Interneteinstellungen nach Wajam-Adware nicht mehr korrekt

Phantom686 · 24.10.2014, 17:29

Hallo!
Ich habe folgendes Problem: Am Dienstag hatte mein Avira die Adware Wajam festgestellt. Daraufhin habe ich den Ordner, in dem sich Wajam befand und die registry-Einträge der conduit powerbar gelöscht.
Jetzt stellte sich heraus, dass mein Avira keine Updates mehr ausführt, ich Programme, wie z.Bsp. Battlenet nicht mehr starten kann und generell keine Updates aus dem Internet mehr gezogen werden können.
Ich werde immer wieder darauf verwiesen, meine Verbindungseinstellungen zu prüfen. Habe bei Firefox "kein proxy" eingestellt. Da ich aber mehr der Casual-User bin, bin ich nun hoffnungslos überfragt, was ich noch tun kann.
Bitte um Hilfe!

P.S.: Sagt bitte Bescheid, wenn noch weitere Daten benötigt werden.

schrauber · 24.10.2014, 18:17

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Phantom686 · 24.10.2014, 18:27

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by Kay (administrator) on PHANTOM on 24-10-2014 19:24:21
Running from C:\Users\Kay\Downloads
Loaded Profile: Kay (Available profiles: Kay)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_189.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-07] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7703072 2009-08-04] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1778552 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1797488 2011-01-07] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-1303415537-1578894861-2608566799-1000\...\Run: [uvEWQXCeAJwf] => C:\ProgramData\uvEWQXCeAJwf.exe
HKU\S-1-5-21-1303415537-1578894861-2608566799-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKU\S-1-5-21-1303415537-1578894861-2608566799-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-1303415537-1578894861-2608566799-1000\...\MountPoints2: {3443b07f-cb56-11e0-88d9-4061867cae7a} - I:\LaunchU3.exe -a
HKU\S-1-5-21-1303415537-1578894861-2608566799-1000\...\MountPoints2: {68f9f898-4da4-11df-8dd4-4061867cae7a} - I:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:54698;https=127.0.0.1:54698;
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com
SearchScopes: HKLM - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-314&apn_uid=6515145260214504&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {52db1893-8a90-4192-aede-08e00b8f8473} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=102&systemid=473&v=a13277-314&apn_uid=6515145260214504&apn_dtid=BND101&o=APN10640&apn_ptnrs=AG1&q={searchTerms}
SearchScopes: HKCU - {7CC622AE-F3D6-4F9D-93F3-8497BB5E7F4E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=b9159960-69e0-4132-b253-2e933d5f61ed&apn_sauid=470C6873-553F-4780-ABB0-1B86037F6DC9
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Ask Toolbar -> {41545534-0076-A76A-76A7-7A786E7484D7} -> "C:\Program Files\AskPartnerNetwork\Toolbar\ATU4\Passport.dll" No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Ask Toolbar - {41545534-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ATU4\Passport.dll" No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Ask Toolbar - {41545534-0076-A76A-76A7-7A786E7484D7} - "C:\Program Files\AskPartnerNetwork\Toolbar\ATU4\Passport.dll" No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: Ask.com
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.ChatVibes.com/?q=
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.4 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\searchplugins\ask-web-search.xml
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\searchplugins\Ask.xml
FF SearchPlugin: C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\abs@avira.com [2014-10-01]
FF Extension: Fast Start - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\faststartff@gmail.com [2014-07-11]
FF Extension: aTube Toolbar - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\toolbar@ask.com [2011-08-10]
FF Extension: GMX MailCheck - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\toolbar@gmx.net [2014-09-19]
FF Extension: Zynga  - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2014-09-29]
FF Extension: Movies Toolbar (Dist. by Somoto Ltd.) - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\{c75a2d66-6d1d-4735-8f63-9d85dcc026a6} [2014-04-11]
FF Extension: Ask Toolbar - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\toolbar_ATU4@apn.ask.com.xpi [2013-03-19]
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26]
FF Extension: ChatVibes Toolbar - C:\Users\Kay\AppData\Roaming\Mozilla\Firefox\Profiles\y6f1em44.default\Extensions\{8B52078D-B630-4B00-A0AB-54D51CEDD9AB}.xpi [2011-10-06]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Kay\AppData\Roaming\5015
FF Extension: Java String Helper - C:\Users\Kay\AppData\Roaming\5015 [2011-06-01]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome: 
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [994552 2014-10-07] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
S3 DAUpdaterSvc; C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-07-26] (BioWare)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1155072 2009-02-03] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [26112 2010-04-29] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-08] (Avira Operations GmbH & Co. KG)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-30] (Avira GmbH)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 19:24 - 2014-10-24 19:24 - 00015655 _____ () C:\Users\Kay\Downloads\FRST.txt
2014-10-24 19:24 - 2014-10-24 19:24 - 00000000 ____D () C:\FRST
2014-10-24 19:23 - 2014-10-24 19:24 - 01103360 _____ (Farbar) C:\Users\Kay\Downloads\FRST.exe
2014-10-24 17:49 - 2014-10-24 17:49 - 02868792 _____ (Blizzard Entertainment) C:\Users\Kay\Downloads\Battle.net-Setup-deDE.exe
2014-10-24 01:39 - 2014-10-24 01:39 - 00991232 _____ () C:\Users\Kay\Downloads\MicrosoftFixit50267.msi
2014-10-24 00:34 - 2014-10-24 00:40 - 00000000 ____D () C:\Windows\pss
2014-10-24 00:10 - 2014-10-24 00:10 - 00130123 _____ () C:\Users\Kay\Downloads\FRITZ.Box Fon WLAN 7112 (UI) 87.04.88_24.10.14_0010.export
2014-10-23 00:02 - 2014-10-23 00:02 - 00937896 _____ (Oracle Corporation) C:\Users\Kay\Downloads\jre-7u71-windows-i586-iftw.exe
2014-10-22 23:56 - 2014-10-23 00:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 23:56 - 2014-10-22 23:56 - 00638888 _____ (Oracle Corporation) C:\Users\Kay\Downloads\jxpiinstall.exe
2014-10-22 23:51 - 2014-10-22 23:51 - 00000963 _____ () C:\Users\Kay\Desktop\checkup.txt
2014-10-22 23:33 - 2014-10-22 23:33 - 00854448 _____ () C:\Users\Kay\Downloads\SecurityCheck.exe
2014-10-22 23:29 - 2014-10-22 23:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Kay\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-22 22:54 - 2014-10-24 19:07 - 00000000 ____D () C:\AdwCleaner
2014-10-22 22:53 - 2014-10-22 22:53 - 01962496 _____ () C:\Users\Kay\Desktop\adwcleaner_4.001.exe
2014-10-22 04:35 - 2014-10-22 04:35 - 03083832 _____ (Blizzard Entertainment) C:\Users\Kay\Downloads\Heroes-of-the-Storm-Setup-deDE.exe
2014-10-21 23:36 - 2014-10-21 23:34 - 00262144 _____ () C:\Users\Kay\Downloads\BDEFB251-D2B5-48E1-9E71-E7DDFA9B1D60.Diagnose.0.etl
2014-10-13 14:48 - 2014-10-24 00:50 - 00001103 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-28 03:23 - 2014-09-28 03:23 - 00000000 ____D () C:\Users\Kay\AppData\Roaming\Arrowhead
2014-09-28 03:23 - 2014-09-28 03:23 - 00000000 ____D () C:\Program Files\AGEIA Technologies
2014-09-28 02:19 - 2014-09-28 02:19 - 00000216 _____ () C:\Users\Kay\Desktop\Gauntlet.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 19:16 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:16 - 2009-07-14 06:34 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 19:09 - 2009-11-16 13:39 - 00133352 _____ () C:\Windows\PFRO.log
2014-10-24 19:09 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 19:09 - 2009-07-14 06:39 - 00358112 _____ () C:\Windows\setupact.log
2014-10-24 19:08 - 2010-02-04 12:57 - 01568495 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 18:44 - 2012-04-03 21:57 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by Kay at 2014-10-24 19:24:58
Running from C:\Users\Kay\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Disabled - Out of date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Out of date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

337 GAMES (HKCU\...\337Games) (Version: 1.1.1.0 - ) <==== ATTENTION
888poker (HKLM\...\888poker) (Version:  - )
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.42.34 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader X (10.1.5) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.2.602 - Adobe Systems, Inc.)
ALDI Foto Service (HKLM\...\ALDI Foto Service D) (Version: 4.5.9.141 - MAGIX AG)
ALDI Nord Foto Manager Free (HKLM\...\ALDI Nord Foto Manager Free D) (Version: 6.0.1.491 - MAGIX AG)
Aldi Nord Fotoservice (HKLM\...\Aldi Nord Fotoservice_is1) (Version:  - )
ALDI Nord Online Druck Service (HKLM\...\ALDI Nord Online Druck Service D) (Version: 4.5.1.0 - MAGIX AG)
ANNO 1602 (HKLM\...\{84F7CAD9-2316-4701-B5CA-E90FD60029E9}) (Version: 1.05 - )
ANNO 1602 (HKLM\...\ANNO1602) (Version:  - )
Ask Toolbar (HKLM\...\{41545534-0076-A76A-76A7-A758B70C1200}) (Version: 12.18.0.3116 - APN, LLC) <==== ATTENTION
aTube Catcher (HKLM\...\aTube Catcher) (Version: 3.8.7955 - DsNET Corp)
aTube Catcher Version 3.8 (HKLM\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C1200}) (Version: 12.18.0.3051 - APN, LLC)
Baldur's Gate II Enhanced Edition (HKLM\...\Baldur's Gate II Enhanced Edition) (Version: 0.2.8.0 - Beamdog)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
Carmageddon (HKLM\...\CarmageddonDeinstKey) (Version:  - )
Carmageddon II - Carpocalypse Now (HKLM\...\Carmageddon II - Carpocalypse Now) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel MediaOne (HKLM\...\{A062A15F-9CAC-4B88-98DF-87628A0BD721}) (Version: 2.100.0000 - Corel Corporation)
CorelDRAW Essential Edition 3 (HKLM\...\_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}) (Version:  - Corel Corporation)
CorelDRAW Essential Edition 3 (Version: 3.0 - Corel Corporation) Hidden
CyberLink LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3213 - CyberLink Corp.)
CyberLink Power2Go (Version: 6.1.3213 - CyberLink Corp.) Hidden
CyberLink PowerDVD Copy (HKLM\...\{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.0.6720 - CyberLink Corp.)
DayZ (HKLM\...\Steam App 221100) (Version:  - Bohemia Interactive)
DE (Version: 3.0 - Corel Corporation) Hidden
Diablo (HKLM\...\Diablo) (Version:  - )
Diablo II (HKLM\...\Diablo II) (Version:  - )
Diablo III (HKLM\...\Diablo III) (Version:  - Blizzard Entertainment)
Diablo III Beta (HKLM\...\Diablo III Beta) (Version:  - Blizzard Entertainment)
Diablo III Public Test (HKLM\...\Diablo III Public Test) (Version:  - Blizzard Entertainment)
Dragon Age: Origins (HKLM\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.00 - Electronic Arts, Inc.)
Everest Poker (Remove Only) (HKLM\...\Everest Poker) (Version:  - )
Far Cry 3 (HKLM\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Firebird SQL Server - MAGIX Edition (HKLM\...\{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}) (Version: 2.1.23.0 - MAGIX AG)
FM Screen Capture Codec (Remove Only) (HKLM\...\FMCODEC) (Version:  - )
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.40.5.WIN.FullTilt.COM - )
Gauntlet™  (HKLM\...\Steam App 258970) (Version:  - Arrowhead Game Studios)
Grand Theft Auto (HKLM\...\Grand Theft Auto) (Version:  - )
Greenshot 1.1.7.17 (HKLM\...\Greenshot_is1) (Version: 1.1.7.17 - Greenshot)
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hellfire (HKLM\...\Hellfire) (Version:  - )
Heroes of Might & Magic V: Hammers of Fate (HKLM\...\{66FF4C48-0083-4E60-8556-B883AB200091}) (Version:  - )
Heroes of Might and Magic V - Tribes of the East (HKLM\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM\...\{20071984-5EB1-4881-8EDB-082532ACEC6D}) (Version:  - )
HyperSnap 7 (HKLM\...\HyperSnap 7) (Version: 7.16.03 - Hyperionics Technology LLC)
Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.0.1037 - Intel Corporation)
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEDION Fotos auf CD & DVD SE Nord (HKLM\...\MEDION Fotos auf CD & DVD SE Nord D) (Version: 8.0.3.4 - MAGIX AG)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.0 (HKLM\...\{CD232781-26CA-4E18-BC70-4343A2F0D583}) (Version: 8.01.249.0 - Microsoft)
Microsoft IntelliType Pro 8.0 (HKLM\...\{663E0F1B-0591-417B-B10E-58808927FEB9}) (Version: 8.01.249.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.4 (HKLM\...\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}) (Version: 2.0.3008.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [DEU] (HKLM\...\{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM\...\{39D0E034-1042-4905-BECB-5502909FCB7C}) (Version: 9.7.0621 - Microsoft Corporation)
Might & Magic Heroes VI (HKLM\...\{745D37C2-26F4-4B65-BA13-F9840EBFA75B}) (Version: 1.7.1 - Ubisoft)
Movies Toolbar for Firefox (Dist. by Somoto Ltd.) (HKLM\...\somotomoviestoolbar181FF) (Version: 1.8.1.0 - IAC Search and Media) <==== ATTENTION
Mozilla Firefox 33.0 (x86 de) (HKLM\...\Mozilla Firefox 33.0 (x86 de)) (Version: 33.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
nationzoom Browser Protecter (HKLM\...\nationzoom Browser Protecter) (Version:  - nationzoom) <==== ATTENTION
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 1.6 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version:  - )
PartyPoker (HKLM\...\PartyPoker) (Version:  - PartyGaming)
PatchBeam (HKLM\...\PatchBeam) (Version: 1.20 - ConeXware, Inc.)
Path of Exile (HKLM\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 0.10.3.23642 - Grinding Gear Games)
Plants vs. Zombies (HKLM\...\Plants vs. Zombies) (Version:  - PopCap Games)
PokerEdge 5.0.3.19 (HKLM\...\PokerEdge) (Version: 5.0.3.19 - )
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PokerStars.net (HKLM\...\PokerStars.net) (Version:  - PokerStars.net)
PowerArchiver 2013 (HKLM\...\PowerArchiver 2013 14.05.02) (Version: 14.05.02 - ConeXware, Inc.)
PowerArchiver 2013 (Version: 14.05.02 - ConeXware, Inc.) Hidden
Private Folder & Playlist (HKLM\...\{F25E3175-79E9-47D4-ABDA-1392EB894C1B}) (Version: 1.00 - argosy)
QuickTime 3.0 (HKLM\...\QuickTime 3.0) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5910 - Realtek Semiconductor Corp.)
RESIDENT EVIL 5 (HKLM\...\{AC08BBA0-96B9-431A-A7D0-D8598E493775}) (Version: 1.0.0.129 - CAPCOM CO., LTD.)
SCARFACE: THE WORLD IS YOURS (HKLM\...\InstallShield_{50A1E01F-21A4-4FB9-B0BA-76CEB5D8D5F5}) (Version: 1.00.0000 - Sierra Entertainment)
SCARFACE: THE WORLD IS YOURS (Version: 1.00.0000 - Sierra Entertainment) Hidden
Screenshot Captor 4.8 (HKLM\...\ScreenshotCaptor_is1) (Version:  - )
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SopCast 3.2.9 (HKLM\...\SopCast) (Version: 3.2.9 - www.sopcast.com)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Tomb Raider II (HKLM\...\Tomb Raider II) (Version:  - )
Tomb Raider: Anniversary 1.0 (HKLM\...\Tomb Raider: Anniversary) (Version:  - )
Total Annihilation - Battle Tactics (HKLM\...\Total Annihilation - Battle Tactics) (Version:  - )
Total Annihilation - Die Core-Offensive (HKLM\...\Total Annihilation - Die Core-Offensive) (Version:  - )
Total Annihilation (HKLM\...\Total Annihilation) (Version:  - )
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update Manager (Version: 4.60 - Corel Corporation) Hidden
VLC Streamer 2.52 (HKLM\...\VLC Streamer_is1) (Version:  - )
Warcraft III (HKLM\...\Warcraft III) (Version:  - )
Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )
Warhammer 40,000: Dawn of War – Dark Crusade (HKLM\...\Steam App 4580) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War - Game of the Year Edition (HKLM\...\Steam App 4570) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War – Soulstorm (HKLM\...\Steam App 9450) (Version:  - Relic Entertainment)
Warhammer 40,000: Dawn of War – Winter Assault (HKLM\...\Steam App 9310) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II - Chaos Rising™ (HKLM\...\Steam App 20570) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM\...\Steam App 56400) (Version:  - Relic Entertainment)
Warhammer® 40,000™: Dawn of War® II (HKLM\...\Steam App 15620) (Version:  - Relic Entertainment)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1303415537-1578894861-2608566799-1000_Classes\CLSID\{1c492e6a-2803-5ed7-83e1-1b1d4d41eb39}\InprocServer32 -> C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
CustomCLSID: HKU\S-1-5-21-1303415537-1578894861-2608566799-1000_Classes\CLSID\{4a30e683-5254-45a8-a825-0f70908a86d4}\InprocServer32 -> C:\Program Files\HyperSnap 7\ThumbDhs32.dll ()
CustomCLSID: HKU\S-1-5-21-1303415537-1578894861-2608566799-1000_Classes\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632}\InprocServer32 -> C:\Users\Kay\AppData\Roaming\AcroIEHelpe031.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2011-04-05 21:18 - 00431614 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	www.123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {3D6C0967-C3E8-4386-A4F4-8EC19C5FB8FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-20] (Adobe Systems Incorporated)
Task: {45D7EC84-C5BA-47C2-9F29-002710B0F7E1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-01-07] (Microsoft Corporation)
Task: {510CFC08-5BAC-454A-9FE5-912BADD84595} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-01-07] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2009-11-16 15:20 - 2009-10-02 14:18 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00619816 ____N () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2009-06-03 21:59 - 2009-06-03 21:59 - 00013096 ____N () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2014-06-18 11:21 - 2014-10-22 12:44 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-10-20 12:11 - 2014-10-20 12:11 - 16832176 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_189.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: ProtexisLicensing => 2

========================= Accounts: ==========================

Administrator (S-1-5-21-1303415537-1578894861-2608566799-500 - Administrator - Disabled)
Gast (S-1-5-21-1303415537-1578894861-2608566799-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1303415537-1578894861-2608566799-1003 - Limited - Enabled)
Kay (S-1-5-21-1303415537-1578894861-2608566799-1000 - Administrator - Enabled) => C:\Users\Kay

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/24/2014 00:43:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 6fc

Startzeit: 01cfef1277ec3546

Endzeit: 0

Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID: fd4afdb6-5b05-11e4-83ff-4061867cae7a

Error: (10/23/2014 00:16:39 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={28D07B01-8137-4BFC-9A67-4ED63174CBE6}: Der Benutzer "Phantom\Kay" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 651.

Error: (10/23/2014 00:16:01 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={A4EEA077-5E38-4F82-86F6-88574F8DDEBE}: Der Benutzer "Phantom\Kay" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (10/23/2014 00:15:13 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={4AA8636C-6377-4839-9BE7-16FA4974BD8A}: Der Benutzer "Phantom\Kay" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (10/23/2014 00:15:11 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoID={5CC2AA89-AE12-46F3-8B1A-DE3B0E63D2BA}: Der Benutzer "Phantom\Kay" hat eine Verbindung mit dem Namen "Breitbandverbindung" gewählt, die Verbindung konnte jedoch nicht hergestellt werden. Der durch den Fehler zurückgegebene Ursachencode lautet: 0.

Error: (10/22/2014 11:17:10 PM) (Source: MsiInstaller) (EventID: 10005) (User: Phantom)
Description: Produkt: Ask Toolbar -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren: 

Mozilla Firefox

Error: (10/22/2014 10:44:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: update_checker.exe, Version: 4.3.0.0, Zeitstempel: 0x525d9c67
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00055fb6
ID des fehlerhaften Prozesses: 0x1014
Startzeit der fehlerhaften Anwendung: 0xupdate_checker.exe0
Pfad der fehlerhaften Anwendung: update_checker.exe1
Pfad des fehlerhaften Moduls: update_checker.exe2
Berichtskennung: update_checker.exe3

Error: (10/22/2014 00:30:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: update_checker.exe, Version: 4.3.0.0, Zeitstempel: 0x525d9c67
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7b96e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00056b0d
ID des fehlerhaften Prozesses: 0xc68
Startzeit der fehlerhaften Anwendung: 0xupdate_checker.exe0
Pfad der fehlerhaften Anwendung: update_checker.exe1
Pfad des fehlerhaften Moduls: update_checker.exe2
Berichtskennung: update_checker.exe3

Error: (10/22/2014 04:31:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (10/22/2014 04:31:20 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (10/24/2014 07:25:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:24:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:24:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:23:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:23:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:22:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:22:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:21:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:21:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126

Error: (10/24/2014 07:20:43 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet: 
%%126


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 46%
Total physical RAM: 3063.11 MB
Available physical RAM: 1640.01 MB
Total Pagefile: 6124.51 MB
Available Pagefile: 4155.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1873.96 MB

==================== Drives ================================

Drive c: (Computer) (Fixed) (Total:910.41 GB) (Free:303.09 GB) NTFS
Drive d: (Recover) (Fixed) (Total:20 GB) (Free:11.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F98D6E74)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=910.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================

--- --- ---

schrauber · 25.10.2014, 14:28

Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

337 GAMES

Ask Toolbar

Movies Toolbar for Firefox

nationzoom Browser Protecter
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Interneteinstellungen nach Wajam-Adware nicht mehr korrekt

Plagegeister aller Art und deren Bekämpfung: Interneteinstellungen nach Wajam-Adware nicht mehr korrekt