\...\Run: [AVG_UI] => "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [fst_de_60] => C:\Program Files\fst_de_60\fst_de_60.exe [3979760 2014-06-23] ()
HKLM\...\Run: [fst_de_70] => C:\Program Files\fst_de_70\fst_de_70.exe [3980280 2014-06-27] ()
HKLM\...\RunOnce: [upfst_de_60.exe] - C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe -runonce [3353584 2014-06-23] ()
HKLM\...\Runonce: [upfst_de_70.exe] - C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_70.exe -runonce
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-29] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\MountPoints2: {14c2fd0e-f912-11e1-9f4b-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\MountPoints2: {81c5de9c-ef3b-11e3-90e6-002219f395b1} - G:\Startme.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-29] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {14c2fd0e-f912-11e1-9f4b-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {81c5de9c-ef3b-11e3-90e6-002219f395b1} - G:\Startme.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14247;https=127.0.0.1:14247
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x603A7F37CA6DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400787804&from=cor&uid=TOSHIBAXMK2555GSX_697FTCR5TXX697FTCR5T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400787804&from=cor&uid=TOSHIBAXMK2555GSX_697FTCR5TXX697FTCR5T&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=58&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=58&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: BlockAndSurf - {42D0AB81-D2E9-45AF-920B-364108DDD363} - C:\Program Files\-BlockAndSurfS\174.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Star Stable Online - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\plugin@starstable.com [2014-05-06]
FF Extension: Quick Start - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\quick_start@gmail.com [2014-05-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [{ED75ABA9-372B-880E-9D94-92D475A431DE}] - C:\Program Files\-BlockAndSurfS\174.xpi
FF Extension: BlockAndSurf - C:\Program Files\-BlockAndSurfS\174.xpi [2014-06-23]

Chrome: 
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV="
CHR Extension: (BlockAndSurf) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhaejhdlcmboghhjpfmnfiegbmlbjmmn [2014-06-23]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Extension: (Extutil) - C:\Users\Sarah\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-06-30]
CHR Extension: (Managera) - C:\Users\Sarah\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-06-30]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sarah\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)
R2 BlockAndSurf; C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe [180224 2014-06-23] () [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (Client Connect LTD)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [976672 2014-06-10] (Overwolf LTD)
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 SupraSavingsService; C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
R2 vosr; C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe [53248 2014-05-22] () [File not signed]
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-10-13] (Dell Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)
R2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe [541696 2014-05-22] () [File not signed]
S2 avgfws; "C:\Program Files\AVG\AVG2013\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-10-13] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-06-12] (NetFilterSDK.com) [File not signed]
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [269536 2008-09-19] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Downloads\FRST (1).exe
2014-06-30 18:39 - 2014-06-30 18:39 - 00998592 _____ () C:\Users\Sarah\Downloads\setup (1).exe
2014-06-30 18:34 - 2014-06-30 18:34 - 00998592 _____ () C:\Users\Sarah\Downloads\setup.exe
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_70
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files\fst_de_70
2014-06-30 17:52 - 2014-06-30 17:52 - 01255336 _____ () C:\Users\Sarah\Downloads\Java (1).exe
2014-06-30 17:30 - 2014-06-30 17:30 - 00152722 _____ () C:\Users\Sarah\Desktop\extensions5.jpeg
2014-06-30 17:29 - 2014-06-30 17:53 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 17:29 - 2014-06-30 17:29 - 00128056 _____ () C:\Users\Sarah\Desktop\extensions2.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00123610 _____ () C:\Users\Sarah\Desktop\extensions4.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00112020 _____ () C:\Users\Sarah\Desktop\extensions3.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 17:28 - 2014-06-30 17:28 - 00141340 _____ () C:\Users\Sarah\Desktop\extensions1.jpeg
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\SearchProtect
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-23 20:04 - 2014-06-23 20:04 - 00224032 _____ (Premium Installer ) C:\Users\Sarah\Downloads\Player-Chrome.exe
2014-06-23 18:58 - 2014-06-30 17:45 - 00000388 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-23 18:58 - 2014-06-30 17:45 - 00000368 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-23 18:58 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_60
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-23 18:57 - 2014-06-23 18:57 - 00000000 ____D () C:\Program Files\fst_de_60
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-22 13:48 - 2014-06-22 13:49 - 00000969 _____ () C:\Users\Sarah\Desktop\nachhi.txt
2014-06-19 11:03 - 2014-06-19 11:03 - 00290176 _____ () C:\Users\Sarah\Downloads\Java.exe
2014-06-17 12:29 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 12:29 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 12:29 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 12:29 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 12:29 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 12:29 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 12:29 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 12:29 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-17 12:29 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-17 12:29 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 12:29 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 12:29 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 12:29 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 12:29 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-08 20:44 - 2014-06-08 20:45 - 28597688 _____ (Sony Mobile Communications ) C:\Users\Sarah\Downloads\Sony PC Companion_Web.exe
2014-06-05 13:08 - 2014-06-05 13:08 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-03 23:34 - 2014-06-05 13:21 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-01 20:08 - 2014-06-30 18:16 - 00000879 _____ () C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk

==================== One Month Modified Files and Folders =======

2014-06-30 18:45 - 2014-05-02 15:19 - 00024030 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-06-30 18:45 - 2014-05-02 15:18 - 00000000 ____D () C:\FRST
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Downloads\FRST (1).exe
2014-06-30 18:39 - 2014-06-30 18:39 - 00998592 _____ () C:\Users\Sarah\Downloads\setup (1).exe
2014-06-30 18:34 - 2014-06-30 18:34 - 00998592 _____ () C:\Users\Sarah\Downloads\setup.exe
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_70
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files\fst_de_70
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_60
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-30 18:16 - 2014-06-01 20:08 - 00000879 _____ () C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk
2014-06-30 18:16 - 2014-05-02 13:27 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 18:12 - 2012-10-30 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 18:06 - 2012-09-29 21:45 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job
2014-06-30 17:53 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 17:52 - 2014-06-30 17:52 - 01255336 _____ () C:\Users\Sarah\Downloads\Java (1).exe
2014-06-30 17:49 - 2008-01-21 03:35 - 01943889 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 17:47 - 2013-06-26 22:30 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Overwolf
2014-06-30 17:45 - 2014-06-23 18:58 - 00000388 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-30 17:45 - 2014-06-23 18:58 - 00000368 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-30 17:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 17:45 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:45 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:30 - 2014-06-30 17:30 - 00152722 _____ () C:\Users\Sarah\Desktop\extensions5.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00128056 _____ () C:\Users\Sarah\Desktop\extensions2.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00123610 _____ () C:\Users\Sarah\Desktop\extensions4.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00112020 _____ () C:\Users\Sarah\Desktop\extensions3.jpeg
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 17:28 - 2014-06-30 17:28 - 00141340 _____ () C:\Users\Sarah\Desktop\extensions1.jpeg
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\SearchProtect
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-30 14:40 - 2012-09-29 21:45 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job
2014-06-23 20:04 - 2014-06-23 20:04 - 00224032 _____ (Premium Installer ) C:\Users\Sarah\Downloads\Player-Chrome.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:58 - 2014-04-26 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-23 18:58 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-23 18:57 - 2014-06-23 18:57 - 00000000 ____D () C:\Program Files\fst_de_60
2014-06-22 21:57 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 21:53 - 2012-12-11 13:57 - 00000000 ____D () C:\Users\Sarah\.gimp-2.8
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-22 13:49 - 2014-06-22 13:48 - 00000969 _____ () C:\Users\Sarah\Desktop\nachhi.txt
2014-06-22 13:48 - 2012-11-22 19:14 - 00000000 ____D () C:\Users\Sarah\Tracing
2014-06-21 22:14 - 2012-09-29 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-20 14:04 - 2013-06-26 22:33 - 00000000 ____D () C:\Program Files\Overwolf
2014-06-19 11:13 - 2014-05-23 08:35 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-06-19 11:03 - 2014-06-19 11:03 - 00290176 _____ () C:\Users\Sarah\Downloads\Java.exe
2014-06-18 03:40 - 2012-09-07 18:42 - 00001356 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:17 - 2014-05-02 13:00 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-17 12:16 - 2014-04-27 09:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-17 12:12 - 2008-01-21 04:47 - 00153204 _____ () C:\Windows\PFRO.log
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:51 - 2012-09-07 18:48 - 00641602 _____ () C:\Windows\DPINST.LOG
2014-06-08 20:50 - 2006-11-02 12:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 20:47 - 2006-11-02 14:52 - 00120035 _____ () C:\Windows\setupact.log
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-08 20:45 - 2014-06-08 20:44 - 28597688 _____ (Sony Mobile Communications ) C:\Users\Sarah\Downloads\Sony PC Companion_Web.exe
2014-06-08 20:45 - 2012-09-29 20:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-05 13:21 - 2014-06-03 23:34 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-05 13:08 - 2014-06-05 13:08 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-05 13:00 - 2012-09-07 18:42 - 00000000 ____D () C:\Users\Sarah
2014-06-04 00:12 - 2014-05-27 19:13 - 00000000 ____D () C:\Users\Sarah\Desktop\geb
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-01 19:38 - 2012-09-07 18:42 - 00105056 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-01 19:38 - 2006-11-02 14:47 - 03780448 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\dlLogic.exe
C:\Users\Sarah\AppData\Local\Temp\dltr.exe
C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Sarah\AppData\Local\Temp\GCVerifier.dll
C:\Users\Sarah\AppData\Local\Temp\nsf2EB5.tmp.exe
C:\Users\Sarah\AppData\Local\Temp\nshB475.exe
C:\Users\Sarah\AppData\Local\Temp\nshBE85.exe
C:\Users\Sarah\AppData\Local\Temp\nsk3A1B.tmp.exe
C:\Users\Sarah\AppData\Local\Temp\nsm730C.exe
C:\Users\Sarah\AppData\Local\Temp\nsmB975.exe
C:\Users\Sarah\AppData\Local\Temp\nsw7741.exe
C:\Users\Sarah\AppData\Local\Temp\nsw7C70.exe
C:\Users\Sarah\AppData\Local\Temp\SpOrder.dll
C:\Users\Sarah\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 17:50

==================== End Of Log ============================

--- --- ---

2.Addition

leider finde ich hier nix auf meinem Destop vor - muss ich Addition erst anklicken?
LG

cosinus · 30.06.2014, 18:01

Zitat:

Running from C:\Users\Sarah\Downloads

Anleitungen bitte auch richtig lesen und umsetzen
Da steht: FRST soll auf dem Desktop liegen, nicht in Downloads oder woanders
Außerdem vermisse ich Angaben (Logfiles) zu bisherigen Virenfunden

k.sarah · 30.06.2014, 18:41

Ahso sorry das schwer das hier zu machen, weil mein Chrome ja ständig abstürzt.
Also ich hab das jetzt auf meinen Destop gezogen, und nochmals durchlafen lassen,
die alten LOGs habe ich nicht mehr auf dem PC nur noch in meinem Thema der Link ist hier:

http://www.trojaner-board.de/153358-...entfernen.html

So also nochmal:

1. FRST:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Sarah (administrator) on SARAH-PC on 30-06-2014 19:06:06
Running from C:\Users\Sarah\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
() C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
() C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
() C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe
() C:\Program Files\003\xmkysecqun32.exe
(Client Connect LTD) C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe
(Systweak) C:\Program Files\Right Backup\RightBackup.exe
() C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Client Connect LTD) C:\Program Files\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files\SearchProtect\UI\bin\cltmngui.exe
() C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\fst_de_60\fst_de_60.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Overwolf LTD) C:\Program Files\Common Files\Overwolf\0.76.1.0\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Program Files\fst_de_70\fst_de_70.exe
() C:\Users\Sarah\AppData\Local\fst_de_70\upfst_de_70.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
(Farbar) C:\Users\Sarah\Desktop\FRST (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-10-13] (Dell Inc.)
HKLM\...\Run: [AVG_UI] => "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [fst_de_60] => C:\Program Files\fst_de_60\fst_de_60.exe [3979760 2014-06-23] ()
HKLM\...\Run: [fst_de_70] => C:\Program Files\fst_de_70\fst_de_70.exe [3980280 2014-06-27] ()
HKLM\...\RunOnce: [upfst_de_60.exe] - C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe -runonce [3353584 2014-06-23] ()
HKLM\...\Runonce: [upfst_de_70.exe] - C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_70.exe -runonce
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-29] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\MountPoints2: {14c2fd0e-f912-11e1-9f4b-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\MountPoints2: {81c5de9c-ef3b-11e3-90e6-002219f395b1} - G:\Startme.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-29] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Badoo Desktop] => C:\ProgramData\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {14c2fd0e-f912-11e1-9f4b-806e6f6e6963} - F:\Autorun.exe
HKU\S-1-5-21-980974912-236747627-2273269295-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {81c5de9c-ef3b-11e3-90e6-002219f395b1} - G:\Startme.exe
AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [182080 2014-06-26] (Client Connect LTD)
AppInit_DLLs:  C:\PROGRA~1\SupTab\SEARCH~1.DLL => C:\PROGRA~1\SupTab\SEARCH~1.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:14247;https=127.0.0.1:14247
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x603A7F37CA6DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1400787804&from=cor&uid=TOSHIBAXMK2555GSX_697FTCR5TXX697FTCR5T&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1400787804&from=cor&uid=TOSHIBAXMK2555GSX_697FTCR5TXX697FTCR5T&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=58&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=58&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&q={searchTerms}&SSPV=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: BlockAndSurf - {42D0AB81-D2E9-45AF-920B-364108DDD363} - C:\Program Files\-BlockAndSurfS\174.dll ()
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Trovi search
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Trovi search
FF Homepage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF user.js: detected! => C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Star Stable Online - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\plugin@starstable.com [2014-05-06]
FF Extension: Quick Start - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\quick_start@gmail.com [2014-05-23]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [{ED75ABA9-372B-880E-9D94-92D475A431DE}] - C:\Program Files\-BlockAndSurfS\174.xpi
FF Extension: BlockAndSurf - C:\Program Files\-BlockAndSurfS\174.xpi [2014-06-23]

Chrome: 
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV="
CHR Extension: (BlockAndSurf) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhaejhdlcmboghhjpfmnfiegbmlbjmmn [2014-06-23]
CHR Extension: (DvdVideoSoft Free Youtube Download) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR Extension: (Extutil) - C:\Users\Sarah\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-06-30]
CHR Extension: (Managera) - C:\Users\Sarah\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-06-30]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Users\Sarah\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx [2012-09-30]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)
R2 BlockAndSurf; C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe [180224 2014-06-23] () [File not signed]
R2 CltMngSvc; C:\Program Files\SearchProtect\Main\bin\CltMngSvc.exe [2832704 2014-06-26] (Client Connect LTD)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [704112 2014-05-08] (Cherished Technololgy LIMITED)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [976672 2014-06-10] (Overwolf LTD)
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 SupraSavingsService; C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
R2 vosr; C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe [53248 2014-05-22] () [File not signed]
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-10-13] (Dell Inc.) [File not signed]
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [549008 2014-05-12] (Cherished Technololgy LIMITED)
R2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe [541696 2014-05-22] () [File not signed]
S2 avgfws; "C:\Program Files\AVG\AVG2013\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-10-13] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-06-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-06-12] (NetFilterSDK.com) [File not signed]
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [269536 2008-09-19] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-30 19:06 - 2014-06-30 19:06 - 00024020 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_70
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files\fst_de_70
2014-06-30 17:29 - 2014-06-30 17:53 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\SearchProtect
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-23 18:58 - 2014-06-30 18:58 - 00000368 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-23 18:58 - 2014-06-30 18:48 - 00000388 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-23 18:58 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_60
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-23 18:57 - 2014-06-23 18:57 - 00000000 ____D () C:\Program Files\fst_de_60
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-17 12:29 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 12:29 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 12:29 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 12:29 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 12:29 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 12:29 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 12:29 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 12:29 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-17 12:29 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-17 12:29 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 12:29 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 12:29 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 12:29 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 12:29 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-05 13:08 - 2014-06-05 13:08 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-03 23:34 - 2014-06-05 13:21 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-01 20:08 - 2014-06-30 18:16 - 00000879 _____ () C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk

==================== One Month Modified Files and Folders =======

2014-06-30 19:06 - 2014-06-30 19:06 - 00024020 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-06-30 19:06 - 2014-05-02 15:18 - 00000000 ____D () C:\FRST
2014-06-30 19:06 - 2012-09-29 21:45 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job
2014-06-30 18:58 - 2014-06-23 18:58 - 00000368 _____ () C:\Windows\Tasks\BlockAndSurf_wd.job
2014-06-30 18:48 - 2014-06-23 18:58 - 00000388 _____ () C:\Windows\Tasks\BlockAndSurf Update.job
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_70
2014-06-30 18:17 - 2014-06-30 18:17 - 00000000 ____D () C:\Program Files\fst_de_70
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\Users\Sarah\AppData\Local\fst_de_60
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-30 18:16 - 2014-06-01 20:08 - 00000879 _____ () C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk
2014-06-30 18:16 - 2014-05-02 13:27 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 18:12 - 2012-10-30 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 17:53 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\SupraSavings
2014-06-30 17:49 - 2008-01-21 03:35 - 01943889 _____ () C:\Windows\WindowsUpdate.log
2014-06-30 17:47 - 2013-06-26 22:30 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Overwolf
2014-06-30 17:45 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-30 17:45 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:45 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Sarah\AppData\Local\SearchProtect
2014-06-30 16:37 - 2014-06-30 16:37 - 00000000 ____D () C:\Program Files\SearchProtect
2014-06-30 14:40 - 2012-09-29 21:45 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job
2014-06-23 18:58 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:58 - 2014-04-26 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-23 18:58 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-23 18:57 - 2014-06-23 18:57 - 00000000 ____D () C:\Program Files\fst_de_60
2014-06-22 21:57 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-22 21:53 - 2012-12-11 13:57 - 00000000 ____D () C:\Users\Sarah\.gimp-2.8
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-22 13:48 - 2012-11-22 19:14 - 00000000 ____D () C:\Users\Sarah\Tracing
2014-06-21 22:14 - 2012-09-29 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-20 14:04 - 2013-06-26 22:33 - 00000000 ____D () C:\Program Files\Overwolf
2014-06-19 11:13 - 2014-05-23 08:35 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-06-18 03:40 - 2012-09-07 18:42 - 00001356 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:17 - 2014-05-02 13:00 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-17 12:16 - 2014-04-27 09:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-17 12:12 - 2008-01-21 04:47 - 00153204 _____ () C:\Windows\PFRO.log
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:51 - 2012-09-07 18:48 - 00641602 _____ () C:\Windows\DPINST.LOG
2014-06-08 20:50 - 2006-11-02 12:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 20:47 - 2006-11-02 14:52 - 00120035 _____ () C:\Windows\setupact.log
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-08 20:45 - 2012-09-29 20:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-05 13:21 - 2014-06-03 23:34 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-05 13:08 - 2014-06-05 13:08 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-06-05 13:00 - 2012-09-07 18:42 - 00000000 ____D () C:\Users\Sarah
2014-06-04 00:12 - 2014-05-27 19:13 - 00000000 ____D () C:\Users\Sarah\Desktop\geb
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-01 19:38 - 2012-09-07 18:42 - 00105056 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-01 19:38 - 2006-11-02 14:47 - 03780448 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\dlLogic.exe
C:\Users\Sarah\AppData\Local\Temp\dltr.exe
C:\Users\Sarah\AppData\Local\Temp\drm_dyndata_7330014.dll
C:\Users\Sarah\AppData\Local\Temp\GCVerifier.dll
C:\Users\Sarah\AppData\Local\Temp\nsf2EB5.tmp.exe
C:\Users\Sarah\AppData\Local\Temp\nshB475.exe
C:\Users\Sarah\AppData\Local\Temp\nshBE85.exe
C:\Users\Sarah\AppData\Local\Temp\nsk3A1B.tmp.exe
C:\Users\Sarah\AppData\Local\Temp\nsm730C.exe
C:\Users\Sarah\AppData\Local\Temp\nsmB975.exe
C:\Users\Sarah\AppData\Local\Temp\nsw7741.exe
C:\Users\Sarah\AppData\Local\Temp\nsw7C70.exe
C:\Users\Sarah\AppData\Local\Temp\SpOrder.dll
C:\Users\Sarah\AppData\Local\Temp\verifier.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 17:50

==================== End Of Log ============================

--- --- ---

--- --- ---

2. Additions
Find ich immer noch nicht ?

Hier die Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Sarah at 2014-06-30 19:37:32
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ATI Catalyst Install Manager (HKLM\...\{E4AAB0A5-482C-0048-3D37-57A3965601B6}) (Version: 3.0.699.0 - ATI Technologies, Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.2904 - AVG Technologies)
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
BlockAndSurf (HKLM\...\1027EDAE-588F-5338-1B71-C109FF99659F) (Version:  - BlockAndSurf-software) <==== ATTENTION
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.22.02 - Broadcom Corporation)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.1114.2149.39131 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization German (Version: 2008.1114.2149.39131 - ATI) Hidden
CCC Help English (Version: 2008.1114.2148.39131 - ATI) Hidden
CCC Help German (Version: 2008.1114.2148.39131 - ATI) Hidden
ccc-core-static (Version: 2008.1114.2149.39131 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.1114.2149.39131 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Die Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Family Fun - Accessoires (HKLM\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
Die Sims™ 2 Gute Reise (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.17 - Dell Inc.)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
fst_de_60 (HKLM\...\fst_de_60_is1) (Version:  - FREE_SOFTTODAY) <==== ATTENTION
fst_de_70 (HKLM\...\fst_de_70_is1) (Version:  - FREE_SOFTTODAY) <==== ATTENTION
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)
iMesh (HKLM\...\iMesh) (Version: 12.5.0.134600 - iMesh Inc) <==== ATTENTION
Installer (HKLM\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
Integrated Webcam Driver (1.00.03.0919)   (HKLM\...\Creative OA008) (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel(R) Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Overwolf (HKLM\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx86.Dist (Version: 1.0.0 - Overwolf) Hidden
PlayCatan Zugangssoftware (HKLM\...\PlayCatan Client) (Version: 3.1148 - Catan GmbH)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.3797 - Systweak Software)
Search Protect (HKLM\...\SearchProtect) (Version: 2.15.11.3 - Client Connect LTD) <==== ATTENTION
Skins (Version: 2008.1114.2149.39131 - ATI) Hidden
Sony PC Companion 2.10.206 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WPM18.8.0.304 (HKLM\...\WPM) (Version: 18.8.0.304 - Cherished Technololgy LIMITED) <==== ATTENTION

==================== Restore Points  =========================

08-06-2014 18:45:54 Sony PC Companion
08-06-2014 18:50:30 Sony PC Companion
21-06-2014 20:04:42 Windows Update

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-04-26 10:30 - 00008890 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
216.239.32.20 google.com www.google.com
216.239.32.20 google.com www.google.ad
216.239.32.20 google.com www.google.ae
216.239.32.20 google.com www.google.com.af
216.239.32.20 google.com www.google.com.ag
216.239.32.20 google.com www.google.com.ai
216.239.32.20 google.com www.google.al
216.239.32.20 google.com www.google.am
216.239.32.20 google.com www.google.co.ao
216.239.32.20 google.com www.google.com.ar 
216.239.32.20 google.com www.google.as 
216.239.32.20 google.com www.google.at 
216.239.32.20 google.com www.google.com.au
216.239.32.20 google.com www.google.az 
216.239.32.20 google.com www.google.ba 
216.239.32.20 google.com www.google.com.bd 
216.239.32.20 google.com www.google.be 
216.239.32.20 google.com www.google.bf 
216.239.32.20 google.com www.google.bg 
216.239.32.20 google.com www.google.com.bh 
216.239.32.20 google.com www.google.bi 
216.239.32.20 google.com www.google.bj 
216.239.32.20 google.com www.google.com.bn 
216.239.32.20 google.com www.google.com.bo 
216.239.32.20 google.com www.google.com.br 
216.239.32.20 google.com www.google.bs 
216.239.32.20 google.com www.google.bt 
216.239.32.20 google.com www.google.co.bw 

There are 163 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51D19989-9A97-43B5-9648-8C75599C7670} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-06-10] (Overwolf LTD)
Task: {697A1811-CF2C-4541-96E7-45C95B03A548} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-04-24] (Systweak)
Task: {6F7AA27B-7E65-4CDA-8048-9761CA5F9081} - System32\Tasks\FF Watcher {7F14B81C-4986-4B8B-9EC8-A4AAD6C6B506} => C:\Program Files\V-bates\PrefHelper.exe
Task: {87EDCD04-35DF-4026-B03D-998C54D4F1AA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9255351A-5EE0-4E85-A13B-08ACB289DA52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.)
Task: {9F96B950-BF20-4FD1-98FC-EB4DD4D07A5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D9F744D5-9360-4621-803D-DF3592EA1B0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E43A4E01-A6C4-41CB-A55E-0D0103A507AD} - System32\Tasks\BlockAndSurf Update => C:\Program Files\-BlockAndSurfS\BlockAndSurfo03.exe [2014-06-23] () <==== ATTENTION
Task: {E4D4A9F5-B69C-4AFB-A189-D4966B782B2D} - System32\Tasks\BlockAndSurf_wd => C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe [2014-06-23] () <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EC45E14C-CECF-4985-9102-B9CF0B3155C6} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe [2014-06-10] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\BlockAndSurf Update.job => C:\Program Files\-BlockAndSurfS\BlockAndSurfo03.exe <==== ATTENTION
Task: C:\Windows\Tasks\BlockAndSurf_wd.job => C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-23 18:58 - 2014-06-23 18:58 - 00180224 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00172544 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurfxE174.dll
2014-04-30 20:39 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
2014-06-25 19:58 - 2014-06-25 19:58 - 00151040 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00102400 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00323584 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\ProtocolFilters.dll
2014-05-22 21:27 - 2014-05-22 21:27 - 00053248 _____ () C:\Users\Sarah\AppData\Roaming\VOPackage\VOsrv.exe
2014-05-22 21:27 - 2014-05-22 21:27 - 00541696 _____ () C:\Program Files\003\xmkysecqun32.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00100864 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurfA.exe
2012-09-18 10:52 - 2008-11-15 00:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2014-06-23 18:57 - 2014-06-23 11:33 - 03353584 _____ () C:\Users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe
2012-09-29 20:31 - 2008-10-13 14:17 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-06-23 18:57 - 2014-06-23 11:33 - 03979760 _____ () C:\Program Files\fst_de_60\fst_de_60.exe
2014-06-30 18:17 - 2014-06-27 15:13 - 03980280 _____ () C:\Program Files\fst_de_70\fst_de_70.exe
2014-06-23 18:58 - 2014-06-23 18:58 - 00131072 _____ () C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe
2012-09-18 10:54 - 2012-09-18 10:54 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-18 13:25 - 2008-11-18 13:25 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 13692232 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
2014-04-25 19:42 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-25 19:42 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2014 07:29:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 07:28:04 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (06/30/2014 05:45:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2014 05:41:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung chrome.exe, Version 34.0.1847.131, Zeitstempel 0x535824c4, fehlerhaftes Modul chrome.dll, Version 34.0.1847.131, Zeitstempel 0x53581e65, Ausnahmecode 0x80000003, Fehleroffset 0x00416cca,
Prozess-ID 0x1e64, Anwendungsstartzeit chrome.exe0.

Error: (06/23/2014 06:43:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.500 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 169c
Anfangszeit: 01cf8f02300b9ad7
Zeitpunkt der Beendigung: 7

Error: (06/23/2014 06:27:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2014 09:44:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SARAH\.THUMBNAILS\NORMAL\FDBA0F123A6A6205043CA6F0A2744481.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/22/2014 09:44:49 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\SARAH\.THUMBNAILS\NORMAL\FDBA0F123A6A6205043CA6F0A2744481.PNG> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
	Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

Error: (06/22/2014 08:56:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/22/2014 01:31:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.500 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 78c
Anfangszeit: 01cf8e0d7049af70
Zeitpunkt der Beendigung: 37


System errors:
=============
Error: (06/30/2014 07:32:34 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Avgldx86
netfilter2

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimsptsk%%2

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: rimmptsk%%2

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVG WatchDog%%3

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVGIDSAgent%%3

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: AVG Firewall%%3

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (06/30/2014 07:29:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Dell Wireless WLAN Tray Service%%2

Error: (06/30/2014 07:29:07 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.


Microsoft Office Sessions:
=========================
Error: (10/24/2012 05:06:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6092 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-06-30 19:36:25.079
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:24.838
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:24.577
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:24.307
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:02.997
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:02.439
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:01.817
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:36:01.045
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:06:36.352
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-06-30 19:06:36.072
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 52%
Total physical RAM: 3066.13 MB
Available physical RAM: 1460.37 MB
Total Pagefile: 6334.54 MB
Available Pagefile: 4342.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:7.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
Drive e: () (Fixed) (Total:174.29 GB) (Free:174.19 GB) NTFS
Drive f: (Sims2EP6) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 3FBE4D3F)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=174 GB) - (Type=07 NTFS)

==================== End Of Log ============================

felix1 · 30.06.2014, 18:46

Zitat:

Zitat von k.sarah

Ahso sorry das schwer das hier zu machen, weil mein Chrome ja ständig abstürzt.

Nur mal eine Zwischenbemerkung, ich bin dann wieder weg: Warum versuchst Du es nicht mal mit alternativen Browsern wie Firefox oder Opera

GL

k.sarah · 30.06.2014, 18:51

felix1 würde ich gerne, aber da ist das selbe in grün -.-

cosinus · 30.06.2014, 19:33

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

k.sarah · 30.06.2014, 20:23

okay ich denke du meinst die erstellte Logdatei ? das wäre folgende:

Code:

ATTFilter

ComboFix 14-06-30.01 - Sarah 30.06.2014  21:01:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2160 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\-BlockAndSurfS\174.dll
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\program files\SearchProtect
c:\program files\SearchProtect\EULA.txt
c:\program files\SearchProtect\Main\bin\CltMngSvc.exe
c:\program files\SearchProtect\Main\bin\SPTool.dll
c:\program files\SearchProtect\Main\bin\uninstall.exe
c:\program files\SearchProtect\Main\rep\SystemRepository.dat
c:\program files\SearchProtect\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\SearchProtect\bin\SPTool64.exe
c:\program files\SearchProtect\SearchProtect\bin\SPVC32.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64.dll
c:\program files\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
c:\program files\SearchProtect\UI\bin\cltmngui.exe
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.css
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.html
c:\program files\SearchProtect\UI\dialogs\bubble\bubble.js
c:\program files\SearchProtect\UI\dialogs\bubble\defaults.js
c:\program files\SearchProtect\UI\dialogs\Images\Apply-default.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-onclick.png
c:\program files\SearchProtect\UI\dialogs\Images\Apply-Rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-uninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\bg-with-logo.png
c:\program files\SearchProtect\UI\dialogs\Images\bg.png
c:\program files\SearchProtect\UI\dialogs\Images\bgNotif.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettings.png
c:\program files\SearchProtect\UI\dialogs\Images\bgSettingsDS.png
c:\program files\SearchProtect\UI\dialogs\Images\bgUninstall.png
c:\program files\SearchProtect\UI\dialogs\Images\btnBlue.png
c:\program files\SearchProtect\UI\dialogs\Images\btnClose.png
c:\program files\SearchProtect\UI\dialogs\Images\btnSilver.png
c:\program files\SearchProtect\UI\dialogs\Images\button-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_checked.png
c:\program files\SearchProtect\UI\dialogs\Images\checkbox_def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-def.png
c:\program files\SearchProtect\UI\dialogs\Images\close-win-over-click.png
c:\program files\SearchProtect\UI\dialogs\Images\gray-bg.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-def.png
c:\program files\SearchProtect\UI\dialogs\Images\hez-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\hez.png
c:\program files\SearchProtect\UI\dialogs\Images\icon-win.png
c:\program files\SearchProtect\UI\dialogs\Images\info-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-rollover.png
c:\program files\SearchProtect\UI\dialogs\Images\menu-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-def.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button-selected.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button.png
c:\program files\SearchProtect\UI\dialogs\Images\radio-button2.png
c:\program files\SearchProtect\UI\dialogs\Images\Settings-icon.png
c:\program files\SearchProtect\UI\dialogs\Images\text-field.png
c:\program files\SearchProtect\UI\dialogs\Images\v.png
c:\program files\SearchProtect\UI\dialogs\Images\x.png
c:\program files\SearchProtect\UI\dialogs\libs\defaults.js
c:\program files\SearchProtect\UI\dialogs\libs\dialogUtils.js
c:\program files\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js
c:\program files\SearchProtect\UI\dialogs\libs\json2.min.js
c:\program files\SearchProtect\UI\dialogs\libs\main.js
c:\program files\SearchProtect\UI\dialogs\libs\SPDialogAPI.js
c:\program files\SearchProtect\UI\dialogs\protection\defaults.js
c:\program files\SearchProtect\UI\dialogs\protection\protection.css
c:\program files\SearchProtect\UI\dialogs\protection\protection.html
c:\program files\SearchProtect\UI\dialogs\protection\protection.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\defaults.js
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.css
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.html
c:\program files\SearchProtect\UI\dialogs\protectionDS\protectionDS.js
c:\program files\SearchProtect\UI\dialogs\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\defaults.js
c:\program files\SearchProtect\UI\dialogs\settings\settings.css
c:\program files\SearchProtect\UI\dialogs\settings\settings.html
c:\program files\SearchProtect\UI\dialogs\settings\settings.js
c:\program files\SearchProtect\UI\dialogs\style.css
c:\program files\SearchProtect\UI\dialogs\uninstall\defaults.js
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.css
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.html
c:\program files\SearchProtect\UI\dialogs\uninstall\uninstall.js
c:\users\Sarah\AppData\Local\AnyProtectScannerSetup.exe
c:\users\Sarah\AppData\Local\nsb9E96.tmp
c:\windows\system32\DEBUG.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-05-28 bis 2014-06-30  ))))))))))))))))))))))))))))))
.
.
2014-06-30 19:09 . 2014-06-30 19:09	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-06-30 16:17 . 2014-06-30 16:17	--------	d-----w-	c:\users\Sarah\AppData\Local\fst_de_70
2014-06-30 16:17 . 2014-06-30 16:17	--------	d-----w-	c:\program files\fst_de_70
2014-06-30 15:29 . 2014-06-30 18:55	--------	d-----w-	c:\program files\SupraSavings
2014-06-30 15:29 . 2014-06-30 15:29	--------	d-----w-	c:\program files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 14:37 . 2014-06-30 14:37	--------	d-----w-	c:\users\Sarah\AppData\Local\SearchProtect
2014-06-23 16:58 . 2014-06-30 19:08	--------	d-----w-	c:\program files\-BlockAndSurfS
2014-06-23 16:57 . 2014-06-30 17:32	--------	d-----w-	c:\users\Sarah\AppData\Local\fst_de_60
2014-06-23 16:57 . 2014-06-23 16:57	--------	d-----w-	c:\program files\fst_de_60
2014-06-17 10:16 . 2014-06-17 10:16	--------	d-----w-	c:\program files\McAfee Security Scan
2014-06-12 19:05 . 2014-06-12 19:05	47488	----a-w-	c:\windows\system32\drivers\netfilter.sys
2014-06-08 18:45 . 2014-06-08 18:45	--------	d-----w-	c:\programdata\Sony
2014-06-08 18:45 . 2014-06-08 18:45	--------	d-----w-	c:\program files\Sony
2014-06-05 11:08 . 2014-06-05 11:08	--------	d-sh--w-	c:\windows\system32\AI_RecycleBin
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-30 18:09 . 2014-05-02 11:27	107736	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-22 12:46 . 2014-05-22 12:46	773968	----a-w-	c:\windows\system32\msvcr100.dll
2014-05-20 12:33 . 2014-05-20 12:34	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2014-05-14 14:12 . 2012-10-30 14:50	70832	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-14 14:12 . 2012-10-30 14:50	692400	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-05-10 20:33 . 2014-05-10 20:33	161792	----a-w-	c:\windows\system32\msls31.dll
2014-05-10 20:33 . 2014-05-10 20:33	86528	----a-w-	c:\windows\system32\iesysprep.dll
2014-05-10 20:33 . 2014-05-10 20:33	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2014-05-10 20:33 . 2014-05-10 20:33	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2014-05-10 20:33 . 2014-05-10 20:33	63488	----a-w-	c:\windows\system32\tdc.ocx
2014-05-10 20:33 . 2014-05-10 20:33	48640	----a-w-	c:\windows\system32\mshtmler.dll
2014-05-10 20:33 . 2014-05-10 20:33	367104	----a-w-	c:\windows\system32\html.iec
2014-05-10 20:33 . 2014-05-10 20:33	74752	----a-w-	c:\windows\system32\iesetup.dll
2014-05-10 20:33 . 2014-05-10 20:33	23552	----a-w-	c:\windows\system32\licmgr10.dll
2014-05-10 20:33 . 2014-05-10 20:33	152064	----a-w-	c:\windows\system32\wextract.exe
2014-05-10 20:33 . 2014-05-10 20:33	150528	----a-w-	c:\windows\system32\iexpress.exe
2014-05-10 20:33 . 2014-05-10 20:33	35840	----a-w-	c:\windows\system32\imgutil.dll
2014-05-10 20:33 . 2014-05-10 20:33	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2014-05-10 20:33 . 2014-05-10 20:33	101888	----a-w-	c:\windows\system32\admparse.dll
2014-05-10 20:32 . 2014-05-10 20:32	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2014-05-10 20:32 . 2014-05-10 20:32	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2014-05-10 20:32 . 2014-05-10 20:32	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2014-05-10 20:32 . 2014-05-10 20:32	98816	----a-w-	c:\windows\system32\mfps.dll
2014-05-10 20:32 . 2014-05-10 20:32	586240	----a-w-	c:\windows\system32\stobject.dll
2014-05-10 20:32 . 2014-05-10 20:32	2873344	----a-w-	c:\windows\system32\mf.dll
2014-05-10 20:32 . 2014-05-10 20:32	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2014-05-10 20:32 . 2014-05-10 20:32	209920	----a-w-	c:\windows\system32\mfplat.dll
2014-05-10 20:32 . 2014-05-10 20:32	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2014-05-10 20:32 . 2014-05-10 20:32	847360	----a-w-	c:\windows\system32\OpcServices.dll
2014-05-10 20:32 . 2014-05-10 20:32	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2014-05-10 20:32 . 2014-05-10 20:32	478720	----a-w-	c:\windows\system32\dxgi.dll
2014-05-10 20:32 . 2014-05-10 20:32	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2014-05-10 20:32 . 2014-05-10 20:32	258048	----a-w-	c:\windows\system32\winspool.drv
2014-05-10 20:32 . 2014-05-10 20:32	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2014-05-10 20:31 . 2014-05-10 20:31	4096	----a-w-	c:\windows\system32\drivers\de-DE\dxgkrnl.sys.mui
2014-05-10 20:31 . 2014-05-10 20:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2014-05-10 20:31 . 2014-05-10 20:31	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2014-05-10 20:31 . 2014-05-10 20:31	252928	----a-w-	c:\windows\system32\dxdiag.exe
2014-05-10 20:31 . 2014-05-10 20:31	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2014-05-10 20:31 . 2014-05-10 20:31	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-05-10 20:31 . 2014-05-10 20:31	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2014-05-10 20:31 . 2014-05-10 20:31	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2014-05-02 17:23 . 2014-05-02 17:37	24064	----a-w-	c:\windows\zoek-delete.exe
2014-04-03 07:51 . 2014-05-02 11:27	51416	----a-w-	c:\windows\system32\drivers\mwac.sys
2014-04-03 07:51 . 2014-05-02 11:27	73432	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2014-04-03 07:50 . 2014-05-02 11:27	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138"="c:\users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-04-24 841032]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Overwolf"="c:\program files\Overwolf\Overwolf.exe" [2014-06-10 39712]
"BlockAndSurf"="c:\program files\-BlockAndSurfS\BlockAndSurf.exe" [2014-06-23 131072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-13 3563520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-11-18 483420]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"fst_de_60"="c:\program files\fst_de_60\fst_de_60.exe" [2014-06-23 3979760]
"fst_de_70"="c:\program files\fst_de_70\fst_de_70.exe" [2014-06-27 3980280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"upfst_de_60.exe"="c:\users\Sarah\AppData\Local\fst_de_60\upfst_de_60.exe" [2014-06-23 3353584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 279456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [2008-11-17 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-30 14:12]
.
2014-06-30 c:\windows\Tasks\BlockAndSurf Update.job
- c:\program files\-BlockAndSurfS\BlockAndSurfo03.exe [2014-06-23 16:58]
.
2014-06-30 c:\windows\Tasks\BlockAndSurf_wd.job
- c:\program files\-BlockAndSurfS\BlockAndSurfA.exe [2014-06-23 16:58]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 19:45]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29 19:45]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
mStart Page = about:blank
uInternet Settings,ProxyServer = http=127.0.0.1:14264;https=127.0.0.1:14264
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.0.1 192.168.0.2
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: browser.search.selectedEngine - Trovi search
FF - prefs.js: browser.startup.homepage - hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
HKLM-Run-AVG_UI - c:\program files\AVG\AVG2013\avgui.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Activeris AntiMalware_is1 - c:\program files\Activeris AntiMalware\unins000.exe
AddRemove-AVG - c:\program files\AVG\AVG2013\avgmfapx.exe
AddRemove-iMesh - c:\program files\iMesh Applications\iMesh\uninstall.exe
AddRemove-SearchProtect - c:\progra~1\SearchProtect\Main\bin\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2014-06-30 21:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
? [52684]
? [53140]
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2014-06-30  21:11:38
ComboFix-quarantined-files.txt  2014-06-30 19:11
.
Vor Suchlauf: 7.667.335.168 Bytes frei
Nach Suchlauf: 7.755.501.568 Bytes frei
.
- - End Of File - - B4A9879B70A693EF20C61C4D9EB3047D
5C616939100B85E558DA92B899A0FC36

weil mein ordner unter /C - ComboFix ist leer irgendwie ... sorry das ich mich soo doof anstelle raff da kaum was von

cosinus · 01.07.2014, 08:17

Adware/Junkware/Toolbars entfernen

1. Schritt: adwCleaner

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

k.sarah · 01.07.2014, 10:58

1. ADW Cleaner

Code:

ATTFilter

# AdwCleaner v3.214 - Bericht erstellt am 01/07/2014 um 11:35:00
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Sarah - SARAH-PC
# Gestartet von : C:\Users\Sarah\Desktop\adwcleaner_3.214.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : BlockAndSurf
[#] Dienst Gelöscht : CltMngSvc
Dienst Gelöscht : IePluginServices
Dienst Gelöscht : vosr
Dienst Gelöscht : Wpm

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Program Files\AnyProtectEx
Ordner Gelöscht : C:\Program Files\SupraSavings
Ordner Gelöscht : C:\Program Files\SupTab
Ordner Gelöscht : C:\Program Files\fst_de_60
Ordner Gelöscht : C:\Program Files\fst_de_70
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\fst_de_60
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\fst_de_70
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\faststartff@gmail.com
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhaejhdlcmboghhjpfmnfiegbmlbjmmn
Datei Gelöscht : C:\Windows\system32\SecureAssist.dll
Datei Gelöscht : C:\Users\Sarah\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\searchplugins\trovi-search.xml
Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
Datei Gelöscht : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\user.js
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\Tasks\BlockAndSurf Update.job
Datei Gelöscht : C:\Windows\System32\Tasks\BlockAndSurf Update
Datei Gelöscht : C:\Windows\Tasks\BlockAndSurf_wd.job
Datei Gelöscht : C:\Windows\System32\Tasks\BlockAndSurf_wd
Datei Gelöscht : C:\Windows\System32\Tasks\FF Watcher {7F14B81C-4986-4B8B-9EC8-A4AAD6C6B506}

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E43A4E01-A6C4-41CB-A55E-0D0103A507AD}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E43A4E01-A6C4-41CB-A55E-0D0103A507AD}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E4D4A9F5-B69C-4AFB-A189-D4966B782B2D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D4A9F5-B69C-4AFB-A189-D4966B782B2D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F7AA27B-7E65-4CDA-8048-9761CA5F9081}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F7AA27B-7E65-4CDA-8048-9761CA5F9081}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_de_60]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_de_70]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\FreeSoftToday
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tutorials
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\blockAndSurf
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\HQVro-1.91
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Rr Savings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\Free_soft_today
Schlüssel Gelöscht : HKLM\Software\HQVro-1.91
Schlüssel Gelöscht : HKLM\Software\LevelQualityWatcher
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\Supra Savings
Schlüssel Gelöscht : HKLM\Software\suprasavings
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_de_60_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_de_70_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{96F1EBE2-6BF6-44E8-84AC-DB577BAD1DD5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\HQVro-1.91
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VOPackage
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\fst_de_60_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\fst_de_70_is1

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16555

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "Trovi search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Trovi search");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432[...]
Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1399056092");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1399014256294");

-\\ Google Chrome v

[ Datei : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Startup_urls] : hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
Gelöscht [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3325582&octid=EB_ORIGINAL_CTID&ISID=M17DCA58A-223A-467E-8B30-E27BDD55B667&SearchSource=55&CUI=&UM=2&UP=SP415D0E4D-F22B-4ED9-A432-56538BF3F01C&SSPV=
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : dhaejhdlcmboghhjpfmnfiegbmlbjmmn
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp

*************************

AdwCleaner[R0].txt - [13526 octets] - [02/05/2014 15:27:10]
AdwCleaner[R1].txt - [12986 octets] - [02/05/2014 15:33:46]
AdwCleaner[R2].txt - [13106 octets] - [02/05/2014 15:41:02]
AdwCleaner[R3].txt - [10805 octets] - [01/07/2014 11:34:01]
AdwCleaner[S0].txt - [1060 octets] - [02/05/2014 15:28:34]
AdwCleaner[S1].txt - [362 octets] - [02/05/2014 15:34:18]
AdwCleaner[S2].txt - [13001 octets] - [02/05/2014 15:41:31]
AdwCleaner[S3].txt - [10579 octets] - [01/07/2014 11:35:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [10640 octets] ##########

2.JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Sarah on 01.07.2014 at 11:46:02,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Sarah\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"



~~~ FireFox

Emptied folder: C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\t8fssmm5.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.07.2014 at 11:49:08,45
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

3. FRST

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Sarah (administrator) on SARAH-PC on 01-07-2014 11:52:58
Running from C:\Users\Sarah\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Systweak) C:\Program Files\Right Backup\RBClientService.exe
() C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
(Systweak) C:\Program Files\Right Backup\RightBackup.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Overwolf LTD) C:\Program Files\Overwolf\Overwolf.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Akamai Technologies, Inc.) C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe
(Overwolf LTD) C:\Program Files\Common Files\Overwolf\0.76.1.0\OverwolfHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Sarah\Desktop\FRST (1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2008-10-13] (Dell Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [483420 2008-11-18] (IDT, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [GoogleChromeAutoLaunch_3AA6F76B1F039D21D0A8ED450CE79138] => C:\Users\Sarah\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [Overwolf] => C:\Program Files\Overwolf\Overwolf.exe [39712 2014-06-10] (Overwolf LTD)
HKU\S-1-5-21-980974912-236747627-2273269295-1000\...\Run: [BlockAndSurf] => C:\Program Files\-BlockAndSurfS\BlockAndSurf.exe [131072 2014-06-23] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x603A7F37CA6DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default
FF NewTab: chrome://quick_start/content/index.html
FF SearchEngineOrder.1: Google
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Sarah\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Star Stable Online - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\t8fssmm5.default\Extensions\plugin@starstable.com [2014-05-06]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-04-25]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
FF HKCU\...\Firefox\Extensions: [{ED75ABA9-372B-880E-9D94-92D475A431DE}] - C:\Program Files\-BlockAndSurfS\174.xpi
FF Extension: BlockAndSurf - C:\Program Files\-BlockAndSurfS\174.xpi [2014-06-23]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe [81920 2008-11-17] (Andrea Electronics Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 OverwolfUpdater; C:\Program Files\Overwolf\OverwolfUpdater.exe [976672 2014-06-10] (Overwolf LTD)
R2 RBClientService; C:\Program Files\Right Backup\RBClientService.exe [48472 2014-04-24] (Systweak)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\STacSV.exe [241746 2008-11-18] (IDT, Inc.)
R2 SupraSavingsService; C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe [151040 2014-06-25] () [File not signed]
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-10-13] (Dell Inc.) [File not signed]
S2 avgfws; "C:\Program Files\AVG\AVG2013\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2013\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [X]
S2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=19A6D51C-2D35-44DB-B412-0B01BF8D2D62 [X]

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [179936 2012-10-22] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [55776 2012-10-15] (AVG Technologies CZ, s.r.o. )
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [19936 2012-09-21] (AVG Technologies CZ, s.r.o. )
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [159712 2012-10-02] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [177376 2012-09-21] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [94048 2012-11-16] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [35552 2012-09-14] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [164832 2012-09-21] (AVG Technologies CZ, s.r.o.)
S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-10-13] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R1 netfilter; C:\Windows\System32\drivers\netfilter.sys [47488 2014-06-12] (NetFilterSDK.com) [File not signed]
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [144672 2008-06-03] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [269536 2008-09-19] (Creative Technology Ltd.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Sarah\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 netfilter2; system32\drivers\netfilter2.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 rimmptsk; system32\DRIVERS\rimmptsk.sys [X]
S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-01 11:52 - 2014-07-01 11:52 - 00014939 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-07-01 11:49 - 2014-07-01 11:49 - 00001141 _____ () C:\Users\Sarah\Desktop\JRT.txt
2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-01 11:42 - 2014-07-01 11:42 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe
2014-07-01 11:42 - 2014-07-01 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-07-01 11:37 - 2014-07-01 11:38 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-01 11:33 - 2014-07-01 11:33 - 01346519 _____ () C:\Users\Sarah\Desktop\adwcleaner_3.214.exe
2014-06-30 21:11 - 2014-06-30 21:11 - 00017403 _____ () C:\ComboFix.txt
2014-06-30 20:58 - 2014-06-30 21:11 - 00000000 ____D () C:\Qoobox
2014-06-30 20:58 - 2014-06-30 21:11 - 00000000 ____D () C:\ComboFix
2014-06-30 20:58 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-30 20:58 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-30 20:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-30 20:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-30 20:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-30 20:58 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-30 20:58 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-30 20:58 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-30 20:57 - 2014-06-30 21:10 - 00000000 ____D () C:\Windows\erdnt
2014-06-30 20:56 - 2014-06-30 20:56 - 05212874 ____R (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-06-30 19:42 - 2014-06-30 19:42 - 00000000 ____D () C:\Users\Sarah\Desktop\FRST
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-23 18:58 - 2014-06-30 21:08 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-23 18:57 - 2014-06-30 18:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-17 12:29 - 2014-05-28 18:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-17 12:29 - 2014-05-28 18:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-17 12:29 - 2014-05-28 18:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-17 12:29 - 2014-05-28 18:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-17 12:29 - 2014-05-28 18:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-17 12:29 - 2014-05-28 18:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-17 12:29 - 2014-05-28 18:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-17 12:29 - 2014-05-28 18:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-17 12:29 - 2014-05-28 18:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-17 12:29 - 2014-05-28 18:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-17 12:29 - 2014-05-28 18:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-17 12:29 - 2014-05-28 18:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-17 12:29 - 2014-05-28 18:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-17 12:29 - 2014-04-26 18:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-17 12:29 - 2014-04-05 04:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-17 12:29 - 2014-03-10 03:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-17 12:29 - 2014-03-10 03:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-03 23:34 - 2014-06-05 13:21 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3

==================== One Month Modified Files and Folders =======

2014-07-01 11:54 - 2014-07-01 11:52 - 00014939 _____ () C:\Users\Sarah\Desktop\FRST.txt
2014-07-01 11:53 - 2014-05-02 15:18 - 00000000 ____D () C:\FRST
2014-07-01 11:49 - 2014-07-01 11:49 - 00001141 _____ () C:\Users\Sarah\Desktop\JRT.txt
2014-07-01 11:47 - 2013-06-26 22:30 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Overwolf
2014-07-01 11:46 - 2014-07-01 11:46 - 00000000 ____D () C:\ProgramData\Systweak
2014-07-01 11:44 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-01 11:44 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-01 11:44 - 2006-11-02 14:47 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-01 11:43 - 2008-01-21 03:35 - 01992817 _____ () C:\Windows\WindowsUpdate.log
2014-07-01 11:43 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-01 11:42 - 2014-07-01 11:42 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe
2014-07-01 11:42 - 2014-07-01 11:42 - 00000000 ____D () C:\Windows\ERUNT
2014-07-01 11:38 - 2014-07-01 11:37 - 00000000 ____D () C:\Program Files\SupraSavings
2014-07-01 11:36 - 2008-01-21 04:47 - 00154060 _____ () C:\Windows\PFRO.log
2014-07-01 11:35 - 2014-05-02 15:27 - 00000000 ____D () C:\AdwCleaner
2014-07-01 11:33 - 2014-07-01 11:33 - 01346519 _____ () C:\Users\Sarah\Desktop\adwcleaner_3.214.exe
2014-06-30 22:12 - 2012-10-30 16:50 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-30 22:06 - 2012-09-29 21:45 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job
2014-06-30 21:11 - 2014-06-30 21:11 - 00017403 _____ () C:\ComboFix.txt
2014-06-30 21:11 - 2014-06-30 20:58 - 00000000 ____D () C:\Qoobox
2014-06-30 21:11 - 2014-06-30 20:58 - 00000000 ____D () C:\ComboFix
2014-06-30 21:11 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-06-30 21:11 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-06-30 21:10 - 2014-06-30 20:57 - 00000000 ____D () C:\Windows\erdnt
2014-06-30 21:09 - 2006-11-02 12:23 - 00000215 _____ () C:\Windows\system.ini
2014-06-30 21:08 - 2014-06-23 18:58 - 00000000 ____D () C:\Program Files\-BlockAndSurfS
2014-06-30 20:56 - 2014-06-30 20:56 - 05212874 ____R (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-06-30 20:09 - 2014-05-02 13:27 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-30 19:42 - 2014-06-30 19:42 - 00000000 ____D () C:\Users\Sarah\Desktop\FRST
2014-06-30 18:44 - 2014-06-30 18:44 - 01073664 _____ (Farbar) C:\Users\Sarah\Desktop\FRST (1).exe
2014-06-30 18:17 - 2014-06-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FREE_SOFTTODAY
2014-06-30 17:29 - 2014-06-30 17:29 - 00000000 ____D () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
2014-06-30 14:40 - 2012-09-29 21:45 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job
2014-06-23 18:58 - 2014-04-26 10:16 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-06-23 18:58 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-06-22 21:53 - 2012-12-11 13:57 - 00000000 ____D () C:\Users\Sarah\.gimp-2.8
2014-06-22 21:46 - 2014-06-22 21:46 - 00010757 _____ () C:\Users\Sarah\AppData\Local\recently-used.xbel
2014-06-22 13:48 - 2012-11-22 19:14 - 00000000 ____D () C:\Users\Sarah\Tracing
2014-06-21 22:14 - 2012-09-29 22:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-20 14:04 - 2013-06-26 22:33 - 00000000 ____D () C:\Program Files\Overwolf
2014-06-19 11:13 - 2014-05-23 08:35 - 00000000 ____D () C:\Program Files\Common Files\Overwolf
2014-06-18 03:40 - 2012-09-07 18:42 - 00001356 _____ () C:\Users\Sarah\AppData\Local\d3d9caps.dat
2014-06-17 12:17 - 2014-06-17 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-17 12:17 - 2014-05-02 13:00 - 00001919 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-17 12:16 - 2014-06-17 12:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-17 12:16 - 2014-04-27 09:12 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-12 21:05 - 2014-06-12 21:05 - 00047488 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter.sys
2014-06-08 20:51 - 2012-09-07 18:48 - 00641602 _____ () C:\Windows\DPINST.LOG
2014-06-08 20:50 - 2006-11-02 12:33 - 01565124 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 20:47 - 2006-11-02 14:52 - 00120035 _____ () C:\Windows\setupact.log
2014-06-08 20:45 - 2014-06-08 20:45 - 00001879 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-06-08 20:45 - 2014-06-08 20:45 - 00000000 ____D () C:\Program Files\Sony
2014-06-08 20:45 - 2012-09-29 20:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-06-05 13:21 - 2014-06-03 23:34 - 00000000 ____D () C:\Users\Sarah\Desktop\music s3
2014-06-05 13:00 - 2012-09-07 18:42 - 00000000 ____D () C:\Users\Sarah
2014-06-04 00:10 - 2014-06-04 00:10 - 00300362 _____ () C:\Users\Sarah\Documents\innenmittext14,5.xcf
2014-06-01 19:38 - 2012-09-07 18:42 - 00105056 _____ () C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-01 19:38 - 2006-11-02 14:47 - 03780448 _____ () C:\Windows\system32\FNTCACHE.DAT

Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-01 11:52

==================== End Of Log ============================

--- --- ---

--- --- ---

und Addition
FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:28-06-2014 02
Ran by Sarah at 2014-07-01 11:57:29
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.4.0.2540 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2.3 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ATI Catalyst Install Manager (HKLM\...\{E4AAB0A5-482C-0048-3D37-57A3965601B6}) (Version: 3.0.699.0 - ATI Technologies, Inc.)
AVG 2013 (Version: 13.0.2904 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3722 - AVG Technologies) Hidden
BlockAndSurf (HKLM\...\1027EDAE-588F-5338-1B71-C109FF99659F) (Version:  - BlockAndSurf-software) <==== ATTENTION
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.22.02 - Broadcom Corporation)
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (Version: 2008.1114.2149.39131 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2008.1114.2149.39131 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization German (Version: 2008.1114.2149.39131 - ATI) Hidden
CCC Help English (Version: 2008.1114.2148.39131 - ATI) Hidden
CCC Help German (Version: 2008.1114.2148.39131 - ATI) Hidden
ccc-core-static (Version: 2008.1114.2149.39131 - Ihr Firmenname) Hidden
ccc-utility (Version: 2008.1114.2149.39131 - ATI) Hidden
Cisco EAP-FAST Module (HKLM\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Dell Dock (HKLM\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Ihr Firmenname)
Die Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims 2: Family Fun - Accessoires (HKLM\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
Die Sims™ 2 Gute Reise (HKLM\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
Die Sims™ 2 Haustiere (HKLM\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
Die Sims™ 2: Glamour-Accessoires (HKLM\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
Dienstprogramm für Dell Wireless WLAN Karte (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.17 - Dell Inc.)
Free YouTube to MP3 Converter version 3.11.32.918 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.32.918 - DVDVideoSoft Ltd.)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6124.0 - IDT)
Integrated Webcam Driver (1.00.03.0919)   (HKLM\...\Creative OA008) (Version:  - )
Intel PROSet Wireless (Version:  - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{AFE36C05-B442-4DEA-9BFB-2D72C8A1E153}) (Version: 12.00.2000 - Intel(R) Corporation)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
Overwolf (HKLM\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx86.Dist (Version: 1.0.0 - Overwolf) Hidden
PlayCatan Zugangssoftware (HKLM\...\PlayCatan Client) (Version: 3.1148 - Catan GmbH)
Right Backup (HKLM\...\980124D4-3D52-4c2d-AD41-9E90BDF4C031_Systweak_Ri~01F2B2E8_is1) (Version: 2.1.1000.3797 - Systweak Software)
Skins (Version: 2008.1114.2149.39131 - ATI) Hidden
Sony PC Companion 2.10.206 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Restore Points  =========================

08-06-2014 18:45:54 Sony PC Companion
08-06-2014 18:50:30 Sony PC Companion
21-06-2014 20:04:42 Windows Update
30-06-2014 18:58:42 ComboFix created restore point

==================== Hosts content: ==========================

2006-11-02 12:23 - 2014-06-30 21:09 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {51D19989-9A97-43B5-9648-8C75599C7670} - System32\Tasks\Overwolf Updater Task => C:\Program Files\Overwolf\OverwolfUpdater.exe [2014-06-10] (Overwolf LTD)
Task: {87EDCD04-35DF-4026-B03D-998C54D4F1AA} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {9255351A-5EE0-4E85-A13B-08ACB289DA52} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.)
Task: {946B194F-B00E-4DCD-8808-5895C6392362} - System32\Tasks\Right Backup_startup => C:\Program Files\Right Backup\RightBackup.exe [2014-04-24] (Systweak)
Task: {9F96B950-BF20-4FD1-98FC-EB4DD4D07A5E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-29] (Google Inc.)
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {D9F744D5-9360-4621-803D-DF3592EA1B0C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EC45E14C-CECF-4985-9102-B9CF0B3155C6} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe [2014-06-10] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000Core.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-980974912-236747627-2273269295-1000UA.job => C:\Users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-30 20:39 - 2013-08-02 19:21 - 00886272 _____ () C:\Program Files\Right Backup\System.Data.SQLite.dll
2014-06-25 19:58 - 2014-06-25 19:58 - 00151040 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService.exe
2014-06-12 21:05 - 2014-06-12 21:05 - 00102400 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\nfapi.dll
2014-06-12 21:05 - 2014-06-12 21:05 - 00323584 _____ () C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\ProtocolFilters.dll
2012-09-18 10:52 - 2008-11-15 00:05 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2012-09-18 10:54 - 2012-09-18 10:54 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-11-18 13:25 - 2008-11-18 13:25 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-09-29 20:31 - 2008-10-13 14:17 - 00055808 _____ () C:\Windows\System32\bcmwlrmt.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 00065352 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 04081480 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 00390472 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-26 21:23 - 2014-04-24 02:33 - 01647432 _____ () C:\Users\Sarah\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (10/24/2012 05:06:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6092 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-07-01 11:57:10.458
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:10.249
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:09.947
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:09.718
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:08.007
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:07.799
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:07.563
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:57:07.341
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:53:52.109
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-01 11:53:51.899
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 38%
Total physical RAM: 3066.13 MB
Available physical RAM: 1870.67 MB
Total Pagefile: 6334.54 MB
Available Pagefile: 5030.41 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:58.5 GB) (Free:5.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
Drive e: () (Fixed) (Total:174.29 GB) (Free:174.19 GB) NTFS
Drive f: (Sims2EP6) (CDROM) (Total:0.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 3FBE4D3F)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=58 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=174 GB) - (Type=07 NTFS)

==================== End Of Log ============================

--- --- ---

cosinus · 01.07.2014, 11:13

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=19A6D51C-2D35-44DB-B412-0B01BF8D2D62 [X]
C:\Program Files\003
C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
C:\Program Files\-BlockAndSurfS

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

k.sarah · 01.07.2014, 11:56

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:28-06-2014 02
Ran by Sarah at 2014-07-01 12:52:31 Run:3
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
S2 xmkysecqun32; C:\Program Files\003\xmkysecqun32.exe run options=01110010030000000000000000000000 sourceguid=19A6D51C-2D35-44DB-B412-0B01BF8D2D62 [X]
C:\Program Files\003
C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62
C:\Program Files\-BlockAndSurfS
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
xmkysecqun32 => Service deleted successfully.
"C:\Program Files\003" => File/Directory not found.
C:\Program Files\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 => Moved successfully.
C:\Program Files\-BlockAndSurfS => Moved successfully.


The system needed a reboot. 

==== End of Fixlog ====

cosinus · 01.07.2014, 12:59

Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

k.sarah · 01.07.2014, 14:32

dauert das immer solange ESET ist gerade mal bei 30% und das läuft schon ne ganze weile ...

Chrome scheint totale Probleme zu haben - wieder virus?

Alles rund um Windows: Chrome scheint totale Probleme zu haben - wieder virus?

Problem: Chrome scheint totale Probleme zu haben - wieder virus?