Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.08.2014, 13:36   #1
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Hallo zusammen.

Ich hab folgendes Problem. Ich war seit längerer Zeit wieder zuhause und habe mir den Rechner meiner Schwester angeschaut und zur Überprüfung Malwarebytes Anti-Malware drüber laufen lassen und was alles gefunden worde, hat mir die Sprache verschlagen. Unter anderem "SpyEyes" und "Exploit.Drop2".
Habe sofort alle Funde in Quarantäne schieben lassen. Meine Frage ist, ob das Problem gelöst ist, wenn ich die Funde dann lösche?

Der Rechner läuft unter Windows Vista Home Premium 32-Bit

Leider scheint Malewarebytes das Scan Log nicht gespeichert zu haben, Funde sind jedoch noch in der Quarantäne.
Ich weiß leider nicht was ich nun tun soll. Funde wieder herstellen und Malwarebytes erneut suchen lassen und das Logfile dann posten?

Vielen Dank für eure Zeit und Hilfe.

Alt 11.08.2014, 13:39   #2
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Normalerweise sollten die alten Logs im Malwarebytes noch angezeigt werden.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Wähle Exportieren auf Textdatei (.txt) und speichere die Datei als mbam.txt auf dem Desktop ab.

oder

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd

Bitte posten.

Ausserdem:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 11.08.2014, 14:05   #3
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Danke für die schnelle Antwort.

Das einzige was an Logfiles für Malwarebytes zu finden ist ist dies:
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Protection, 11.08.2014 11:25:43, SYSTEM, VISTA-SARAH, Protection, Malware Protection, Starting, 
Protection, 11.08.2014 11:25:43, SYSTEM, VISTA-SARAH, Protection, Malware Protection, Started, 
Protection, 11.08.2014 11:25:44, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Starting, 
Protection, 11.08.2014 11:25:53, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Started, 
Update, 11.08.2014 11:25:59, SYSTEM, VISTA-SARAH, Manual, Rootkit Database, 2014.2.20.1, 2014.8.4.1, 
Update, 11.08.2014 11:26:04, SYSTEM, VISTA-SARAH, Manual, Malware Database, 2014.3.4.9, 2014.8.11.1, 
Protection, 11.08.2014 11:26:06, SYSTEM, VISTA-SARAH, Protection, Refresh, Starting, 
Protection, 11.08.2014 11:26:06, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Stopping, 
Protection, 11.08.2014 11:26:07, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Stopped, 
Protection, 11.08.2014 11:26:19, SYSTEM, VISTA-SARAH, Protection, Refresh, Success, 
Protection, 11.08.2014 11:26:19, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Starting, 
Protection, 11.08.2014 11:26:27, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Started, 
Detection, 11.08.2014 11:28:40, SYSTEM, VISTA-SARAH, Protection, Malware Protection, File, PUP.Optional.MoviesToolBar.A, C:\Program Files\ilividmoviestoolbar20\IE\searchresultsDx.dll, Quarantine, [d37ae0e52754a294e99d428e5ea447b9]
Protection, 11.08.2014 13:11:40, SYSTEM, VISTA-SARAH, Protection, Malware Protection, Starting, 
Protection, 11.08.2014 13:11:40, SYSTEM, VISTA-SARAH, Protection, Malware Protection, Started, 
Protection, 11.08.2014 13:11:40, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Starting, 
Protection, 11.08.2014 13:11:53, SYSTEM, VISTA-SARAH, Protection, Malicious Website Protection, Started, 

(end)
         
Und hier die FRST und Addition Files:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by Ulrike (ATTENTION: The logged in user is not administrator) on VISTA-SARAH on 11-08-2014 14:55:35
Running from C:\Users\Ulrike\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Apple Inc.) D:\Eigene Dateien Sarah\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Bandoo Media Inc.) C:\Users\Ulrike\AppData\Local\iLivid\iLivid.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [20131224] => C:\Program Files\AVAST Software\Avast\setup\emupdate\b485f9eb-04ca-450b-8641-65370ea77096.exe [181136 2014-04-29] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [216064 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [UpgradeChecker] => C:\Users\Ulrike\AppData\Roaming\Apple\{4918B296-3A37-4B77-BD5B-BBF282120CD2}\UpgradeChecker.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [iLivid] => C:\Users\Ulrike\AppData\Local\iLivid\iLivid.exe [8271360 2014-04-08] (Bandoo Media Inc.)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {4439ad29-ed98-11df-a55a-0019dbf9a6d2} - E:\USBAutoRun.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {a8ec11a8-fb76-11e3-b93a-0019dbf9a6d2} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {c28635ed-43dc-11df-b1b5-0019dbf9a6d2} - E:\Startme.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {f0b9cc8f-ad66-11dc-83a4-806e6f6e6963} - V:\Autorun.exe
Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-706&v=n12441-329&t=4
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=706&systemid=406&v=n12441-329&apn_uid=2471443035084031&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\..\Interfaces\{5E7022F2-13CB-4FBB-B1E7-A00289EF29EA}: [NameServer]80.69.100.138,141.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default
FF SearchEngineOrder.1: Ask.com
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Eigene Dateien Sarah\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ask New Tabs - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\Extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D} [2014-04-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-06-23]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-08-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-04]

Chrome: 
=======
CHR StartupUrls: "hxxp://www.google.com/"
CHR Extension: (Docs) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-05]
CHR Extension: (Google Drive) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-05]
CHR Extension: (YouTube) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-05]
CHR Extension: (Google-Suche) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-05]
CHR Extension: (avast! Online Security) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-04-05]
CHR Extension: (Google Wallet) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-05]
CHR Extension: (Google Mail) - C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 iphlpsvc; C:\Windows\System32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [22016 2006-11-02] (Microsoft Corporation)
R2 ProtexisLicensing; c:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-06-27] () [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-05] ()
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 LVPrcMon; C:\Windows\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-11] (Malwarebytes Corporation)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lvckap; \??\C:\Windows\system32\drivers\Lvckap.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 14:55 - 2014-08-11 14:56 - 00017581 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-08-11 14:55 - 2014-08-11 14:55 - 00000000 ____D () C:\FRST
2014-08-11 14:54 - 2014-08-11 14:54 - 00002628 _____ () C:\Users\Ulrike\Documents\malware.txt
2014-08-11 14:53 - 2014-08-11 14:53 - 01091072 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 13:58 - 2014-08-11 13:58 - 00001921 _____ () C:\Users\Ulrike\Desktop\malware.txt
2014-08-11 11:25 - 2014-08-11 11:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:25 - 2014-08-11 11:25 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:25 - 2014-08-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 11:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-11 11:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-11 11:21 - 2014-08-11 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ulrike\Downloads\mbam-setup-2.0.2.1012.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 14:56 - 2014-08-11 14:55 - 00017581 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-08-11 14:55 - 2014-08-11 14:55 - 00000000 ____D () C:\FRST
2014-08-11 14:55 - 2007-12-29 17:23 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D0316E42-18F8-4AD3-98B5-BC660DCACB02}.job
2014-08-11 14:55 - 2007-12-19 15:07 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{562793F0-D950-4A92-BFFB-D396560F5ECA}.job
2014-08-11 14:55 - 2007-12-18 15:43 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{2F7ADF65-47B0-4D3C-A955-AFA893897013}.job
2014-08-11 14:54 - 2014-08-11 14:54 - 00002628 _____ () C:\Users\Ulrike\Documents\malware.txt
2014-08-11 14:54 - 2012-07-25 13:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 14:53 - 2014-08-11 14:53 - 01091072 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST.exe
2014-08-11 14:48 - 2012-06-23 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-11 14:48 - 2007-12-18 14:48 - 01411470 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 14:39 - 2014-04-05 11:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 14:35 - 2014-08-11 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 14:10 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 14:10 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 13:58 - 2014-08-11 13:58 - 00001921 _____ () C:\Users\Ulrike\Desktop\malware.txt
2014-08-11 13:14 - 2009-12-25 16:58 - 00000000 ____D () C:\Users\Ulrike\Tracing
2014-08-11 13:11 - 2014-04-05 11:53 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 13:11 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 12:15 - 2006-11-02 15:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-11 11:54 - 2012-07-25 13:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-11 11:54 - 2011-08-08 01:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-11 11:27 - 2014-08-11 11:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:25 - 2014-08-11 11:25 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:25 - 2014-08-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-11 11:21 - 2014-08-11 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ulrike\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 12:08 - 2009-05-17 17:12 - 156135202 _____ () C:\Windows\MEMORY.DMP
2014-08-09 12:08 - 2009-05-17 17:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-08 18:19 - 2007-12-25 15:10 - 00000848 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-08-05 09:20 - 2009-10-02 20:26 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\root\AppData\Local\Temp\AskSLib.dll
C:\Users\root\AppData\Local\Temp\EAD3A45.exe
C:\Users\root\AppData\Local\Temp\EAD6D28.exe
C:\Users\root\AppData\Local\Temp\EAD794A.exe
C:\Users\root\AppData\Local\Temp\EAD7F93.exe
C:\Users\root\AppData\Local\Temp\EADABB0.exe
C:\Users\root\AppData\Local\Temp\EADB3CA.exe
C:\Users\root\AppData\Local\Temp\EADC6EB.exe
C:\Users\root\AppData\Local\Temp\EADD631.exe
C:\Users\root\AppData\Local\Temp\EADD741.exe
C:\Users\root\AppData\Local\Temp\EADDD67.exe
C:\Users\root\AppData\Local\Temp\eauninstall.exe
C:\Users\root\AppData\Local\Temp\First15.exe
C:\Users\root\AppData\Local\Temp\incredibar_installer.exe
C:\Users\root\AppData\Local\Temp\installerdll7001515.dll
C:\Users\root\AppData\Local\Temp\installerdll7040687.dll
C:\Users\root\AppData\Local\Temp\installerdll765062.dll
C:\Users\root\AppData\Local\Temp\installerdll797109.dll
C:\Users\root\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\root\AppData\Local\Temp\Setup.exe
C:\Users\root\AppData\Local\Temp\The Sims 2 Pets_uninst.exe
C:\Users\root\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\root\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\root\AppData\Local\Temp\VP6Install.exe
C:\Users\root\AppData\Local\Temp\VP6VFW.dll
C:\Users\Sarah\AppData\Local\Temp\3j98C93.exe
C:\Users\Sarah\AppData\Local\Temp\5v99BE1.exe
C:\Users\Sarah\AppData\Local\Temp\aqqE6A8.exe
C:\Users\Sarah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Sarah\AppData\Local\Temp\z1k2AF0.exe
C:\Users\Ulrike\AppData\Local\Temp\CmdLineExt01.dll
C:\Users\Ulrike\AppData\Local\Temp\msg6C67.exe
C:\Users\Ulrike\AppData\Local\Temp\msgF5A5.exe
C:\Users\Ulrike\AppData\Local\Temp\SIntf16.dll
C:\Users\Ulrike\AppData\Local\Temp\SIntf32.dll
C:\Users\Ulrike\AppData\Local\Temp\SIntfNT.dll
C:\Users\Ulrike\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================
         
--- --- ---

--- --- ---
[/CODE

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by Ulrike at 2014-08-11 14:57:20
Running from C:\Users\Ulrike\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}) (Version: 12.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2016 - Avast Software)
Big Fish Games Center (remove only) (HKLM\...\Big Fish Games Center) (Version:  - )
Big Fish Games Sudoku (remove only) (HKLM\...\Big Fish Games Sudoku) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP1600 (HKLM\...\CANONBJ_Deinstall_CNMCP75.DLL) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version:  - )
Cradle of Rome (remove only) (HKLM\...\Cradle of Rome) (Version:  - )
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.0.1827 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.0.1827 - CyberLink Corp.) Hidden
Die Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.17.60 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
ECMM A2 (HKLM\...\ECMM A2) (Version:  - )
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG)
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Free M4a to MP3 Converter 7.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic® III Complete (HKLM\...\Heroes of Might and Magic® III) (Version:  - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4408 - Bandoo Media Inc) <==== ATTENTION
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Luxor Amun Rising (remove only) (HKLM\...\Luxor Amun Rising) (Version:  - )
MAGIX Foto Manager 2007 4.2.0.79 (D) (HKLM\...\MAGIX Foto Manager 2007 D) (Version: 4.2.0.79 - MAGIX AG)
MAGIX Media Suite 1.12.0.89 (D) (HKLM\...\MAGIX Media Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Music Manager 2007 8.2.0.144 (D) (HKLM\...\MAGIX Music Manager 2007 D) (Version: 8.2.0.144 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
MAGIX Ringtone Maker SE 3.1.0.4 (D) (HKLM\...\MAGIX Ringtone Maker SE D) (Version: 3.1.0.4 - MAGIX AG)
Mahjong Towers Eternity EU (remove only) (HKLM\...\Mahjong Towers Eternity EU) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Prime Suspects (remove only) (HKLM\...\Mystery Case Files - Prime Suspects) (Version:  - )
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571031}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org Installer 1.0 (HKLM\...\{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}) (Version: 1.0.9221 - Sun Microsystems)
Poker Superstars II (remove only) (HKLM\...\Poker Superstars II) (Version:  - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3810 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.01 - Akademische Arbeitsgemeinschaft Verlag)
Turbo Lister (HKLM\...\InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}) (Version: 2.0.0 - eBay)
Turbo Lister (Version: 2.0.0 - eBay) Hidden
Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
Turbo Lister 2 (Version: 2.0.0 - eBay) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
Virtual Villagers (remove only) (HKLM\...\Virtual Villagers) (Version:  - )
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WordPerfect Office X3 (HKLM\...\_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}) (Version:  - Corel Corporation)
WordPerfect Office X3 (Version: 13.3 - Corel Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{2F7ADF65-47B0-4D3C-A955-AFA893897013}.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{562793F0-D950-4A92-BFFB-D396560F5ECA}.job => ?
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D0316E42-18F8-4AD3-98B5-BC660DCACB02}.job => ?

==================== Loaded Modules (whitelisted) =============

2014-08-11 11:21 - 2014-08-11 11:21 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081100\algo.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () c:\Windows\system32\PSIService.exe
2009-01-25 19:39 - 2008-06-27 14:18 - 00244904 ____R () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2014-04-05 11:52 - 2014-04-05 11:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-11 14:35 - 2014-08-11 14:35 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2014 02:48:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:35:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:10:57 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Error: (08/11/2014 11:27:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:26:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:24:52 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Error: (08/09/2014 01:08:25 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Error: (08/09/2014 01:04:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung QuickTimePlayer.exe, Version 7.69.80.9, Zeitstempel 0x4cf444ff, fehlerhaftes Modul QuickTimePlayer.dll, Version 7.69.80.9, Zeitstempel 0x4cf444e1, Ausnahmecode 0xc0000409, Fehleroffset 0x00005b6d,
Prozess-ID 0xe48, Anwendungsstartzeit QuickTimePlayer.exe0.


System errors:
=============
Error: (08/09/2014 00:08:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.08.2014 um 12:07:23 unerwartet heruntergefahren.

Error: (06/23/2014 05:13:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.06.2014 um 17:11:21 unerwartet heruntergefahren.

Error: (05/10/2014 02:11:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update-Dienst (gupdate)%%1053

Error: (05/10/2014 02:11:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Google Update-Dienst (gupdate)

Error: (04/29/2014 02:29:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Google Update-Dienst (gupdate)

Error: (04/26/2014 00:49:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ULLI-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E7022F2-13CB-4FBB-B1E7-A00289-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/25/2014 02:21:16 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ULLI-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E7022F2-13CB-4FBB-B1E7-A00289-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/05/2014 02:02:15 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (02/01/2014 01:03:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Apple Mobile Device1600001Neustart des Diensts

Error: (01/20/2014 06:17:01 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ULLI-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E7022F2-13CB-4FBB-B1E7-A00289-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (08/11/2014 02:48:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:35:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:10:57 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (08/11/2014 11:27:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:26:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:24:52 AM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (08/09/2014 01:08:25 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (08/09/2014 01:04:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: QuickTimePlayer.exe7.69.80.94cf444ffQuickTimePlayer.dll7.69.80.94cf444e1c000040900005b6de4801cfb3c199c2a4f7


CodeIntegrity Errors:
===================================
  Date: 2014-08-11 14:56:52.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:52.812
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:52.656
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:52.499
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:51.919
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:51.747
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:51.544
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:51.372
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 11:36:18.438
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 11:36:18.259
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 56%
Total physical RAM: 2045.88 MB
Available physical RAM: 886.12 MB
Total Pagefile: 4305.04 MB
Available Pagefile: 2979.13 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.52 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:216.41 GB) (Free:96.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:107.22 GB) (Free:96.14 GB) NTFS
Drive v: (Sims3EP03) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
__________________

Alt 11.08.2014, 18:40   #4
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



FRST bitte erneut, als Administrator ausführen:
Und bitte neue FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 11.08.2014, 18:56   #5
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



FRST wurde jetzt als Admin ausgeführt.

FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-08-2014 01
Ran by root (administrator) on VISTA-SARAH on 11-08-2014 19:47:31
Running from C:\Users\Ulrike\Downloads
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\System32\PSIService.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) D:\Eigene Dateien Sarah\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Bandoo Media Inc.) C:\Users\Ulrike\AppData\Local\iLivid\iLivid.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\RunOnce: [20131224] => C:\Program Files\AVAST Software\Avast\setup\emupdate\b485f9eb-04ca-450b-8641-65370ea77096.exe [181136 2014-04-29] (AVAST Software)
HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [216064 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [MBPlayer] => C:\Program Files\MB application\MBPlayer.exe [48640 2006-12-19] (MusicBrigade)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [Logitech Vid] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\MountPoints2: {53ba2e18-7129-11de-a368-0019dbf9a6d2} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [UpgradeChecker] => C:\Users\Ulrike\AppData\Roaming\Apple\{4918B296-3A37-4B77-BD5B-BBF282120CD2}\UpgradeChecker.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [iLivid] => C:\Users\Ulrike\AppData\Local\iLivid\iLivid.exe [8271360 2014-04-08] (Bandoo Media Inc.)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {4439ad29-ed98-11df-a55a-0019dbf9a6d2} - E:\USBAutoRun.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {a8ec11a8-fb76-11e3-b93a-0019dbf9a6d2} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {c28635ed-43dc-11df-b1b5-0019dbf9a6d2} - E:\Startme.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {f0b9cc8f-ad66-11dc-83a4-806e6f6e6963} - V:\Autorun.exe
Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-4103437458-4055112347-3955121511-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4103437458-4055112347-3955121511-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - {B6E35D9F-85C8-4246-9E98-90FAA4ABA14E} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F9956A95-CA9F-475D-9D72-5A4504AA37B6} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 23 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\..\Interfaces\{5E7022F2-13CB-4FBB-B1E7-A00289EF29EA}: [NameServer]80.69.100.138,141.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Eigene Dateien Sarah\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wortliste von hxxp://tkltrans.sf.net (alte und neue deutsche Rechtschreibung) - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default\Extensions\de-DE-comb@dictionaries.addons.mozilla.org [2008-10-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-11]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-08-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-04]

Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ProtexisLicensing; c:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-06-27] () [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-05] ()
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 LVPrcMon; C:\Windows\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-11] (Malwarebytes Corporation)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lvckap; \??\C:\Windows\system32\drivers\Lvckap.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 14:57 - 2014-08-11 14:59 - 00025772 _____ () C:\Users\Ulrike\Downloads\Addition.txt
2014-08-11 14:55 - 2014-08-11 19:48 - 00018028 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-08-11 14:55 - 2014-08-11 19:47 - 00000000 ____D () C:\FRST
2014-08-11 14:53 - 2014-08-11 14:53 - 01091072 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 13:58 - 2014-08-11 13:58 - 00001921 _____ () C:\Users\Ulrike\Desktop\malware.txt
2014-08-11 11:25 - 2014-08-11 11:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:25 - 2014-08-11 11:25 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:25 - 2014-08-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 11:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-11 11:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-11 11:21 - 2014-08-11 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ulrike\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 12:08 - 2014-08-09 12:08 - 00155432 _____ () C:\Windows\Minidump\Mini080914-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-11 19:48 - 2014-08-11 14:55 - 00018028 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-08-11 19:48 - 2007-12-18 14:48 - 01416562 _____ () C:\Windows\WindowsUpdate.log
2014-08-11 19:47 - 2014-08-11 14:55 - 00000000 ____D () C:\FRST
2014-08-11 19:46 - 2009-12-25 16:58 - 00000000 ____D () C:\Users\Ulrike\Tracing
2014-08-11 19:45 - 2007-12-29 17:23 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D0316E42-18F8-4AD3-98B5-BC660DCACB02}.job
2014-08-11 19:45 - 2007-12-19 15:07 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{562793F0-D950-4A92-BFFB-D396560F5ECA}.job
2014-08-11 19:45 - 2007-12-18 15:43 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{2F7ADF65-47B0-4D3C-A955-AFA893897013}.job
2014-08-11 19:42 - 2014-04-05 11:53 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-11 19:42 - 2012-06-23 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-11 19:42 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-11 19:42 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-11 19:42 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-11 16:42 - 2006-11-02 15:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-11 16:40 - 2014-04-05 11:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-11 15:54 - 2012-07-25 13:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-11 14:59 - 2014-08-11 14:57 - 00025772 _____ () C:\Users\Ulrike\Downloads\Addition.txt
2014-08-11 14:53 - 2014-08-11 14:53 - 01091072 _____ (Farbar) C:\Users\Ulrike\Downloads\FRST.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 13:58 - 2014-08-11 13:58 - 00001921 _____ () C:\Users\Ulrike\Desktop\malware.txt
2014-08-11 11:54 - 2012-07-25 13:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-11 11:54 - 2011-08-08 01:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-11 11:27 - 2014-08-11 11:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:25 - 2014-08-11 11:25 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:25 - 2014-08-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-11 11:21 - 2014-08-11 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ulrike\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 12:08 - 2014-08-09 12:08 - 00155432 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-09 12:08 - 2009-05-17 17:12 - 156135202 _____ () C:\Windows\MEMORY.DMP
2014-08-09 12:08 - 2009-05-17 17:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-08 18:19 - 2007-12-25 15:10 - 00000848 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-08-05 09:20 - 2009-10-02 20:26 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\root\AppData\Local\Temp\AskSLib.dll
C:\Users\root\AppData\Local\Temp\EAD3A45.exe
C:\Users\root\AppData\Local\Temp\EAD6D28.exe
C:\Users\root\AppData\Local\Temp\EAD794A.exe
C:\Users\root\AppData\Local\Temp\EAD7F93.exe
C:\Users\root\AppData\Local\Temp\EADABB0.exe
C:\Users\root\AppData\Local\Temp\EADB3CA.exe
C:\Users\root\AppData\Local\Temp\EADC6EB.exe
C:\Users\root\AppData\Local\Temp\EADD631.exe
C:\Users\root\AppData\Local\Temp\EADD741.exe
C:\Users\root\AppData\Local\Temp\EADDD67.exe
C:\Users\root\AppData\Local\Temp\eauninstall.exe
C:\Users\root\AppData\Local\Temp\First15.exe
C:\Users\root\AppData\Local\Temp\incredibar_installer.exe
C:\Users\root\AppData\Local\Temp\installerdll7001515.dll
C:\Users\root\AppData\Local\Temp\installerdll7040687.dll
C:\Users\root\AppData\Local\Temp\installerdll765062.dll
C:\Users\root\AppData\Local\Temp\installerdll797109.dll
C:\Users\root\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\root\AppData\Local\Temp\Setup.exe
C:\Users\root\AppData\Local\Temp\The Sims 2 Pets_uninst.exe
C:\Users\root\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\root\AppData\Local\Temp\vlc-2.0.2-win32.exe
C:\Users\root\AppData\Local\Temp\VP6Install.exe
C:\Users\root\AppData\Local\Temp\VP6VFW.dll
C:\Users\Sarah\AppData\Local\Temp\3j98C93.exe
C:\Users\Sarah\AppData\Local\Temp\5v99BE1.exe
C:\Users\Sarah\AppData\Local\Temp\aqqE6A8.exe
C:\Users\Sarah\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sarah\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Sarah\AppData\Local\Temp\z1k2AF0.exe
C:\Users\Ulrike\AppData\Local\Temp\CmdLineExt01.dll
C:\Users\Ulrike\AppData\Local\Temp\msg6C67.exe
C:\Users\Ulrike\AppData\Local\Temp\msgF5A5.exe
C:\Users\Ulrike\AppData\Local\Temp\SIntf16.dll
C:\Users\Ulrike\AppData\Local\Temp\SIntf32.dll
C:\Users\Ulrike\AppData\Local\Temp\SIntfNT.dll
C:\Users\Ulrike\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-11 19:48

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-08-2014 01
Ran by root at 2014-08-11 19:49:38
Running from C:\Users\Ulrike\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}) (Version: 12.00.0000 - Akademische Arbeitsgemeinschaft)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader 8.1.3 - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-A81300000003}) (Version: 8.1.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{10E3A6DD-84D8-4D8A-BB11-5E5314BCA7FD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2016 - Avast Software)
Big Fish Games Center (remove only) (HKLM\...\Big Fish Games Center) (Version:  - )
Big Fish Games Sudoku (remove only) (HKLM\...\Big Fish Games Sudoku) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Canon iP1600 (HKLM\...\CANONBJ_Deinstall_CNMCP75.DLL) (Version:  - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version:  - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version:  - )
Cradle of Rome (remove only) (HKLM\...\Cradle of Rome) (Version:  - )
CyberLink MediaShow (HKLM\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.0.1827 - CyberLink Corp.)
CyberLink MediaShow (Version: 4.0.1827 - CyberLink Corp.) Hidden
Die Sims 2 (HKLM\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version:  - )
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.17.60 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
Die Sims™ 3 Traumkarrieren (HKLM\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
EA Download Manager (HKLM\...\EADM) (Version: 5.0.0.255 - Electronic Arts, Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
ECMM A2 (HKLM\...\ECMM A2) (Version:  - )
Firebird SQL Server - MAGIX Edition 2.0.0.1 (D) (HKLM\...\Firebird SQL Server D) (Version: 2.0.0.1 - MAGIX AG)
FirstSteps Diagnostics (HKLM\...\{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}) (Version: 1.00 - Fujitsu Siemens Computers)
Free M4a to MP3 Converter 7.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Heroes of Might and Magic® III Complete (HKLM\...\Heroes of Might and Magic® III) (Version:  - )
HijackThis 2.0.2 (HKLM\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iTunes (HKLM\...\{616445AF-BBCF-41C1-A4D6-8CFF171C182D}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 33 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Java(TM) 6 Update 7 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160070}) (Version: 1.6.0.70 - Sun Microsystems, Inc.)
Luxor Amun Rising (remove only) (HKLM\...\Luxor Amun Rising) (Version:  - )
MAGIX Foto Manager 2007 4.2.0.79 (D) (HKLM\...\MAGIX Foto Manager 2007 D) (Version: 4.2.0.79 - MAGIX AG)
MAGIX Media Suite 1.12.0.89 (D) (HKLM\...\MAGIX Media Suite D) (Version: 1.12.0.89 - MAGIX AG)
MAGIX Music Manager 2007 8.2.0.144 (D) (HKLM\...\MAGIX Music Manager 2007 D) (Version: 8.2.0.144 - MAGIX AG)
MAGIX Online Druck Service 2.3.2.0 (D) (HKLM\...\MAGIX Online Druck Service D) (Version: 2.3.2.0 - MAGIX AG)
MAGIX Ringtone Maker SE 3.1.0.4 (D) (HKLM\...\MAGIX Ringtone Maker SE D) (Version: 3.1.0.4 - MAGIX AG)
Mahjong Towers Eternity EU (remove only) (HKLM\...\Mahjong Towers Eternity EU) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XML Parser (Version: 8.0.7820.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery Case Files - Prime Suspects (remove only) (HKLM\...\Mystery Case Files - Prime Suspects) (Version:  - )
Nero 7 Essentials (HKLM\...\{81CD6232-10F5-4832-B3DA-1B88B1571031}) (Version: 7.02.5851 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OpenOffice.org Installer 1.0 (HKLM\...\{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}) (Version: 1.0.9221 - Sun Microsystems)
Poker Superstars II (remove only) (HKLM\...\Poker Superstars II) (Version:  - )
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 2 (HKLM\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
Skype web features (HKLM\...\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}) (Version: 1.0.3810 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Steuer-Spar-Erklärung 2008 (HKLM\...\{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}) (Version: 13.02.0000 - Akademische Arbeitsgemeinschaft)
Steuer-Spar-Erklärung 2009 (HKLM\...\{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}) (Version: 14.01.0000 - Akademische Arbeitsgemeinschaft Verlag)
Steuer-Spar-Erklärung 2010 (HKLM\...\{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}) (Version: 15.01 - Akademische Arbeitsgemeinschaft Verlag)
Turbo Lister (HKLM\...\InstallShield_{99CC78D1-2356-497C-84C1-F239884001EC}) (Version: 2.0.0 - eBay)
Turbo Lister (Version: 2.0.0 - eBay) Hidden
Turbo Lister 2 (HKLM\...\InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}) (Version: 2.0.0 - eBay)
Turbo Lister 2 (Version: 2.0.0 - eBay) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VIA Rhine-Family Fast-Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version:  - )
Virtual Villagers (remove only) (HKLM\...\Virtual Villagers) (Version:  - )
VoiceOver Kit (HKLM\...\{7C5B4583-7CBF-4289-B195-03B553959DEA}) (Version: 1.40.128.0 - Apple Inc.)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WordPerfect Office X3 (HKLM\...\_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}) (Version:  - Corel Corporation)
WordPerfect Office X3 (Version: 13.3 - Corel Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{89E98545-557B-9C55-05E7-7BEA67C570E5}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{B572AAA3-BDB5-BC16-D5D1-21E4985B5D79}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{C9026E99-A180-5118-FC1F-AE7847F852A3}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1000_Classes\CLSID\{D3ABC50D-479A-7235-CDEB-F245D25FF8D0}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{20411FB0-0AD9-A48A-3BD6-26FB696B78C7}\InprocServer32 -> C:\Program Files\Common Files\Ahead\Lib\NMAudioCDContentHandler.dll (Nero AG)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{53B45807-A53D-57BC-9471-5C0C2D3EC539}\InprocServer32 -> C:\Program Files\Common Files\Ahead\Lib\NMAudioCDContentHandler.dll (Nero AG)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{589838F0-A203-C529-8289-D490B71D9648}\InprocServer32 -> C:\Program Files\Common Files\Ahead\Lib\NMAudioCDContentHandler.dll (Nero AG)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{89E98545-557B-9C55-05E7-7BEA67C570E5}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{9E385F0A-0BA2-430C-96AA-4399C5E40F6C}\localserver32 -> C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{B572AAA3-BDB5-BC16-D5D1-21E4985B5D79}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{C9026E99-A180-5118-FC1F-AE7847F852A3}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{D17F3A25-D24B-F665-2F17-19DAAC0647C0}\InprocServer32 -> C:\Program Files\Common Files\Ahead\Lib\NMAudioCDContentHandler.dll (Nero AG)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{D3ABC50D-479A-7235-CDEB-F245D25FF8D0}\InprocServer32 -> C:\Windows\system32\catsrvut.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-4103437458-4055112347-3955121511-1002_Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}\InprocServer32 -> C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

==================== Restore Points  =========================

29-04-2014 12:41:03 Windows Update
30-04-2014 17:16:39 Geplanter Prüfpunkt
02-05-2014 15:20:03 Windows Update
06-05-2014 12:03:54 Windows Update
10-05-2014 12:14:25 Windows Update
13-05-2014 12:16:50 Windows Update
17-05-2014 08:36:37 Windows Update
18-05-2014 12:07:04 Windows Update
22-05-2014 15:42:15 Windows Update
22-05-2014 15:52:31 Installiert RollerCoaster Tycoon 2
24-05-2014 12:55:56 Windows Update
27-05-2014 14:10:07 Geplanter Prüfpunkt
10-06-2014 12:08:24 Geplanter Prüfpunkt
23-06-2014 15:00:22 Geplanter Prüfpunkt
07-07-2014 15:26:16 Geplanter Prüfpunkt
31-07-2014 12:26:11 Geplanter Prüfpunkt
11-08-2014 09:24:30 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {093FF087-CE07-4248-B048-9327CEA8195D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-11] (Adobe Systems Incorporated)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3458004F-91D2-4BD6-882D-BB5C0FADC9B0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {893E4745-25E4-48E3-98F7-469EAC38EC33} - System32\Tasks\{BA18A978-80BC-47CB-8429-61EBFA86F696} => C:\Program Files\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A76A0458-573D-4935-8DAC-C79EBD1F8AA4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C14DDC10-9E61-4C0C-8308-6A6FE5D805C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {C5E7EE93-6D8E-446F-88CF-C4ADCED3C1D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-05] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{2F7ADF65-47B0-4D3C-A955-AFA893897013}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{562793F0-D950-4A92-BFFB-D396560F5ECA}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D0316E42-18F8-4AD3-98B5-BC660DCACB02}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2014-08-11 11:21 - 2014-08-11 11:21 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081100\algo.dll
2014-08-11 19:47 - 2014-08-11 19:47 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081101\algo.dll
2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2006-11-02 20:40 - 2006-11-02 20:40 - 00174656 _____ () c:\Windows\system32\PSIService.exe
2009-01-25 19:39 - 2008-06-27 14:18 - 00244904 ____R () C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2014-04-05 11:52 - 2014-04-05 11:52 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:C980DA7D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/11/2014 07:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 07:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 07:46:18 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: Vom %vista-sarah27-Echtzeitschutz-Prüfpunkt wurde ein Fehler festgestellt. Er konnte daraufhin nicht gestartet werden.

	Benutzer: vista-sarah\Ulrike

	Prüfpunkt-ID: 27

	Fehlercode: 0x80070005

	Fehlerbeschreibung: Zugriff verweigert

Error: (08/11/2014 02:48:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:35:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:10:57 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.

Error: (08/11/2014 11:27:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:26:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


System errors:
=============
Error: (08/11/2014 07:46:29 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (08/11/2014 07:44:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update-Dienst (gupdate)%%1053

Error: (08/11/2014 07:44:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Google Update-Dienst (gupdate)

Error: (08/09/2014 00:08:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 09.08.2014 um 12:07:23 unerwartet heruntergefahren.

Error: (06/23/2014 05:13:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 23.06.2014 um 17:11:21 unerwartet heruntergefahren.

Error: (05/10/2014 02:11:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Google Update-Dienst (gupdate)%%1053

Error: (05/10/2014 02:11:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Google Update-Dienst (gupdate)

Error: (04/29/2014 02:29:25 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Google Update-Dienst (gupdate)

Error: (04/26/2014 00:49:55 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ULLI-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E7022F2-13CB-4FBB-B1E7-A00289-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (04/25/2014 02:21:16 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "ULLI-LAPTOP",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{5E7022F2-13CB-4FBB-B1E7-A00289-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (08/11/2014 07:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 07:47:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 07:46:18 PM) (Source: WinDefendRtp) (EventID: 3003) (User: )
Description: %%8271.1.1505.0270x80070005Zugriff verweigert vista-sarahUlrikeS-1-5-21-4103437458-4055112347-3955121511-1002

Error: (08/11/2014 02:48:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:35:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 02:10:57 PM) (Source: WerSvc) (EventID: 5007) (User: )
Description: 8014FFF9

Error: (08/11/2014 11:27:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:12 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:27:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (08/11/2014 11:26:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.


CodeIntegrity Errors:
===================================
  Date: 2014-08-11 19:49:00.002
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:59.815
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:59.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:59.455
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:59.018
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:58.829
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:58.658
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 19:48:58.454
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:52.968
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-08-11 14:56:52.812
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 50%
Total physical RAM: 2045.88 MB
Available physical RAM: 1016.29 MB
Total Pagefile: 4305.04 MB
Available Pagefile: 3082.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1928.93 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:216.41 GB) (Free:97.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:107.22 GB) (Free:96.14 GB) NTFS
Drive v: (Sims3EP03) (CDROM) (Total:6.75 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 335 GB) (Disk ID: 65388394)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=216 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=107 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         


Alt 11.08.2014, 22:07   #6
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Auf dem Rechner gibt es einen Benutzer mit eingeschränken Anmeldezeiten, ist das korrekt so ?
__________________
--> Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2

Alt 11.08.2014, 22:15   #7
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Von eingeschränkten Anmeldezeiten ist mir nichts bekannt. Ein Benutzerkonto steht jedoch unter Jugendschutz.

Alt 12.08.2014, 08:29   #8
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Also zwischen den Logs gibt es eine Diskrepanz:

Code:
ATTFilter
iLivid (HKCU\...\iLivid) (Version: 5.0.0.4408 - Bandoo Media Inc) <==== ATTENTION
         
Fehlt in der 2. Addition.txt.

  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scans durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 12.08.2014, 08:35   #9
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.



Der ESET Lauf dauert i.d.R. länger

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 12.08.2014, 10:21   #10
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Zwischen den Schritten habe ich nichts weiter installiert oder deinstalliert. Warum der Eintrag in der 2. Addition.txt fehlt, kann ich leider nicht sagen.

Hier ist die log Datei vom AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.304 - Bericht erstellt am 12/08/2014 um 10:52:03
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzername : root - VISTA-SARAH
# Gestartet von : C:\Users\Ulrike\Desktop\adwcleaner_3.304.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DataMngr
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Ulrike\AppData\Local\iLivid
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Datei Gelöscht : C:\Users\Ulrike\Desktop\iLivid.lnk
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Schlüssel Gelöscht : HKCU\Software\APNDTX
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6000.17037


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Engel\AppData\Roaming\Mozilla\Firefox\Profiles\fnm2btpp.default\prefs.js ]


[ Datei : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\riej0w6m.default\prefs.js ]


[ Datei : C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4269 octets] - [12/08/2014 10:49:30]
AdwCleaner[S0].txt - [4192 octets] - [12/08/2014 10:52:03]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4252 octets] ##########
         
Bei dem JTR bekam ich folgende Meldung.
"A bad module has been detected! A reboot is required to remove moduls."
Darauf hin habe ich den Rechner neu gestartet. Es öffnete sich keine Textdatei und ich habe JTR noch einmal gestartet, jedoch bekam ich wieder die gleiche Meldung.
"A bad module has been detected! A reboot is required to remove moduls."

Alt 12.08.2014, 11:00   #11
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Hast du Avast! deaktiviert ?
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 12.08.2014, 21:24   #12
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Avast war deaktiviert, aber hatte trotzdem Probleme verursacht. Nach einem weiteren Versuch funktionierte es dann jedoch.

Hier alle drei Logfiles zusammen.

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v3.304 - Bericht erstellt am 12/08/2014 um 10:52:03
# Aktualisiert 08/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium  (32 bits)
# Benutzername : root - VISTA-SARAH
# Gestartet von : C:\Users\Ulrike\Desktop\adwcleaner_3.304.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\DataMngr
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\Users\Ulrike\AppData\Local\iLivid
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
Datei Gelöscht : C:\Users\Ulrike\Desktop\iLivid.lnk
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\searchplugins\Ask.xml
Datei Gelöscht : C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\user.js

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iLivid.torrent
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Schlüssel Gelöscht : HKCU\Software\APNDTX
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Trymedia Systems

***** [ Browser ] *****

-\\ Internet Explorer v7.0.6000.17037


-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Engel\AppData\Roaming\Mozilla\Firefox\Profiles\fnm2btpp.default\prefs.js ]


[ Datei : C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\riej0w6m.default\prefs.js ]


[ Datei : C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v35.0.1916.114

[ Datei : C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ Datei : C:\Users\Ulrike\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4269 octets] - [12/08/2014 10:49:30]
AdwCleaner[S0].txt - [4192 octets] - [12/08/2014 10:52:03]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4252 octets] ##########
         

JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by root on 12.08.2014 at 20:00:53,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.08.2014 at 20:09:51,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=be52db36add7814da49b44ce1c938951
# engine=19623
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-12 08:09:42
# local_time=2014-08-12 10:09:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6000 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 11182374 11182760 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 106029 245406910 0 0
# scanned=205030
# found=41
# cleaned=0
# scan_time=5939
sh=5661E134A7A9798AE37178362CE8BC8FE8AE8581 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs_12_08_2014_10_53_12.js"
sh=AC3EDAD8683B505636EEDF34C85B882E096245FA ft=1 fh=49ad4c2161af039f vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulrike\AppData\Local\iLivid\Helper.dll.vir"
sh=4A157461043BF52BD89134CC9A718CB2BBF614B4 ft=1 fh=95b8994d155fbc7d vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulrike\AppData\Local\iLivid\Uninstall.exe.vir"
sh=C5DB8386C3A901DD6D4FB8B66685B889FA1099F9 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\user.js.vir"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\root\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A91YPGGA\ApnIC[1].0"
sh=4E8A8E380D1A77BA431D61FF87CB4F3ABD9C02B4 ft=1 fh=d813df953ad1d4f7 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\root\AppData\Local\Temp\ASKB45.tmp"
sh=EEAA8E7CBF57449AB12AB62B19A60C7ECE9C975B ft=1 fh=8f8f2608bfa07014 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\root\AppData\Local\Temp\AskSLib.dll"
sh=F3C848B67FD2914516F83FB65B204F61768C4EFB ft=1 fh=b7e14907d3f07c71 vn="Win32/Somoto.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\root\AppData\Local\Temp\UpdateCheckerSetup.exe"
sh=72004E2E15BEBEF85FDA91A40B90258AA5A52681 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-4681.BD Trojaner" ac=I fn="C:\Users\Ulrike\AppData\Local\Temp\jar_cache3588837730348786464.tmp"
sh=AC3EDAD8683B505636EEDF34C85B882E096245FA ft=1 fh=49ad4c2161af039f vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Local\Temp\nsyDA9.tmp\Helper.dll"
sh=B9FFF95AEA847A268BE98C722FAC72974955FE15 ft=1 fh=ae27bd50ea8a28a0 vn="Win32/Soffer.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Local\Temp\nsyDA9.tmp\soffer.dll"
sh=4A157461043BF52BD89134CC9A718CB2BBF614B4 ft=1 fh=95b8994d155fbc7d vn="Variante von Win32/Toolbar.SearchSuite.G evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Local\Temp\~nsu.tmp\Au_.exe"
sh=A66E10C484CCFDEC5D7A2C934E363D8BA1EE5193 ft=1 fh=58e61acde3046387 vn="Win32/AdWare.Bandoo.AD Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Local\VirtualStore\Program Files\Movies Toolbar\Datamngr\setmgrc1.cfg"
sh=20E59B4419282F5DEB32B2DD1E5E17C14525849B ft=1 fh=77225fcde9ec27a4 vn="Win64/Adware.Bandoo.A Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Local\VirtualStore\Program Files\Movies Toolbar\Datamngr\x64\setmgrc1.cfg"
sh=BF86C971C16C715C0B161F16A19E880FD43167AC ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs.js"
sh=1333E1A5C8D6C14F09FFDFEF6E957CD31DB37EFA ft=1 fh=1ec8e5a716b1c263 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF10.dll"
sh=24DCEF84FCE6D832CC8EE555CE290D0BCB885125 ft=1 fh=376e1dd1111ea1d1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF11.dll"
sh=8D3CAEF52F8F163FCFA1DB36A5EA370ECDE4515C ft=1 fh=08162afd6702226e vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF12.dll"
sh=59BFCDEF127B4ABF9E051EEB043CCBD5CA08E831 ft=1 fh=c2e4b6edbd539f78 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF13.dll"
sh=6B84D699A72FEBBC497567D899A91BDFFB7E1F6A ft=1 fh=a41fa2382ccca41d vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF14.dll"
sh=A46299E42C851E08B39EAE6EE244B0DA6A91F13A ft=1 fh=0a7d55876dd6abcb vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF16.dll"
sh=68E9D4FAF3E983DCF38046A49F70566AFECDD20C ft=1 fh=ccac9091b377e5f0 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF17.dll"
sh=DE827E15C68D09C5353B0203C00512CFC92A485D ft=1 fh=1af11dac80f81726 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF18.dll"
sh=6742B63D3429644CE3EDE65B897EFA915E30C67B ft=1 fh=70c2c89b3486455c vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF19.dll"
sh=44A8DAE2434CD3A7577BA911D0A2DC6233BFE08E ft=1 fh=20b0fd9470c7b467 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF2.dll"
sh=6D449D60D26BC1DDE8283D16AE2CEC2BF369ED95 ft=1 fh=997b710ac4fc86aa vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF20.dll"
sh=B28567CB73376639274CEDF66CF4A759CB508627 ft=1 fh=71428ccc58962145 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF21.dll"
sh=C7385D2C7C7DC839B973292B187BF9164742021D ft=1 fh=604a95c8baa65222 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF22.dll"
sh=C811119EDBE2B2F97075D8251F30334578E2FB35 ft=1 fh=d388960333202bd1 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF23.dll"
sh=3B1419B66140724769B936D71B20AB027982D7B2 ft=1 fh=65ef0c299ab7e938 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF24.dll"
sh=CCBA9EB44600F17D08976741221278F409924F9C ft=1 fh=b7d0b7b7e356d351 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF25.dll"
sh=4A04D6965F965A9F87EE2779172E538EE0502805 ft=1 fh=e23b4f217e6cd793 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF26.dll"
sh=69E47DD60CC4B8C3F1E5AA9F8C0039D29BFBB996 ft=1 fh=0551b9d166238b94 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF27.dll"
sh=BAD2463B4D20931790C5D4D69BA1115F6A02CDCC ft=1 fh=e0903c24041fbf6a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF28.dll"
sh=7F6BB3150E0838F02693B2377BC2FE2FCCF34AF7 ft=1 fh=1fdf22c09025f0a7 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF4.dll"
sh=B62302B72FAADD77E52A1A99DF17E9C721E177EC ft=1 fh=ad0bac59c336e1ed vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF5.dll"
sh=DFA9595AAD950247197DD192EDC66503291E0621 ft=1 fh=42072ec94308fd8a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF6.dll"
sh=C2CAA493BE1C87E26FCE212015521894454D33D7 ft=1 fh=ba30d2a78fb3bf7b vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF7.dll"
sh=74BBE6BFCBCFB27E8B415CD473D16FE076BBD4FE ft=1 fh=e5927128602e112a vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF8.dll"
sh=5D5258C7B0A4404D127B8E64D977CD78262653BE ft=1 fh=6684e04379f92fc0 vn="möglicherweise Variante von Win32/Toolbar.SearchSuite.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\components\DatamngrHlpFF9.dll"
sh=011C6AC3C584E4650D6FA5FECF6D2E32C50A9457 ft=1 fh=5f9bc7bf4fd4339a vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Ulrike\Downloads\m4a-to-mp3-70converter.exe"
         

Alt 13.08.2014, 08:22   #13
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.


Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
"C:\Users\Ulrike\AppData\Local\VirtualStore\Program Files\Movies Toolbar\Datamngr"
"C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}"
"C:\Users\Ulrike\Downloads\m4a-to-mp3-70converter.exe"
cmd: type "C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs.js"
emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.



Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Alt 13.08.2014, 10:35   #14
Floydian
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Hier die logs.


checkup:

Code:
ATTFilter
 Results of screen317's Security Check version 0.99.86  
 Windows Vista  x86 (UAC is enabled)  
 Out of date service pack!! 
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 HijackThis 2.0.2    
 Java(TM) 6 Update 33  
 Java 7 Update 51  
 Java(TM) 6 Update 7  
 Java version out of Date! 
 Adobe Flash Player 	14.0.0.145  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox (31.0) 
 Google Chrome 35.0.1916.114  
 Google Chrome 36.0.1985.125  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSASCui.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MSASCui.exe   
 OnlineDiagnostic TestManager TestHandler.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         

Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:13-08-2014
Ran by root at 2014-08-13 11:09:20 Run:1
Running from C:\Users\Ulrike\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
"C:\Users\Ulrike\AppData\Local\VirtualStore\Program Files\Movies Toolbar\Datamngr"
"C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}"
"C:\Users\Ulrike\Downloads\m4a-to-mp3-70converter.exe"
cmd: type "C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs.js"
emptytemp:
*****************

C:\Users\Ulrike\AppData\Local\VirtualStore\Program Files\Movies Toolbar\Datamngr => Moved successfully.
C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\extensions\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D} => Moved successfully.
C:\Users\Ulrike\Downloads\m4a-to-mp3-70converter.exe => Moved successfully.

=========  type "C:\Users\Ulrike\AppData\Roaming\Mozilla\Firefox\Profiles\5g0nvvjw.default\prefs.js" =========

# Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 */

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1407756897);
user_pref("app.update.lastUpdateTime.background-update-timer", 1407756777);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1407757017);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1407832735);
user_pref("app.update.lastUpdateTime.experiments-update-timer", 1407761478);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1340132817);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1407832615);
user_pref("app.update.service.errors", 1);
user_pref("browser.cache.disk.capacity", 358400);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size.use_old_max", false);
user_pref("browser.cache.disk.smart_size_cached_value", 358400);
user_pref("browser.cache.frecency_experiment", 3);
user_pref("browser.download.dir", "C:\\Users\\Ulrike\\Downloads");
user_pref("browser.download.importedFromSqlite", true);
user_pref("browser.download.lastDir", "C:\\Users\\Ulrike\\Pictures");
user_pref("browser.download.manager.alertOnEXEOpen", true);
user_pref("browser.download.panel.shown", true);
user_pref("browser.migration.version", 22);
user_pref("browser.newtabpage.storageVersion", 1);
user_pref("browser.pagethumbnails.storage_version", 3);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 7);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.rights.3.shown", true);
user_pref("browser.safebrowsing.enabled", false);
user_pref("browser.safebrowsing.malware.enabled", false);
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20140716183446");
user_pref("browser.slowStartup.averageTime", 0);
user_pref("browser.slowStartup.samples", 0);
user_pref("browser.startup.homepage", "https://www.google.de/");
user_pref("browser.startup.homepage_override.buildID", "20140716183446");
user_pref("browser.startup.homepage_override.mstone", "31.0");
user_pref("browser.syncPromoViewsLeftMap", "{\"passwords\":0}");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-button\",\"history-panelmenu\",\"fullscreen-button\",\"find-button\",\"preferences-button\",\"add-ons-button\",\"developer-button\"],\"addon-bar\":[\"addonbar-closebutton\",\"status-bar\"],\"PersonalToolbar\":[\"personal-bookmarks\"],\"nav-bar\":[\"unified-back-forward-button\",\"urlbar-container\",\"reload-button\",\"stop-button\",\"search-container\",\"downloads-button\",\"home-button\",\"bookmarks-menu-button\",\"webrtc-status-button\",\"social-share-button\",\"wrc-toolbar-button\",\"window-controls\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\",\"tabs-closebutton\"],\"toolbar-menubar\":[\"menubar-items\"]},\"seen\":[],\"dirtyAreaCache\":[\"PersonalToolbar\",\"nav-bar\",\"TabsToolbar\",\"toolbar-menubar\",\"PanelUI-contents\",\"addon-bar\"],\"newElementCount\":0}");
user_pref("browser.uitour.whitelist.add.260", "");
user_pref("datareporting.healthreport.lastDataSubmissionFailureTime", "1398878568629");
user_pref("datareporting.healthreport.lastDataSubmissionRequestedTime", "1407756481628");
user_pref("datareporting.healthreport.lastDataSubmissionSuccessfulTime", "1407756483874");
user_pref("datareporting.healthreport.nextDataSubmissionTime", "1407842883874");
user_pref("datareporting.healthreport.service.firstRun", true);
user_pref("datareporting.policy.dataSubmissionPolicyAccepted", true);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 1);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1389099855340");
user_pref("datareporting.policy.dataSubmissionPolicyResponseTime", "1389100005787");
user_pref("datareporting.policy.dataSubmissionPolicyResponseType", "accepted-info-bar-dismissed");
user_pref("datareporting.policy.firstRunTime", "1388412224938");
user_pref("datareporting.sessions.current.activeTicks", 72);
user_pref("datareporting.sessions.current.clean", true);
user_pref("datareporting.sessions.current.firstPaint", 51971);
user_pref("datareporting.sessions.current.main", 45789);
user_pref("datareporting.sessions.current.sessionRestored", 53677);
user_pref("datareporting.sessions.current.startTime", "1407832446651");
user_pref("datareporting.sessions.current.totalTime", 742);
user_pref("datareporting.sessions.currentIndex", 234);
user_pref("datareporting.sessions.previous.230", "{\"s\":1407756406476,\"a\":498,\"t\":4251,\"c\":true,\"m\":7127,\"fp\":12372,\"sr\":12880}");
user_pref("datareporting.sessions.previous.231", "{\"s\":1407761340884,\"a\":148,\"t\":6778,\"c\":true,\"m\":2330,\"fp\":12031,\"sr\":20623}");
user_pref("datareporting.sessions.previous.232", "{\"s\":1407779111934,\"a\":10,\"t\":121,\"c\":true,\"m\":14878,\"fp\":28873,\"sr\":30670}");
user_pref("datareporting.sessions.previous.233", "{\"s\":1407779561607,\"a\":55,\"t\":328,\"c\":true,\"m\":3314,\"fp\":6723,\"sr\":7457}");
user_pref("datareporting.sessions.prunedIndex", 229);
user_pref("devtools.telemetry.tools.opened.version", "{\"DEVTOOLS_WEBCONSOLE_OPENED_PER_USER_FLAG\":\"28.0\"}");
user_pref("dom.mozApps.used", true);
user_pref("extensions.blocklist.pingCountTotal", 335);
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.enabledAddons", "wrc%40avast.com:9.0.2016.82,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
user_pref("extensions.enabledItems", "wrc@avast.com:7.0.1426,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11");
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20140527.01.3");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"c:\\\\Windows\\\\Microsoft.NET\\\\Framework\\\\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\",\"mtime\":1251990138675,\"rdfTime\":1232707720000},\"wrc@avast.com\":{\"descriptor\":\"C:\\\\Program Files\\\\AVAST Software\\\\Avast\\\\WebRep\\\\FF\",\"mtime\":1396691575661,\"rdfTime\":1396691557010}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1407760549422,\"rdfTime\":1407760549078}}},{\"name\":\"app-profile\",\"addons\":{\"{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\":{\"descriptor\":\"C:\\\\Users\\\\Ulrike\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5g0nvvjw.default\\\\extensions\\\\{0AF2132C-D508-1D6C-F240-7AAAB6C9E66D}\",\"mtime\":1401121280155,\"rdfTime\":1398506879637},\"{20a82645-c095-46ed-80e3-08825760534b}\":{\"descriptor\":\"C:\\\\Users\\\\Ulrike\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\5g0nvvjw.default\\\\extensions\\\\{20a82645-c095-46ed-80e3-08825760534b}.xpi\",\"mtime\":1340454796262}}}]");
user_pref("extensions.lastAppVersion", "31.0");
user_pref("extensions.lastPlatformVersion", "31.0");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.update.notifyUser", false);
user_pref("extensions.wrc.RulesVersion", "");
user_pref("extensions.wrc.SearchRules./v1/update/rule/foo.bar.style", "some style");
user_pref("extensions.wrc.SearchRules./v1/update/rule/foo.bar.url", "testik.bb");
user_pref("extensions.wrc.SearchRules.atlas.cz.style", ".WRCN {display:none} .results-list .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.atlas.cz.url", "^http\\:\\/\\/searchatlas\\.centrum\\.cz\\/.+");
user_pref("extensions.wrc.SearchRules.atlas.cz\":{.style", ".WRCN {display:none} .results-list .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.atlas.cz\":{.url", "^http\\\\:\\\\/\\\\/searchatlas\\\\.centrum\\\\.cz\\\\/.+");
user_pref("extensions.wrc.SearchRules.atlas.sk.style", ".WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.atlas.sk.url", "^http\\:\\/\\/hladaj\\.atlas\\.sk\\/.+");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.bing.com.style", ".WRCN {display:none} .sb_tlst .WRCN, .sp_pss .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.bing.com.url", "^http(s)?\\:\\/\\/www\\.bing\\.com\\/(.)*");
user_pref("extensions.wrc.SearchRules.centrum.cz.style", ".WRCN {display:none} .results-list h3 > .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.centrum.cz.url", "^http(s)?\\:\\/\\/search\\.centrum\\.cz\\/(.)*");
user_pref("extensions.wrc.SearchRules.centrum.sk.style", ".WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.centrum.sk.url", "^http\\:\\/\\/search\\.centrum\\.sk\\/.+");
user_pref("extensions.wrc.SearchRules.delicious.com.style", ".WRCN {display:none} .taggedlink + .WRCN, .data .full-url .WRCN, .content .link .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.delicious.com.url", "^http\\:\\/\\/(www\\.)?delicious\\.com\\/(.)*");
user_pref("extensions.wrc.SearchRules.dmoz.org.style", ".WRCN {display:none} ol.site li .WRCN{display:inline !important; background: url(\"IMAGE\") right no-repeat} ol.site li .ref .WRCN {display:none!important}");
user_pref("extensions.wrc.SearchRules.dmoz.org.url", "^http\\:\\/\\/www\\.dmoz\\.org\\/search(.)+");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/search\\/.*");
user_pref("extensions.wrc.SearchRules.gazeta.pl.style", ".WRCN {display:none} .results-index HEADER  .WRCN {display:inline !important;  background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.gazeta.pl.url", "^http\\:\\/\\/szukaj\\.gazeta\\.pl\\/.+");
user_pref("extensions.wrc.SearchRules.google.com.style", ".WRCN {display:none} .r .WRCN, .osl .WRCN, .bc .WRCN, .fc .WRCN, #rhsline ol .WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.google.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?google\\.(com|[a-z\\.]{2,})\\/(.)*");
user_pref("extensions.wrc.SearchRules.interia.pl.style", ".WRCN {display:none} .row .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.interia.pl.url", "^http\\:\\/\\/(www\\.)?google\\.interia\\.pl\\/szukaj\\/.+");
user_pref("extensions.wrc.SearchRules.onet.pl.style", ".WRCN {display:none} #main .link .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.onet.pl.url", "^http\\:\\/\\/szukaj\\.onet\\.pl\\/.+");
user_pref("extensions.wrc.SearchRules.paginegialle.it.style", ".WRCN {display:none} .lnkwww + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.paginegialle.it.url", "^http\\:\\/\\/www\\.paginegialle\\.it\\/pgol\\/.+");
user_pref("extensions.wrc.SearchRules.public.avast.com.style", ".WRCN {display:inline; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.public.avast.com.url", "^http(s)?\\:\\/\\/public\\.avast\\.com\\/(.)*");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .b-serp__list .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.rambler.ru.url", "^http\\:\\/\\/nova\\.rambler\\.ru\\/.+");
user_pref("extensions.wrc.SearchRules.scroogle.org.style", "a + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat} {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.scroogle.org.url", "^http\\:\\/\\/www\\.scroogle\\.org\\/.*");
user_pref("extensions.wrc.SearchRules.seznam.cz.style", ".WRCN {display:none} #results .WRCN, .sklik-title > .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.seznam.cz.url", "^http(s)?\\:\\/\\/search\\.seznam\\.cz\\/(.)*");
user_pref("extensions.wrc.SearchRules.sky.com.style", ".WRCN {display:none} #results h3 .WRCN, #sponsored_top h3 .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.sky.com.url", "^http\\:\\/\\/search\\.sky\\.com/.+");
user_pref("extensions.wrc.SearchRules.slashdot.org.style", ".WRCN {display:none} .body i .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.slashdot.org.url", "^http\\:\\/\\/slashdot\\.org\\/.*");
user_pref("extensions.wrc.SearchRules.stackoverflow.com.style", ".WRCN {display:none} .post-text .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}\"}");
user_pref("extensions.wrc.SearchRules.stackoverflow.com.url", "^http\\:\\/\\/stackoverflow\\.com\\/.+");
user_pref("extensions.wrc.SearchRules.terra.com.br.style", ".WRCN {display:none} #searchResultsDiv .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.terra.com.br.url", "^http\\:\\/\\/buscador\\.terra\\.com\\.br\\/.+");
user_pref("extensions.wrc.SearchRules.tiscali.it.style", ".WRCN {display:none} .katalogSponsorItem .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.tiscali.it.url", "^http\\:\\/\\/search\\.tiscali\\.it\\/.+");
user_pref("extensions.wrc.SearchRules.uol.com.br.style", ".WRCN {display:none} #results dt .WRCN, #results .link .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat} #results .link .similar .WRCN {display: none!important}");
user_pref("extensions.wrc.SearchRules.uol.com.br.url", "^http\\:\\/\\/(.\\.)?busca\\.uol\\.com\\.br\\/.+");
user_pref("extensions.wrc.SearchRules.virgilio.it.style", ".WRCN {display:none}  .record .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat} .risultati .record .sponsor + .WRCN {display: none!important}");
user_pref("extensions.wrc.SearchRules.virgilio.it.url", "^http\\:\\/\\/ricerca\\.virgilio\\.it\\/.+");
user_pref("extensions.wrc.SearchRules.virginmedia.com.style", ".WRCN {display:none} .result .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.virginmedia.com.url", "^http\\:\\/\\/search\\.virginmedia\\.com\\/.+");
user_pref("extensions.wrc.SearchRules.whereis.com.style", ".WRCN {display:none} .priority_url .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.whereis.com.url", "^http\\:\\/\\/www\\.whereis\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.wp.pl.style", ".WRCN {display:none} .res .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.wp.pl.url", "^http\\:\\/\\/szukaj\\.wp\\.pl\\/.+");
user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*");
user_pref("extensions.wrc.SearchRules.yandex.ru.style", ".WRCN {display:none} .b-serp-item__title-link + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.yandex.ru.url", "^http\\:\\/\\/yandex\\.ru\\/.+");
user_pref("extensions.wrc.SearchRules.yell.com.style", ".WRCN {display:none} .advert-content .WRCN, .other-cta .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat} .advert-content .star + .WRCN, .advert-content .logoImg + .WRCN, .other-cta .shareLink + .WRCN {display: none!important}");
user_pref("extensions.wrc.SearchRules.yell.com.url", "^http\\:\\/\\/www\\.yell\\.com\\/.+");
user_pref("extensions.wrc.SearchRules.zoznam.sk.style", ".WRCN {display:none} .box_content .link_right .link_title + .WRCN, .gsc-title .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.zoznam.sk.url", "^http\\:\\/\\/www\\.zoznam\\.sk\\/.+");
user_pref("font.internaluseonly.changed", true);
user_pref("gecko.buildID", "20140716183446");
user_pref("gecko.mstone", "31.0");
user_pref("general.useragent.extra.microsoftdotnet", "(.NET CLR 3.5.30729)");
user_pref("idle.lastDailyNotification", 1407760018);
user_pref("intl.charsetmenu.browser.cache", "windows-1252, ISO-8859-15, ISO-8859-1, us-ascii, UTF-8");
user_pref("network.cookie.prefsMigrated", true);
user_pref("pdfjs.migrationVersion", 2);
user_pref("pdfjs.previousHandler.alwaysAskBeforeHandling", true);
user_pref("pdfjs.previousHandler.preferredAction", 4);
user_pref("places.database.lastMaintenance", 1407756482);
user_pref("places.history.expiration.transient_current_max_pages", 53632);
user_pref("plugin.disable_full_page_plugin_for_types", "application/pdf");
user_pref("plugin.importedState", true);
user_pref("print.print_printer", "Canon iP1600");
user_pref("print.printer_Canon_iP1600.print_bgcolor", false);
user_pref("print.printer_Canon_iP1600.print_bgimages", false);
user_pref("print.printer_Canon_iP1600.print_command", "");
user_pref("print.printer_Canon_iP1600.print_downloadfonts", false);
user_pref("print.printer_Canon_iP1600.print_edge_bottom", 0);
user_pref("print.printer_Canon_iP1600.print_edge_left", 0);
user_pref("print.printer_Canon_iP1600.print_edge_right", 0);
user_pref("print.printer_Canon_iP1600.print_edge_top", 0);
user_pref("print.printer_Canon_iP1600.print_evenpages", true);
user_pref("print.printer_Canon_iP1600.print_footercenter", "");
user_pref("print.printer_Canon_iP1600.print_footerleft", "&PT");
user_pref("print.printer_Canon_iP1600.print_footerright", "&D");
user_pref("print.printer_Canon_iP1600.print_headercenter", "");
user_pref("print.printer_Canon_iP1600.print_headerleft", "&T");
user_pref("print.printer_Canon_iP1600.print_headerright", "&U");
user_pref("print.printer_Canon_iP1600.print_in_color", true);
user_pref("print.printer_Canon_iP1600.print_margin_bottom", "0.5");
user_pref("print.printer_Canon_iP1600.print_margin_left", "0.5");
user_pref("print.printer_Canon_iP1600.print_margin_right", "0.5");
user_pref("print.printer_Canon_iP1600.print_margin_top", "0.5");
user_pref("print.printer_Canon_iP1600.print_oddpages", true);
user_pref("print.printer_Canon_iP1600.print_orientation", 0);
user_pref("print.printer_Canon_iP1600.print_pagedelay", 500);
user_pref("print.printer_Canon_iP1600.print_paper_data", 9);
user_pref("print.printer_Canon_iP1600.print_paper_height", " 11,00");
user_pref("print.printer_Canon_iP1600.print_paper_size_type", 0);
user_pref("print.printer_Canon_iP1600.print_paper_size_unit", 1);
user_pref("print.printer_Canon_iP1600.print_paper_width", "  8,50");
user_pref("print.printer_Canon_iP1600.print_reversed", false);
user_pref("print.printer_Canon_iP1600.print_scaling", "  1,00");
user_pref("print.printer_Canon_iP1600.print_shrink_to_fit", true);
user_pref("print.printer_Canon_iP1600.print_to_file", false);
user_pref("print.printer_Canon_iP1600.print_to_filename", "");
user_pref("print.printer_Canon_iP1600.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Canon_iP1600.print_unwriteable_margin_left", 0);
user_pref("print.printer_Canon_iP1600.print_unwriteable_margin_right", 0);
user_pref("print.printer_Canon_iP1600.print_unwriteable_margin_top", 0);
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("privacy.clearOnShutdown.sessions", false);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("privacy.sanitize.timeSpan", 0);
user_pref("security.warn_entering_weak", false);
user_pref("security.warn_entering_weak.show_once", false);
user_pref("security.warn_submit_insecure", false);
user_pref("security.warn_submit_insecure.show_once", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show_once", false);
user_pref("services.sync.clients.lastSync", "0");
user_pref("services.sync.clients.lastSyncLocal", "0");
user_pref("services.sync.declinedEngines", "");
user_pref("services.sync.globalScore", 0);
user_pref("services.sync.migrated", true);
user_pref("services.sync.nextSync", 0);
user_pref("services.sync.tabs.lastSync", "0");
user_pref("services.sync.tabs.lastSyncLocal", "0");
user_pref("storage.vacuum.last.index", 0);
user_pref("storage.vacuum.last.places.sqlite", 1407760020);
user_pref("toolkit.startup.last_success", 1407832492);
user_pref("toolkit.telemetry.previousBuildID", "20140716183446");
user_pref("toolkit.telemetry.prompted", 2);
user_pref("toolkit.telemetry.rejected", true);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1297517042);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");
user_pref("xpinstall.whitelist.add.180", "");
user_pref("xpinstall.whitelist.add.36", "");

========= End of CMD: =========

EmptyTemp: => Removed 2 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

FRST:


FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:13-08-2014
Ran by root (administrator) on VISTA-SARAH on 13-08-2014 11:30:03
Running from C:\Users\Ulrike\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Windows\System32\PSIService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Cyberlink\Shared files\RichVideo.exe
(Apple Inc.) D:\Eigene Dateien Sarah\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Fujitsu Siemens Computers) C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [MBPlayer] => C:\Program Files\MB application\MBPlayer.exe [48640 2006-12-19] (MusicBrigade)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [EA Core] => C:\Program Files\Electronic Arts\EADM\Core.exe [3325952 2009-03-28] (Electronic Arts)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Run: [Logitech Vid] => "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4103437458-4055112347-3955121511-1000\...\MountPoints2: {53ba2e18-7129-11de-a368-0019dbf9a6d2} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125440 2006-11-02] (Microsoft Corporation)
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [UpgradeChecker] => C:\Users\Ulrike\AppData\Roaming\Apple\{4918B296-3A37-4B77-BD5B-BBF282120CD2}\UpgradeChecker.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Run: [iLivid] => "C:\Users\Ulrike\AppData\Local\iLivid\iLivid.exe" -autorun
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {4439ad29-ed98-11df-a55a-0019dbf9a6d2} - E:\USBAutoRun.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {a8ec11a8-fb76-11e3-b93a-0019dbf9a6d2} - E:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {c28635ed-43dc-11df-b1b5-0019dbf9a6d2} - E:\Startme.exe
HKU\S-1-5-21-4103437458-4055112347-3955121511-1002\...\MountPoints2: {f0b9cc8f-ad66-11dc-83a4-806e6f6e6963} - V:\Autorun.exe
Startup: C:\Users\root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
ShortcutTarget: Logitech . Produktregistrierung.lnk -> C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (No File)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicyUsers\S-1-5-21-4103437458-4055112347-3955121511-1003\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4103437458-4055112347-3955121511-1001\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
SearchScopes: HKCU - {B6E35D9F-85C8-4246-9E98-90FAA4ABA14E} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKCU - {F9956A95-CA9F-475D-9D72-5A4504AA37B6} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/de-de/wlscctrl2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\..\Interfaces\{5E7022F2-13CB-4FBB-B1E7-A00289EF29EA}: [NameServer]80.69.100.138,141.1.1.1

FireFox:
========
FF ProfilePath: C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> D:\Eigene Dateien Sarah\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Wortliste von hxxp://tkltrans.sf.net (alte und neue deutsche Rechtschreibung) - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default\Extensions\de-DE-comb@dictionaries.addons.mozilla.org [2008-10-03]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\root\AppData\Roaming\Mozilla\Firefox\Profiles\w4fwmrab.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-02-11]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2014-08-11]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-08-11]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-16]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-04]

Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-26]
CHR Extension: (Google Wallet) - C:\Users\root\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-26]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-04-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-05] (AVAST Software)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 ProtexisLicensing; c:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
R2 RichVideo; C:\Program Files\Cyberlink\Shared files\RichVideo.exe [244904 2008-06-27] () [File not signed]
R2 TestHandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [204800 2006-12-08] (Fujitsu Siemens Computers) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-04-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-04-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-04-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [776976 2014-04-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [411552 2014-04-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-04-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180760 2014-04-05] ()
R3 FET5X86V; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2007-04-17] (VIA Technologies, Inc.              )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S4 JRAID; C:\Windows\system32\drivers\jraid.sys [48256 2007-06-13] (JMicron Technology Corp.)
S3 LVPrcMon; C:\Windows\system32\drivers\LVPrcMon.sys [16768 2005-12-09] () [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-12] (Malwarebytes Corporation)
S4 viamraid; C:\Windows\system32\drivers\viamraid.sys [102912 2006-11-08] (VIA Technologies inc,.ltd)
R0 ViBus; C:\Windows\System32\DRIVERS\ViBus.sys [16896 2007-03-26] (VIA Technologies, Inc.)
R0 ViPrt; C:\Windows\System32\DRIVERS\ViPrt.sys [52224 2007-03-26] (VIA Technologies, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lvckap; \??\C:\Windows\system32\drivers\Lvckap.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 11:30 - 2014-08-13 11:30 - 00016832 _____ () C:\Users\Ulrike\Desktop\FRST.txt
2014-08-13 11:09 - 2014-08-13 11:09 - 00000000 ____D () C:\Users\Ulrike\Desktop\FRST-OlderVersion
2014-08-13 11:04 - 2014-08-13 11:01 - 00001461 _____ () C:\Users\Ulrike\Desktop\checkup.txt
2014-08-13 11:01 - 2014-08-13 11:01 - 00001461 _____ () C:\Users\root\Desktop\checkup.txt
2014-08-13 10:48 - 2014-08-13 10:48 - 00854410 _____ () C:\Users\Ulrike\Desktop\SecurityCheck.exe
2014-08-12 20:24 - 2014-08-12 20:24 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 20:19 - 2014-08-12 20:18 - 02347384 _____ (ESET) C:\Users\Ulrike\Desktop\esetsmartinstaller_deu.exe
2014-08-12 20:18 - 2014-08-12 20:18 - 02347384 _____ (ESET) C:\Users\Ulrike\Downloads\esetsmartinstaller_deu.exe
2014-08-12 20:10 - 2014-08-12 20:10 - 00000949 _____ () C:\Users\Ulrike\Desktop\JRT.txt
2014-08-12 20:09 - 2014-08-12 20:09 - 00000949 _____ () C:\Users\root\Desktop\JRT.txt
2014-08-12 19:47 - 2014-08-12 19:47 - 00000000 ____D () C:\Users\root\AppData\Roaming\AVAST Software
2014-08-12 11:03 - 2014-08-12 11:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 11:01 - 2014-08-12 10:53 - 00004330 _____ () C:\Users\Ulrike\Desktop\AdwCleaner[S0].txt
2014-08-12 10:51 - 2014-08-12 10:52 - 00000000 ____D () C:\c13e67303da74dbaeca1
2014-08-12 10:51 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-12 10:49 - 2014-08-12 10:53 - 00000000 ____D () C:\AdwCleaner
2014-08-12 10:42 - 2014-08-12 10:42 - 01016261 _____ (Thisisu) C:\Users\Ulrike\Desktop\JRT.exe
2014-08-12 10:41 - 2014-08-12 10:42 - 01016261 _____ (Thisisu) C:\Users\Ulrike\Downloads\JRT.exe
2014-08-12 10:40 - 2014-08-12 10:38 - 01366203 _____ () C:\Users\Ulrike\Desktop\adwcleaner_3.304.exe
2014-08-12 10:38 - 2014-08-12 10:38 - 01366203 _____ () C:\Users\Ulrike\Downloads\adwcleaner_3.304.exe
2014-08-11 14:57 - 2014-08-11 19:52 - 00091802 _____ () C:\Users\Ulrike\Downloads\Addition.txt
2014-08-11 14:55 - 2014-08-13 11:30 - 00000000 ____D () C:\FRST
2014-08-11 14:55 - 2014-08-11 19:52 - 00026178 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-08-11 14:53 - 2014-08-13 11:09 - 01092096 _____ (Farbar) C:\Users\Ulrike\Desktop\FRST.exe
2014-08-11 14:35 - 2014-08-11 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 13:58 - 2014-08-11 13:58 - 00001921 _____ () C:\Users\Ulrike\Desktop\malware.txt
2014-08-11 11:25 - 2014-08-12 19:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-11 11:25 - 2014-08-11 11:25 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:25 - 2014-08-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-11 11:24 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-11 11:24 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-11 11:21 - 2014-08-11 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ulrike\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 12:08 - 2014-08-09 12:08 - 00155432 _____ () C:\Windows\Minidump\Mini080914-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-13 11:31 - 2014-08-13 11:30 - 00016832 _____ () C:\Users\Ulrike\Desktop\FRST.txt
2014-08-13 11:30 - 2014-08-11 14:55 - 00000000 ____D () C:\FRST
2014-08-13 11:30 - 2007-12-19 15:07 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{562793F0-D950-4A92-BFFB-D396560F5ECA}.job
2014-08-13 11:30 - 2007-12-18 15:43 - 00000418 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{2F7ADF65-47B0-4D3C-A955-AFA893897013}.job
2014-08-13 11:27 - 2009-12-25 16:58 - 00000000 ____D () C:\Users\Ulrike\Tracing
2014-08-13 11:26 - 2014-04-05 11:53 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-13 11:26 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-13 11:26 - 2006-11-02 14:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-13 11:25 - 2007-10-17 15:56 - 00244790 _____ () C:\Windows\PFRO.log
2014-08-13 11:25 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-13 11:24 - 2007-12-18 14:48 - 01490653 _____ () C:\Windows\WindowsUpdate.log
2014-08-13 11:24 - 2006-11-02 15:01 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-13 11:09 - 2014-08-13 11:09 - 00000000 ____D () C:\Users\Ulrike\Desktop\FRST-OlderVersion
2014-08-13 11:09 - 2014-08-11 14:53 - 01092096 _____ (Farbar) C:\Users\Ulrike\Desktop\FRST.exe
2014-08-13 11:01 - 2014-08-13 11:04 - 00001461 _____ () C:\Users\Ulrike\Desktop\checkup.txt
2014-08-13 11:01 - 2014-08-13 11:01 - 00001461 _____ () C:\Users\root\Desktop\checkup.txt
2014-08-13 10:54 - 2012-07-25 13:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-13 10:48 - 2014-08-13 10:48 - 00854410 _____ () C:\Users\Ulrike\Desktop\SecurityCheck.exe
2014-08-13 10:39 - 2014-04-05 11:53 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-12 20:24 - 2014-08-12 20:24 - 00000000 ____D () C:\Program Files\ESET
2014-08-12 20:22 - 2006-11-02 12:33 - 01461736 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-12 20:18 - 2014-08-12 20:19 - 02347384 _____ (ESET) C:\Users\Ulrike\Desktop\esetsmartinstaller_deu.exe
2014-08-12 20:18 - 2014-08-12 20:18 - 02347384 _____ (ESET) C:\Users\Ulrike\Downloads\esetsmartinstaller_deu.exe
2014-08-12 20:10 - 2014-08-12 20:10 - 00000949 _____ () C:\Users\Ulrike\Desktop\JRT.txt
2014-08-12 20:09 - 2014-08-12 20:09 - 00000949 _____ () C:\Users\root\Desktop\JRT.txt
2014-08-12 19:51 - 2014-02-28 10:08 - 00000680 _____ () C:\Users\Ulrike\AppData\Local\d3d9caps.dat
2014-08-12 19:50 - 2014-08-11 11:25 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 19:50 - 2007-12-29 17:23 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D0316E42-18F8-4AD3-98B5-BC660DCACB02}.job
2014-08-12 19:49 - 2014-04-05 11:54 - 00001969 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 19:48 - 2009-11-02 15:51 - 00000000 ____D () C:\Users\root\AppData\Roaming\Skype
2014-08-12 19:47 - 2014-08-12 19:47 - 00000000 ____D () C:\Users\root\AppData\Roaming\AVAST Software
2014-08-12 11:03 - 2014-08-12 11:03 - 00000000 ____D () C:\Windows\ERUNT
2014-08-12 10:53 - 2014-08-12 11:01 - 00004330 _____ () C:\Users\Ulrike\Desktop\AdwCleaner[S0].txt
2014-08-12 10:53 - 2014-08-12 10:49 - 00000000 ____D () C:\AdwCleaner
2014-08-12 10:52 - 2014-08-12 10:51 - 00000000 ____D () C:\c13e67303da74dbaeca1
2014-08-12 10:50 - 2013-09-04 14:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 10:42 - 2014-08-12 10:42 - 01016261 _____ (Thisisu) C:\Users\Ulrike\Desktop\JRT.exe
2014-08-12 10:42 - 2014-08-12 10:41 - 01016261 _____ (Thisisu) C:\Users\Ulrike\Downloads\JRT.exe
2014-08-12 10:38 - 2014-08-12 10:40 - 01366203 _____ () C:\Users\Ulrike\Desktop\adwcleaner_3.304.exe
2014-08-12 10:38 - 2014-08-12 10:38 - 01366203 _____ () C:\Users\Ulrike\Downloads\adwcleaner_3.304.exe
2014-08-11 19:52 - 2014-08-11 14:57 - 00091802 _____ () C:\Users\Ulrike\Downloads\Addition.txt
2014-08-11 19:52 - 2014-08-11 14:55 - 00026178 _____ () C:\Users\Ulrike\Downloads\FRST.txt
2014-08-11 19:42 - 2012-06-23 14:29 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-11 14:35 - 2014-08-11 14:35 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-11 13:58 - 2014-08-11 13:58 - 00001921 _____ () C:\Users\Ulrike\Desktop\malware.txt
2014-08-11 11:54 - 2012-07-25 13:31 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-11 11:54 - 2011-08-08 01:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-11 11:25 - 2014-08-11 11:25 - 00000905 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-11 11:25 - 2014-08-11 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 11:24 - 2014-08-11 11:24 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2014-08-11 11:21 - 2014-08-11 11:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Ulrike\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-09 12:08 - 2014-08-09 12:08 - 00155432 _____ () C:\Windows\Minidump\Mini080914-01.dmp
2014-08-09 12:08 - 2009-05-17 17:12 - 156135202 _____ () C:\Windows\MEMORY.DMP
2014-08-09 12:08 - 2009-05-17 17:12 - 00000000 ____D () C:\Windows\Minidump
2014-08-08 18:19 - 2007-12-25 15:10 - 00000848 ___SH () C:\Windows\system32\KGyGaAvL.sys
2014-08-05 09:20 - 2009-10-02 20:26 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-13 10:39

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 13.08.2014, 12:37   #15
Warlord711
/// TB-Ausbilder
 
Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Standard

Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2



Code:
ATTFilter
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("privacy.clearOnShutdown.sessions", false);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("privacy.sanitize.timeSpan", 0);
user_pref("security.warn_entering_weak", false);
user_pref("security.warn_entering_weak.show_once", false);
user_pref("security.warn_submit_insecure", false);
user_pref("security.warn_submit_insecure.show_once", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show_once", false);
         
ESET hat Änderungen an den Sicherheitseinstellungen von Firefox gemeldet, ist das bekannt oder gewollt ? GGf. https://support.mozilla.org/de/kb/fi...-zurakcksetzen

Ansonsten sind die Logs jetzt sauber.

Was aber viel wichtiger ist:

Dein Java ist nicht mehr aktuell.
Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 67 ) herunter laden.
  • Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
  • Klicke erneut OK.
schneller Plugin-Test: PluginCheck


Update: Adobe Reader
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Haken für den McAfee SecurityScan bzw. Google Chrome.

Windows Updates+ Service Pack fehlen komplett ! !
Internet Explorer updaten !


Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter
Mache das so lange bis du nichts mehr angeboten bekommst
Du musst dafür mit den Internet Explorer ins Netz gehen
Wenn du dies mit FireFox durchführen willst musst Du vorher das Addon IE View installieren


HijackThis kannst du komplett löschen, das ist absolut veraltet.


Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
  2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
    • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
    • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
    • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
  3. Downloade Dir bitte auf jeden Fall DelFix Download DelFix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
    • Starte deinen Rechner abschließend neu.
  4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.



Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems.


Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7 / 8 : Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti-Viren-Programm und zusätzlicher Schutz
  • Gehe sicher, dass du immer nur eine Anti-Viren Software installiert hast und dass diese auch up to date ist!
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion bietet zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • AdwCleaner
    Dieses Tool erkennt eine Vielzahl von Werbeprogrammen (Adware) und unerwümschten Programmen (PUPs).
    Starte das Tool einmal die Woche und lass es laufen. Sollte eine neue Version verfügbar sein, so wird dies angezeigt und du kannst dir die neueste Version direkt auf den Desktop downloaden.
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • WOT (Web of trust)
    Dieses AddOn warnt dich, bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser
Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Mozilla Firefox
  • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt, wenn Du es bestätigst.
  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart außerdem Downloadkapazität.


Performance
  • Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
  • Halte dich fern von Registry Cleanern.
    Diese Schaden deinem System mehr als dass sie helfen. Hier ein englischer Link:
    Miekemoes Blogspot ( MVP )


Was du vermeiden solltest:
  • Klicke nicht auf alles, nur weil es dich dazu auffordert und schön bunt ist.
  • Verwende keine P2P oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie z.B. deinFoto.jpg.exe.
  • Lade keine Software von Softonic oder Chip herunter, da diese Installer oft mit Adware oder unerünschter Software versehen sind!



Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie | Spende | Lob & Kritik

Antwort

Themen zu Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2
anti-malware, folgendes, gespeichert, java/exploit.cve-2012-4681.bd, js/securitydisabler.a.gen, malwarebytes, problem gelöst, quarantäne, sprache, vista home premium, win32/adware.bandoo.ad, win32/bundled.toolbar.ask, win32/bundled.toolbar.ask.g, win32/soffer.a, win32/somoto.d, win32/toolbar.searchsuite.g, win32/toolbar.searchsuite.p, win32/toolbar.searchsuite.q, win64/adware.bandoo.a, windows vista



Ähnliche Themen: Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2


  1. Verständnis Frage; Malwarebytes Anti-Malware vs. Malwarebytes Anti-Rootkit
    Antiviren-, Firewall- und andere Schutzprogramme - 21.12.2014 (3)
  2. Malwarebytes Anti-Malware meldet beim Scan Funde!
    Plagegeister aller Art und deren Bekämpfung - 30.11.2014 (11)
  3. PUP Funde nach Scan mit Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (15)
  4. Extrem viele Funde mit AVIRA und Malwarebytes
    Log-Analyse und Auswertung - 24.03.2014 (13)
  5. Doppelter Trojan.SpyEyes-Fund nach Scan mit Malwarebytes Anti-Malware
    Log-Analyse und Auswertung - 19.03.2014 (11)
  6. Malwarebytes Anti-Malware hat 5 Funde.
    Plagegeister aller Art und deren Bekämpfung - 05.03.2014 (5)
  7. Win7-64 Malwarebytes viele Funde, Snapdo
    Log-Analyse und Auswertung - 19.01.2014 (11)
  8. Malwarebytes Log - Viele Funde
    Log-Analyse und Auswertung - 08.09.2013 (7)
  9. Malwarebytes Log analyse (viele Funde!)
    Log-Analyse und Auswertung - 20.08.2013 (14)
  10. Windows Vista, PC wird immer langsamer, CPU immer hoch, Malwarebytes Anti-Malware Funde
    Log-Analyse und Auswertung - 15.08.2013 (13)
  11. Malwarebytes Anti-Malware: Pfund eines Trojaners, Antivir: keine Funde
    Log-Analyse und Auswertung - 08.08.2013 (7)
  12. Exploit Shield zu Malwarebytes Anti-Exploit
    Antiviren-, Firewall- und andere Schutzprogramme - 09.07.2013 (4)
  13. GVU Trojaner-Problem!(Exploit.Drop.GS;Exploit.drop.GSA;trojan.ransom.SUGen;--->Malwarebytes-Funde)
    Plagegeister aller Art und deren Bekämpfung - 02.03.2013 (6)
  14. Viele Bedrohung in Malwarebytes Anti-Malware
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (4)
  15. Email Accounts gehackt! Malwarebytes-Anti Malware Funde: Trojan.Refroso uvm. Wer kann mir helfen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (3)
  16. Mehrere Funde mit Malwarebytes: Malware.Packer.Gen, Spyware.SpyEyes (3x), Trojan.Agent (2x)
    Plagegeister aller Art und deren Bekämpfung - 10.08.2010 (29)
  17. 7 Funde von Malwarebytes' Anti-Malware
    Log-Analyse und Auswertung - 29.06.2009 (9)

Zum Thema Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 - Hallo zusammen. Ich hab folgendes Problem. Ich war seit längerer Zeit wieder zuhause und habe mir den Rechner meiner Schwester angeschaut und zur Überprüfung Malwarebytes Anti-Malware drüber laufen lassen und - Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2...
Archiv
Du betrachtest: Malwarebytes Anti-Malware viele Funde, z.B. SpyEyes, Exploit.Drop2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.