Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner sehr hartnäckig- habe frst.txt erstellt und weiß nun nicht weiter (https://www.trojaner-board.de/160474-gvu-trojaner-sehr-hartnaeckig-habe-frst-txt-erstellt-weiss.html)

cosinus 07.11.2014 11:31
Gut, dann mach jetzt bitte im normalen Modus weiter mit Combofix:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Jokeer 08.11.2014 06:01
Vielen Dank, ich werde es heute Nacht oder morgen früh machen, da ich vorher nicht an diesem PC bin. Werde mich dann hier wieder melden.

Code:
ComboFix 14-11-03.01 - Martin 08.11.2014  5:42.1.4 - x64
ausgeführt von:: c:\users\Martin\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\programdata\2433f433
c:\programdata\SaveSenseLive
c:\programdata\SaveSenseLive\Update\Log\SaveSenseLive.log
c:\users\Martin\AppData\Roaming\2433f433
c:\users\Martin\AppData\Roaming\Deubin
c:\users\Martin\AppData\Roaming\Deubin\quek.teu
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-10-08 bis 2014-11-08  ))))))))))))))))))))))))))))))
.
.
2014-11-07 08:04 . 2014-11-07 09:25        --------        d-----w-        C:\FRST
2014-11-07 01:35 . 2014-11-07 01:35        --------        d-----w-        c:\users\Martin\AppData\Roaming\Avira
2014-11-07 01:33 . 2014-10-23 13:02        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2014-11-07 01:33 . 2014-10-23 13:02        131608        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2014-11-07 01:33 . 2014-10-23 13:01        119272        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2014-10-15 00:06 . 2014-10-10 02:05        276480        ----a-w-        c:\windows\system32\generaltel.dll
2014-10-15 00:05 . 2014-09-18 02:00        3241472        ----a-w-        c:\windows\system32\msi.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-15 01:00 . 2013-03-06 16:32        103265616        ----a-w-        c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-01 11:36        371712        ----a-w-        c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 11:36        519680        ----a-w-        c:\windows\SysWow64\qdvd.dll
2014-09-24 15:38 . 2012-04-11 20:30        701104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-24 15:38 . 2011-10-12 20:22        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 22:11 . 2014-09-24 15:00        2048        ----a-w-        c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 15:00        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-08-23 02:07 . 2014-08-28 13:21        404480        ----a-w-        c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 13:21        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}]
2014-09-22 20:44        12184        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49        184400        ----a-w-        c:\program files (x86)\Avira\Internet Explorer\avira32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{b106b661-3e1b-4015-af5c-195e909f35c6}]
2010-12-09 11:51        3911776        ----a-w-        c:\program files (x86)\NCH_DE\tbNCH_.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
2010-10-18 10:26        3908192        ----a-w-        c:\program files (x86)\Games_Bar_1\tbGam2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-04-30 10:02        1521800        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}"= "c:\program files (x86)\Games_Bar_1\tbGam2.dll" [2010-10-18 3908192]
"{b106b661-3e1b-4015-af5c-195e909f35c6}"= "c:\program files (x86)\NCH_DE\tbNCH_.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-04-30 1521800]
"{4F524A2D-5350-4500-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" [2014-09-22 12184]
.
[HKEY_CLASSES_ROOT\clsid\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}]
.
[HKEY_CLASSES_ROOT\clsid\{b106b661-3e1b-4015-af5c-195e909f35c6}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{4f524a2d-5350-4500-76a7-7a786e7484d7}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41        120104        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"TkBellExe"="d:\realplayer\Update\realsched.exe" [2012-10-14 296096]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-04-30 1648264]
"Arc"="c:\program files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe" [2014-07-24 145744]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-09-22 1942424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-23 703736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ArcService;Arc Service;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe;c:\program files (x86)\Perfect World Entertainment\Arc\ArcService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\programme\Common\Database\bin\fbserver.exe;d:\programme\Common\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys;c:\windows\SYSNATIVE\Drivers\pssdk42.sys [x]
S1 PSSDKLBF;PSSDKLBF;c:\windows\system32\Drivers\pssdklbf.sys;c:\windows\SYSNATIVE\Drivers\pssdklbf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-11-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 15:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}]
2014-09-22 20:44        13720        ----a-w-        c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4F524A2D-5350-4500-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" [2014-09-22 13720]
.
[HKEY_CLASSES_ROOT\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44        137512        ----a-w-        c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1391464675&from=cor&uid=ST31000528AS_9VP25N5HXXXX9VP25N5H&q={searchTerms}
mDefault_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1391464675&from=cor&uid=ST31000528AS_9VP25N5HXXXX9VP25N5H
mStart Page = hxxp://www.sweet-page.com/?type=hp&ts=1391464675&from=cor&uid=ST31000528AS_9VP25N5HXXXX9VP25N5H
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1391464675&from=cor&uid=ST31000528AS_9VP25N5HXXXX9VP25N5H&q={searchTerms}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Yahoo MSD
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=720583817&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=720583817&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=720583817&ir=&q=
FF - user.js: extensions.mysearchdial.id - 00262D14C739F41F
FF - user.js: extensions.mysearchdial.instlDay - 16095
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.021:11
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0103aw
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 720583817
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.irmysearch.aflt - irmsd0103aw
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 720583817
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{78e516ef-11de-47a1-8364-a99b917ec5ee} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-NvCplDaemonTool - (no file)
Wow6432Node-HKLM-Run-eDonkey2000 - c:\program files (x86)\eDonkey2000\eDonkey2000.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe /silent
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} - (no file)
WebBrowser-{B106B661-3E1B-4015-AF5C-195E909F35C6} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
WebBrowser-{78E516EF-11DE-47A1-8364-A99B917EC5EE} - (no file)
AddRemove-Content Manager 2 - c:\users\Martin\Music\Content Manager 2\uninst.exe
AddRemove-eDonkey2000 - c:\program files (x86)\eDonkey2000\uninstall_eDonkey2000.exe
AddRemove-GamersFirst LIVE! - c:\program files (x86)\GamersFirst\LIVE!\uninstall.exe
AddRemove-GamersFirst War Rock - c:\program files (x86)\GamersFirst\War Rock\uninstall.exe
AddRemove-heroes in the sky - c:\program files (x86)\gamigo\heroes in the sky\uninstall.exe
AddRemove-PunkBusterSvc - h:\spiele\Heroes\pbsvc_heroes.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - h:\spiele\Heroes\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-11-08  05:58:30 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-11-08 04:58
.
Vor Suchlauf: 13 Verzeichnis(se), 198.076.874.752 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 204.338.147.328 Bytes frei
.
- - End Of File - - CE3ABC49F30E88DCAB51E805C7409922
A36C5E4F47E84449FF07ED3517B43A31

cosinus 08.11.2014 16:22
Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Jokeer 08.11.2014 23:29
Code:
# AdwCleaner v4.100 - Bericht erstellt am 08/11/2014 um 23:09:01
# DB v2014-11-07.1
# Aktualisiert 08/11/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Martin - MBIII
# Gestartet von : C:\Users\Martin\Downloads\AdwCleaner_4.100.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : APNMCP

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Martin\AppData\Local\apn
Ordner Gelöscht : C:\Users\Martin\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Martin\AppData\Local\AskToolbar
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Gameo
Ordner Gelöscht : C:\Users\Martin\AppData\Local\iLivid
Ordner Gelöscht : C:\Users\Martin\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Martin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Martin\AppData\Local\SaveSense
Ordner Gelöscht : C:\Users\Martin\AppData\Local\SaveSenseLive
Ordner Gelöscht : C:\Users\Martin\AppData\Local\WeatherAlerts
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\Martin\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Gameo
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
[!] Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\faststartff@gmail.com
[!] Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\user.js

***** [ Tasks ] *****

Task Gelöscht : Scheduled Update for Ask Toolbar

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lightningnewtab@gmail.com]
Schlüssel Gelöscht : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginService
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2452474
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3241949
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7CF33E64-76F1-4042-AB0D-D18789E6549B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C5A91828-68D7-47B3-B3BC-8974BB895A9A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\mysearchdial.com
Schlüssel Gelöscht : HKCU\Software\SaveSense
Schlüssel Gelöscht : HKCU\Software\SaveSenseLive
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markable
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\APN
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\DomaIQ
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ixquick.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\movshare.net
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\sweet-page.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.movshare.net
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.search.ask.com

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17344

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v32.0.3 (x86 de)

[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550..clientLogIsEnabled", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.AppTrackingLastCheckTime", "Fri Sep 09 2011 14:04:53 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.CTID", "ct2613550");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.CurrentServerDate", "17-7-2012");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.DialogsAlignMode", "LTR");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.DialogsGetterLastCheckTime", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.DownloadReferralCookieData", "");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.EMailNotifierPollDate", "Tue Mar 27 2012 21:29:20 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.FirstServerDate", "9-9-2011");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.FirstTime", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.FirstTimeFF3", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.FixPageNotFoundErrors", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.GroupingServerCheckInterval", 1440);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.HasUserGlobalKeys", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.HomePageProtectorEnabled", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.Initialize", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.InitializeCommonPrefs", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.InstallationAndCookieDataSentCount", 3);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.InstallationType", "UnknownIntegration");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.InstalledDate", "Fri Sep 09 2011 14:04:43 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsAlertDBUpdated", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsGrouping", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsInitSetupIni", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsMulticommunity", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsOpenThankYouPage", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsOpenUninstallPage", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.IsProtectorsInit", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LanguagePackLastCheckTime", "Fri Sep 09 2011 14:04:44 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LanguagePackReloadIntervalMM", 1440);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LastLogin_3.12.2.3", "Thu May 31 2012 01:11:26 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LastLogin_3.13.0.6", "Tue Jul 17 2012 18:44:32 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LastLogin_3.6.0.10", "Fri Oct 28 2011 02:47:42 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LastLogin_3.8.0.8", "Mon May 28 2012 11:37:50 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.LatestVersion", "3.13.0.6");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.Locale", "de-de");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipHeight", "83");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipShow", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.MCDetectTooltipWidth", "295");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.MyStuffEnabledAtInstallation", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.OriginalFirstVersion", "3.6.0.10");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SHRINK_TOOLBAR", 1);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SavedHomepage", "www.yahoo.de");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchEngineBeforeUnload", "ZoneAlarm-Sicherheit Customized Web Search");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchFromAddressBarIsInit", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchInNewTabEnabled", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchInNewTabIntervalMM", 1440);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchProtectorEnabled", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SearchProtectorToolbarDisabled", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ServiceMapLastCheckTime", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SettingsLastCheckTime", "Fri Sep 09 2011 14:04:42 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.SettingsLastUpdate", "1313417096");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsInterval", 504);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastCheck", "Fri Sep 09 2011 14:04:41 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ThirdPartyComponentsLastUpdate", "1255344657");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ToolbarShrinkedFromSetup", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2613550");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.UserID", "UN68561939765027874");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ValidationData_Search", 0);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ValidationData_Toolbar", 1);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.alertChannelId", "1006347");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.approveUntrustedApps", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.components.1000034", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.components.129171076489169448", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.AppTrackingLastCheckTime", "Mon May 28 2012 11:38:01 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.DialogsAlignMode", "LTR");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.LanguagePackLastCheckTime", "Tue Jul 17 2012 18:44:32 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.Locale", "de-de");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.SettingsLastCheckTime", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.SettingsLastUpdate", "1342352981");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastCheck", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.ThirdPartyComponentsLastUpdate", "1331806000");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.components.129171076488856945", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.components.129539182460150402", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.components.129539182525463225", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.globalFirstTimeInfoLastCheckTime", "Tue Jul 17 2012 18:44:32 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.ct2613550.toolbarContextMenuLastCheckTime", "Sat Jul 07 2012 02:57:35 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.globalFirstTimeInfoLastCheckTime", "Fri Sep 09 2011 14:04:43 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.homepageProtectorEnableByLogin", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.initDone", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.isAppTrackingManagerOn", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.myStuffEnabled", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.myStuffPublihserMinWidth", 400);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.myStuffServiceIntervalMM", 1440);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.oldAppsList", "129171076488700693,129171076488856944,111,129171076488856945,129539182460150402,129539182525463225,129791240633491387,1000034,1000080,1000082,1000234,1000,1001,1002[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.revertSettingsEnabled", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.searchProtectorDialogDelayInSec", 10);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.searchProtectorEnableByLogin", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.testingCtid", "");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.toolbarAppMetaDataLastCheckTime", "Fri Sep 09 2011 14:04:43 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.toolbarContextMenuLastCheckTime", "Fri Sep 09 2011 14:04:44 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.usageEnabled", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CT2613550.usagesFlag", 2);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm-Sicherheit Customized Web Search");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/ct2613550/CT2613550", "\"2baec859dd7825f1b78fbd900678a7a52\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2613550", "\"0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2613550", "\"0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=de-de", "xVl2ui1iX6CDJwlhoXazeQ==");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=de-de", "pMJrsOAIrcWADPEnEML9WA==");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=de-de", "U5mhHQKIYvMC666+kpF/Lw==");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=de-de", "eJfMrdrGnhGHiiPiYjgAww==");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"4ead38b3e6bcd1:0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2613550", "\"5a3bfb736bf65ca0cca630a3f0917948\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2613550&octid=CT2613550", "\"1313417096\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2613550&octid=CT2613550", "\"2807e408f5757591aa14689b75d39e791\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/50/261/CT2613550/Images/634084971246361250.png", "\"462e8b16c4eaca1:0\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de-de", "\"4bed802bf70e2b476392c40fa2322f30\"");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Martin\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\9grsh04n.default\\conduitCommon\\modules\\3.13.0.6");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://de.search.yahoo.com/search?fr=mcafee&p=");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2613550");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2613550");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2613550");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 27 2012 10:13:00 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.globalUserId", "5a7e0b3b-a6fa-47f5-b9cb-4d6e873f34c6");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2613550");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jul 17 2012 18:44:32 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jul 17 2012 18:44:31 GMT+0200");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("CommunityToolbar.notifications.userId", "76937ae2-efab-4daf-8d0b-0c143bba867b");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("accessibility.lightning.homepage", "hxxp://www.sweet-page.com/?type=hp&ts=1391464675&from=cor&uid=ST31000528AS_9VP25N5HXXXX9VP25N5H");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm-Sicherheit Customized Web Search");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.crossrider.bic", "143f9c30f7dc5804ab40a09765e34fe7");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0103aw");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.cr", "720583817");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd0103aw");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "720583817");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "17A3DBA71F8C926AC62A74582EF38B2B");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.id", "00262D14C739F41F");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16095");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutB[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "{smplGrp}");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0103aw&cd=2XzuyEtN2Y1L1QzutDtDtByCtB0DtCyE0CyBtAzy0FyEtC0FtN0D0Tzu0SyByDyCtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:11:51");
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[9grsh04n.default\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [51860 octets] - [08/11/2014 23:06:59]
AdwCleaner[S0].txt - [52031 octets] - [08/11/2014 23:09:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [52092 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martin on 08.11.2014 at 23:20:15,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}



~~~ Files

Successfully deleted: [File] "C:\Windows\wininit.ini"



~~~ Folders

Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\9grsh04n.default\conduitcommon
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\9grsh04n.default\minidumps [167 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.11.2014 at 23:23:57,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by Martin (administrator) on MBIII on 08-11-2014 23:27:07
Running from C:\Users\Martin\Downloads
Loaded Profile: Martin (Available profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) D:\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) C:\Users\Martin\Downloads\FRST64 (1).exe
(Farbar) C:\Users\Martin\Downloads\FRST64 (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TkBellExe] => D:\RealPlayer\Update\realsched.exe [296096 2012-10-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Arc] => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe [145744 2014-07-24] (Perfect World Entertainment)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_deDE453
SearchScopes: HKCU - {A5B992B9-E60D-4F00-AA8D-524015FFAFCA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Boostyb.Core.BHO -> {42ad2408-abba-2408-1972-4706560e817b} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Oryte Games 1 Toolbar -> {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} -> C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Boostyb.Toolbar.Toolbar - {42ad2408-baaa-408d-b13e-4706560e817b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Toolbar: HKCU - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default
FF DefaultSearchEngine: Yahoo MSD
FF SelectedSearchEngine: Yahoo MSD
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> D:\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> D:\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> D:\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\searchplugins\yahoo-msd.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: Battlefield Heroes Updater - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\battlefieldheroespatcher@ea.com [2013-11-20]
FF Extension: Avira Savings Advisor - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\ciuvo-extension@avira.de [2014-02-27]
FF Extension: Suche App - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-20]
FF Extension: Greasemonkey - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-14]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\extensions\faststartff@gmail.com [Not Found]

Chrome:
=======
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx []
CHR HKLM-x32\...\Chrome\Extension: [aaaaabfjnbeinlpljodiajipidiompfl] - C:\Users\Martin\AppData\Local\APN\GoogleCRXs\aaaaabfjnbeinlpljodiajipidiompfl_7.15.11.0.crx []
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-14]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2012-10-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-07-24] (Perfect World Entertainment Inc)
S3 FirebirdServerMAGIXInstance; D:\Programme\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-19] ()
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2011-04-09] (microOLAP Technologies LTD)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 23:27 - 2014-11-08 23:28 - 00016550 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-11-08 23:27 - 2014-11-08 23:27 - 02115584 _____ (Farbar) C:\Users\Martin\Downloads\FRST64 (1).exe
2014-11-08 23:26 - 2014-11-08 23:26 - 02115584 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe.2gmbbl9.partial
2014-11-08 23:23 - 2014-11-08 23:23 - 00002014 _____ () C:\Users\Martin\Desktop\JRT.txt
2014-11-08 23:20 - 2014-11-08 23:20 - 00000000 ____D () C:\Windows\ERUNT
2014-11-08 23:17 - 2014-11-08 23:17 - 00000000 ____D () C:\Users\Martin\Downloads\Neuer Ordner
2014-11-08 23:14 - 2014-11-08 23:14 - 01706808 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2014-11-08 23:06 - 2014-11-08 23:09 - 00000000 ____D () C:\AdwCleaner
2014-11-08 23:05 - 2014-11-08 23:05 - 02145792 _____ () C:\Users\Martin\Downloads\AdwCleaner_4.100.exe
2014-11-08 05:58 - 2014-11-08 05:58 - 00017378 _____ () C:\ComboFix.txt
2014-11-08 05:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-08 05:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-08 05:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-08 05:38 - 2014-11-08 05:58 - 00000000 ____D () C:\Qoobox
2014-11-08 05:38 - 2014-11-08 05:57 - 00000000 ____D () C:\Windows\erdnt
2014-11-08 04:30 - 2014-11-08 04:30 - 05593178 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-11-07 09:04 - 2014-11-08 23:27 - 00000000 ____D () C:\FRST
2014-11-07 02:35 - 2014-11-07 02:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Avira
2014-11-07 02:33 - 2014-11-07 09:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-07 02:33 - 2014-11-07 02:33 - 00002070 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-07 02:33 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-11-07 02:33 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-11-07 02:33 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-11-07 02:22 - 2014-11-07 02:29 - 151804352 _____ () C:\Users\Martin\Downloads\avira_free_antivirus_de_14.0.7.342.exe
2014-10-15 01:07 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:07 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 01:07 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 01:07 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 01:07 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:07 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 01:07 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 01:07 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:07 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:07 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:07 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:07 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 01:07 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 01:07 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:07 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 01:07 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:07 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:07 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:07 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:07 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:07 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:07 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 01:07 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:07 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:07 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:07 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 01:07 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 01:07 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 01:07 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 01:07 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 01:07 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 01:07 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 01:07 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 01:07 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:07 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:07 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:06 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:06 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:06 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:06 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 01:06 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 01:06 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 01:06 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 01:06 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 01:06 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 01:06 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 01:06 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 01:06 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 01:06 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 01:06 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 01:06 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 01:06 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 01:06 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 01:06 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 01:06 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 01:06 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 01:06 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 01:06 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 01:06 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 01:06 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 01:06 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 01:06 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 01:06 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 01:06 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 01:06 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 01:06 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 01:06 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 01:06 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 01:06 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 01:06 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 01:06 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 01:06 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 01:06 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 01:06 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 01:06 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 01:06 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 01:06 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 01:06 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 01:06 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 01:06 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 01:06 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 01:06 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 01:06 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 01:06 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 01:06 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 01:06 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 01:06 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 01:06 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 01:06 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 01:06 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 01:06 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 01:06 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 01:06 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 01:06 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 01:06 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 01:05 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 01:05 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 01:05 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:05 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 01:05 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:05 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 01:05 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 01:05 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 01:05 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 01:05 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 01:05 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 01:05 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-08 23:18 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-08 23:18 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-08 23:15 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-08 23:15 - 2007-10-10 21:53 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-08 23:15 - 2007-10-10 21:53 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-08 23:14 - 2007-10-10 12:01 - 01929549 _____ () C:\Windows\WindowsUpdate.log
2014-11-08 23:10 - 2009-10-13 04:44 - 01359388 _____ () C:\Windows\PFRO.log
2014-11-08 23:10 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 23:10 - 2009-07-14 05:51 - 00401714 _____ () C:\Windows\setupact.log
2014-11-08 23:09 - 2012-05-28 19:16 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-08 23:09 - 2012-03-08 20:17 - 00001001 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-08 23:09 - 2011-08-23 02:37 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\CheckPoint
2014-11-08 09:38 - 2012-04-11 21:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 05:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-08 05:36 - 2012-02-03 05:49 - 00016896 ___SH () C:\Users\Martin\Documents\Thumbs.db
2014-11-08 05:35 - 2010-01-29 10:17 - 00005134 _____ () C:\Users\Martin\AppData\Roaming\wklnhst.dat
2014-11-08 05:35 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-07 09:19 - 2014-02-27 01:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-07 08:57 - 2012-11-15 08:25 - 00000000 ____D () C:\ProgramData\Avira
2014-11-07 04:07 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\.minecraft
2014-10-23 17:47 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 14:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 14:35 - 2009-07-14 05:45 - 00363304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 06:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 06:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 06:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:26 - 2009-10-13 04:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:23 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:00 - 2013-03-06 17:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 02:51 - 2011-02-28 18:27 - 00000000 ____D () C:\Program Files (x86)\Pando Networks

Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\Temp\avgnt.exe
C:\Users\Martin\AppData\Local\Temp\Quarantine.exe
C:\Users\Martin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:50

==================== End Of Log ============================
--- --- ---

--- --- ---

Jokeer 08.11.2014 23:30
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by Martin at 2014-11-08 23:28:27
Running from C:\Users\Martin\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

50 FREE MP3s +1 Free Audiobook! (HKLM-x32\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)
AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.6929 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.6929 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment)
ATI Catalyst Install Manager (HKLM\...\{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battlefield Bad Company 2 - BETA (HKLM-x32\...\{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}) (Version: 1.0.0.1 - Electronic Arts)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Boost Your Browser (HKLM-x32\...\{28AAEC25-198C-44D6-8D70-77494DFA8DB4}) (Version: 0.7 - Nikozen)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Commandos 3 - Destination Berlin (HKLM-x32\...\{C270BC04-1540-4673-960F-A546B2C860CD}) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 2.2.1.9986 - Harman Becker Automotive Systems)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Media Foundation Components (HKLM-x32\...\{DA703982C580418795BF4001AA9D7061}) (Version: 1.0.0 - DivX, Inc.)
DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eDonkey2000 (HKLM-x32\...\eDonkey2000) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Games_Bar_1 Toolbar (HKLM-x32\...\Games_Bar_1 Toolbar) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
heroes in the sky (HKLM-x32\...\heroes in the sky) (Version: CBT - gamigo AG)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
MAGIX Foto Manager 8 (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.499 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Goya burnR 1.3.1.3 (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.1.3 - MAGIX AG)
MAGIX Music Maker 15 15.0.1.11 (D) (HKLM-x32\...\MAGIX Music Maker 15 D) (Version: 15.0.1.11 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 32.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 de)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.5.3.255 (D) (HKLM-x32\...\Mufin MusicFinder Base D) (Version: 1.5.3.255 - MAGIX AG)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NCH DE Toolbar (HKLM-x32\...\NCH_DE Toolbar) (Version: 6.2.7.3 - NCH DE)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.991 - Electronic Arts)
Nero 9 Essentials (HKLM-x32\...\{67c93cea-627f-4563-86a5-e934a3d248ca}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
Phoenix Backup Professional (HKLM-x32\...\{BF34527D-7B27-43AD-9994-7B3ABCEF3625}) (Version: 3.5.000 - SYDATEC)
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
POI FINDER 1.71 (HKLM-x32\...\POI FINDER_is1) (Version:  - POICON)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1101}) (Version: 12.17.1.65 - APN, LLC) <==== ATTENTION
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version:  - NCH Software)
Supreme Commander (HKLM-x32\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Uniblue RegistryBooster 2010 (HKLM-x32\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version:  - Uniblue Systems Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
War Rock (HKLM-x32\...\GamersFirst War Rock) (Version:  - GamersFirst)
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

19-10-2014 17:00:11 Windows-Sicherung
26-10-2014 20:42:14 Windows-Sicherung
02-11-2014 22:52:53 Windows-Sicherung

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {054D3581-ABAA-4B5C-8851-2A597F0F5ECB} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {1970D614-A2FD-4097-BC4A-08AB4F41FAE0} - System32\Tasks\NCH Swift Sound\wavepadDowngrade => C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe [2011-01-11] (NCH Software)
Task: {9CD0309E-EF0B-465D-A51D-AFEBB52C2CE9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E2ECA403-3BE7-4F50-B806-C191BF7CD191} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-404474871-2797502028-3006622951-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E57AB1CA-1E37-42EE-B2CF-1A1F52F62DF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F22F4D41-D822-4614-8490-4E23B71445F4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-404474871-2797502028-3006622951-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-01-10 00:39 - 2013-02-19 10:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2009-06-23 15:02 - 2009-06-23 15:02 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2007-10-10 12:03 - 2007-10-10 12:03 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 14:42 - 2009-12-12 15:12 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2013-12-11 16:49 - 2013-12-11 16:49 - 00184400 _____ () C:\Program Files (x86)\avira\Internet Explorer\avira32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PlayMovie => "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-404474871-2797502028-3006622951-500 - Administrator - Disabled)
Gast (S-1-5-21-404474871-2797502028-3006622951-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-404474871-2797502028-3006622951-1002 - Limited - Enabled)
Martin (S-1-5-21-404474871-2797502028-3006622951-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (04/01/2010 09:49:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9700 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-08 05:50:34.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-08 05:50:34.506
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-27 02:31:19.405
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-27 02:10:42.148
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-27 01:27:07.842
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 14:53:56.091
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 14:44:58.463
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 00:15:54.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-21 16:10:10.475
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-18 20:55:00.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 26%
Total physical RAM: 6143.18 MB
Available physical RAM: 4507.33 MB
Total Pagefile: 12284.53 MB
Available Pagefile: 10443.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:190.25 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.87 GB) (Free:426.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 278A5868)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)

cosinus 09.11.2014 16:28
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
URLSearchHook: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
BHO-x32: Oryte Games 1 Toolbar -> {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} -> C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Boostyb.Toolbar.Toolbar - {42ad2408-baaa-408d-b13e-4706560e817b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Toolbar: HKCU - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx []
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2012-10-14]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\Games_Bar_1
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Jokeer 10.11.2014 13:16
Hallo,

ich habe das jetzt 3 mal versucht. Aber wenn ich dann auf fix gehe zeigt er mir die Fehlermeldung: Fixdatei nicht gefunden. Woran kann das liegen? Habe alles nach Anweisung gemacht.

cosinus 10.11.2014 13:32
Zitat:
Running from C:\Users\Martin\Downloads
Sieht nicht nach Anweisung aus. Es steht hier immer, dass die Tools v.a. FRST auf dem Desktop liegen sollen, bei dir liegt es im Ordner Downloads. Verschiebe FRST von Downloads auf den Desktop

Jokeer 10.11.2014 14:21
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Martin at 2014-11-10 14:15:33 Run:2
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
URLSearchHook: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
BHO-x32: Oryte Games 1 Toolbar -> {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} -> C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Boostyb.Toolbar.Toolbar - {42ad2408-baaa-408d-b13e-4706560e817b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Toolbar: HKCU - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx []
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2012-10-14]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\Games_Bar_1
EmptyTemp:
Hosts:
       
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key deleted successfully.
"HKU\S-1-5-21-404474871-2797502028-3006622951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{42ad2408-baaa-408d-b13e-4706560e817b} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{42ad2408-baaa-408d-b13e-4706560e817b}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} => value deleted successfully.
"HKCR\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => value deleted successfully.
"HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} => value deleted successfully.
"HKCR\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx [] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn" => Key deleted successfully.
"C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx" => File/Directory not found.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":444C53BA" ADS removed successfully.
C:\ProgramData\Temp => ":4CF61E54" ADS removed successfully.
C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully.
C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully.
C:\ProgramData\Temp => ":93DE1838" ADS removed successfully.
C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully.
C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully.
C:\ProgramData\Temp => ":E1F04E8D" ADS removed successfully.
C:\ProgramData\Temp => ":E3C56885" ADS removed successfully.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
C:\Program Files (x86)\Games_Bar_1 => Moved successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 7.3 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====
Sorry, da hattest du Recht ;-)

cosinus 10.11.2014 14:24
Avira deaktivieren, Fix wiederholen

Jokeer 10.11.2014 14:46
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Martin at 2014-11-10 14:43:36 Run:4
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
URLSearchHook: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
BHO-x32: Oryte Games 1 Toolbar -> {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} -> C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - Oryte Games 1 Toolbar - {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - C:\Program Files (x86)\Games_Bar_1\tbGam2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Boostyb.Toolbar.Toolbar - {42ad2408-baaa-408d-b13e-4706560e817b} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {BC04B34E-5DD8-465A-A5E0-86F7C11BC009} -  No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
Toolbar: HKCU - No Name - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} -  No File
Toolbar: HKCU - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx []
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2012-10-14]
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:444C53BA
AlternateDataStreams: C:\ProgramData\Temp:4CF61E54
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\Games_Bar_1
EmptyTemp:
Hosts:
       
*****************

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} => Value not found.
"HKU\S-1-5-21-404474871-2797502028-3006622951-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key not found.
"HKCR\Wow6432Node\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Value not found.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} => Value not found.
"HKCR\Wow6432Node\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{42ad2408-baaa-408d-b13e-4706560e817b} => Value not found.
"HKCR\Wow6432Node\CLSID\{42ad2408-baaa-408d-b13e-4706560e817b}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Value not found.
"HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009} => Value not found.
"HKCR\CLSID\{BC04B34E-5DD8-465A-A5E0-86F7C11BC009}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} => Value not found.
"HKCR\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} => Value not found.
"HKCR\CLSID\{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => Value not found.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Martin\AppData\Local\mysearchdial-speeddial.crx [] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pkndmigholgfjlniaohblojbhgjbkakn" => Key not found.
"C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx" => File/Directory not found.
"C:\ProgramData\Temp" => ":0B9176C0" ADS not found.
"C:\ProgramData\Temp" => ":444C53BA" ADS not found.
"C:\ProgramData\Temp" => ":4CF61E54" ADS not found.
"C:\ProgramData\Temp" => ":4D066AD2" ADS not found.
"C:\ProgramData\Temp" => ":5D7E5A8F" ADS not found.
"C:\ProgramData\Temp" => ":93DE1838" ADS not found.
"C:\ProgramData\Temp" => ":AB689DEA" ADS not found.
"C:\ProgramData\Temp" => ":ABE89FFE" ADS not found.
"C:\ProgramData\Temp" => ":E1F04E8D" ADS not found.
"C:\ProgramData\Temp" => ":E3C56885" ADS not found.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
"C:\Program Files (x86)\Games_Bar_1" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 25.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

cosinus 10.11.2014 14:47
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Scan klicken

http://saved.im/mtg0mjy4yjlu/2014-04...ryscantool.png

Jokeer 10.11.2014 14:54
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Martin (administrator) on MBIII on 10-11-2014 14:50:41
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) D:\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TkBellExe] => D:\RealPlayer\Update\realsched.exe [296096 2012-10-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-404474871-2797502028-3006622951-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_deDE453
SearchScopes: HKCU - {A5B992B9-E60D-4F00-AA8D-524015FFAFCA} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
BHO-x32: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} ->  No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name -> {42ad2408-abba-2408-1972-4706560e817b} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {A18A516C-AA41-46A9-92DB-60208917E442} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.203.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default
FF DefaultSearchEngine: Yahoo MSD
FF SelectedSearchEngine: Yahoo MSD
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @live.heroesandgenerals.com/npretox -> C:\Program Files (x86)\Heroes & Generals\live\npretox-1.0.6.1\npretoxlive-1.0.6.1.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> D:\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> D:\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> D:\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\searchplugins\yahoo-msd.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\abs@avira.com [2014-09-30]
FF Extension: Battlefield Heroes Updater - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\battlefieldheroespatcher@ea.com [2013-11-20]
FF Extension: Avira Savings Advisor - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\ciuvo-extension@avira.de [2014-02-27]
FF Extension: Suche App - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-20]
FF Extension: Greasemonkey - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\9grsh04n.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-10-14]
FF Extension: No Name - {0153E448-190B-4987-BDE1-F256CADA672F} [Not Found]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-10-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [267440 2014-09-24] (Adobe Systems Incorporated) [File not signed]
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [51808 2013-09-11] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [105144 2013-09-11] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [124088 2013-09-11] (Microsoft Corporation) [File not signed]
S3 FirebirdServerMAGIXInstance; D:\Programme\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
R2 Greg_Service; C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) [File not signed]
R2 IAANTMON; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [354840 2009-06-05] (Intel Corporation) [File not signed]
S3 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114288 2014-11-09] (Mozilla Foundation) [File not signed]
S3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.) [File not signed]
S3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-08-25] (Nero AG) [File not signed]
S4 NetMsmqActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) [File not signed]
S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) [File not signed]
S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) [File not signed]
S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [139856 2013-09-11] (Microsoft Corporation) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.) [File not signed]
S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] (Microsoft Corporation) [File not signed]
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-19] () [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer) [File not signed]
S3 UPnPService; C:\Program Files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\system32\drivers\NTIDrvr.sys [18432 2009-05-06] (NewTech Infosystems, Inc.) [File not signed]
R1 PSSDK42; C:\Windows\system32\Drivers\pssdk42.sys [53312 2011-04-09] (microOLAP Technologies LTD) [File not signed]
R1 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2011-04-09] (microOLAP Technologies LTD) [File not signed]
R3 stdriver; C:\Windows\System32\DRIVERS\stdriver64.sys [56408 2011-01-11] (NCH Software) [File not signed]
R3 UBHelper; C:\Windows\system32\drivers\UBHelper.sys [16896 2009-05-06] (NewTech Infosystems Corporation) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:50 - 2014-11-10 14:51 - 00014903 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-11-10 14:48 - 2014-11-10 14:51 - 88381492 _____ (AVAST Software) C:\Users\Martin\Downloads\avast_free_antivirus_setup.exe.part
2014-11-10 13:07 - 2014-11-10 13:07 - 02116096 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2014-11-10 13:07 - 2014-11-10 13:07 - 00000000 ____D () C:\Users\Martin\Downloads\FRST-OlderVersion
2014-11-10 13:06 - 2014-11-10 13:08 - 00002912 _____ () C:\Users\Martin\Documents\Fixlist.txt
2014-11-09 00:15 - 2014-11-09 00:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-08 23:28 - 2014-11-08 23:28 - 00028126 _____ () C:\Users\Martin\Downloads\Addition.txt
2014-11-08 23:27 - 2014-11-08 23:28 - 00042193 _____ () C:\Users\Martin\Downloads\FRST.txt
2014-11-08 23:26 - 2014-11-08 23:26 - 02115584 _____ (Farbar) C:\Users\Martin\Downloads\FRST64.exe.2gmbbl9.partial
2014-11-08 23:23 - 2014-11-08 23:23 - 00002014 _____ () C:\Users\Martin\Desktop\JRT.txt
2014-11-08 23:20 - 2014-11-08 23:20 - 00000000 ____D () C:\Windows\ERUNT
2014-11-08 23:17 - 2014-11-08 23:17 - 00000000 ____D () C:\Users\Martin\Downloads\Neuer Ordner
2014-11-08 23:14 - 2014-11-08 23:14 - 01706808 _____ (Thisisu) C:\Users\Martin\Downloads\JRT.exe
2014-11-08 23:06 - 2014-11-08 23:09 - 00000000 ____D () C:\AdwCleaner
2014-11-08 23:05 - 2014-11-08 23:05 - 02145792 _____ () C:\Users\Martin\Downloads\AdwCleaner_4.100.exe
2014-11-08 05:58 - 2014-11-08 05:58 - 00017378 _____ () C:\ComboFix.txt
2014-11-08 05:39 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-08 05:39 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-08 05:39 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-08 05:39 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-08 05:38 - 2014-11-08 05:58 - 00000000 ____D () C:\Qoobox
2014-11-08 05:38 - 2014-11-08 05:57 - 00000000 ____D () C:\Windows\erdnt
2014-11-08 04:30 - 2014-11-08 04:30 - 05593178 ____R (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-11-07 09:04 - 2014-11-10 14:50 - 00000000 ____D () C:\FRST
2014-11-07 02:22 - 2014-11-07 02:29 - 151804352 _____ () C:\Users\Martin\Downloads\avira_free_antivirus_de_14.0.7.342.exe
2014-10-15 01:07 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 01:07 - 2014-08-19 04:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 01:07 - 2014-08-19 04:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 01:07 - 2014-08-19 04:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 01:07 - 2014-08-19 04:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 01:07 - 2014-08-19 04:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 01:07 - 2014-08-19 04:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 01:07 - 2014-08-19 04:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 01:07 - 2014-08-19 04:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 01:07 - 2014-08-19 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 01:07 - 2014-08-19 04:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 01:07 - 2014-08-19 03:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 01:07 - 2014-08-19 03:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 01:07 - 2014-08-19 03:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 01:07 - 2014-07-07 03:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 01:07 - 2014-07-07 03:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 01:07 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 01:07 - 2014-07-07 03:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 01:07 - 2014-07-07 03:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 01:07 - 2014-07-07 03:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 01:07 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 01:07 - 2014-07-07 03:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 01:07 - 2014-07-07 03:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 01:07 - 2014-07-07 03:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 01:07 - 2014-07-07 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 01:07 - 2014-07-07 02:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 01:07 - 2014-07-07 02:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 01:07 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 01:07 - 2014-07-07 02:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 01:07 - 2014-07-07 02:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 01:07 - 2014-07-07 02:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 01:07 - 2014-07-07 02:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 01:07 - 2014-07-07 02:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 01:07 - 2014-07-07 02:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 01:07 - 2014-07-07 02:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 01:07 - 2014-06-28 01:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 01:07 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 01:07 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 01:07 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 01:06 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 01:06 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 01:06 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 01:06 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 01:06 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 01:06 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 01:06 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 01:06 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 01:06 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 01:06 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 01:06 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 01:06 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 01:06 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 01:06 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 01:06 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 01:06 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 01:06 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 01:06 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 01:06 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 01:06 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 01:06 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 01:06 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 01:06 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 01:06 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 01:06 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 01:06 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 01:06 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 01:06 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 01:06 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 01:06 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 01:06 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 01:06 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 01:06 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 01:06 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 01:06 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 01:06 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 01:06 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 01:06 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 01:06 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 01:06 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 01:06 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 01:06 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 01:06 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 01:06 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 01:06 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 01:06 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 01:06 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 01:06 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 01:06 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 01:06 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 01:06 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 01:06 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 01:06 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 01:06 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 01:06 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 01:06 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 01:06 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 01:06 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 01:06 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 01:05 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 01:05 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 01:05 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 01:05 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 01:05 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 01:05 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 01:05 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 01:05 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 01:05 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 01:05 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 01:05 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 01:05 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 01:05 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 01:05 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 14:51 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 14:51 - 2007-10-10 21:53 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2014-11-10 14:51 - 2007-10-10 21:53 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2014-11-10 14:49 - 2007-10-10 12:01 - 02009340 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 14:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 14:45 - 2009-07-14 05:51 - 00402554 _____ () C:\Windows\setupact.log
2014-11-10 14:44 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 14:44 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 14:39 - 2011-03-01 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2014-11-10 14:39 - 2009-10-13 04:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-10 14:38 - 2012-04-11 21:30 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 14:34 - 2014-02-27 01:29 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 14:34 - 2009-10-13 04:44 - 01359730 _____ () C:\Windows\PFRO.log
2014-11-10 14:33 - 2012-11-15 08:25 - 00000000 ____D () C:\ProgramData\Avira
2014-11-10 14:13 - 2014-07-09 12:35 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\.minecraft
2014-11-10 08:51 - 2012-05-28 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-09 05:14 - 2010-01-29 10:17 - 00005134 _____ () C:\Users\Martin\AppData\Roaming\wklnhst.dat
2014-11-09 05:14 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-08 23:09 - 2012-05-28 19:16 - 00001065 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-08 23:09 - 2012-03-08 20:17 - 00001001 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-08 23:09 - 2011-08-23 02:37 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\CheckPoint
2014-11-08 05:53 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-08 05:36 - 2012-02-03 05:49 - 00016896 ___SH () C:\Users\Martin\Documents\Thumbs.db
2014-10-23 17:47 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 00:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-15 14:37 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-15 14:35 - 2009-07-14 05:45 - 00363304 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 06:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 06:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 06:30 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 02:26 - 2009-10-13 04:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-15 02:23 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 02:00 - 2013-03-06 17:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 00:50

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Martin at 2014-11-10 14:52:08
Running from C:\Users\Martin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

50 FREE MP3s +1 Free Audiobook! (HKLM-x32\...\eMusic Promotion) (Version: 1.0.0.1 - eMusic.com Inc)
AAC Decoder (HKLM-x32\...\{AEF9DC35ADDF4825B049ACBFD1C6EB37}) (Version: 7.1.0 - DivX, Inc.)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.2.6929 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.2.6929 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.19 - NewTech Infosystems)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3005 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.2.0812 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader 9.1 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version:  - Oberon Media)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version:  - Oberon Media)
ATI Catalyst Install Manager (HKLM\...\{1F9241E8-87C1-FB9C-5D76-3FF7D0318A87}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
Backup Manager Advance (x32 Version: 2.0.2.19 - NewTech Infosystems) Hidden
Battlefield Bad Company 2 - BETA (HKLM-x32\...\{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}) (Version: 1.0.0.1 - Electronic Arts)
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version:  - EA Digital illusions)
Boost Your Browser (HKLM-x32\...\{28AAEC25-198C-44D6-8D70-77494DFA8DB4}) (Version: 0.7 - Nikozen)
ccc-core-static (x32 Version: 2009.0702.1239.20840 - Ihr Firmenname) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version:  - Oberon Media)
Commandos 3 - Destination Berlin (HKLM-x32\...\{C270BC04-1540-4673-960F-A546B2C860CD}) (Version:  - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Content Manager 2 (HKLM-x32\...\Content Manager 2) (Version: 2.2.1.9986 - Harman Becker Automotive Systems)
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version:  - Oberon Media)
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM-x32\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Player (HKLM-x32\...\{8ADFC4160D694100B5B8A22DE9DCABD9}) (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM-x32\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Media Foundation Components (HKLM-x32\...\{DA703982C580418795BF4001AA9D7061}) (Version: 1.0.0 - DivX, Inc.)
DivX Plus Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM-x32\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version:  - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
eDonkey2000 (HKLM-x32\...\eDonkey2000) (Version:  - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version:  - Oberon Media)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\Firebird SQL Server D) (Version: 2.0.1.13 - MAGIX AG)
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version:  - Oberon Media)
GamersFirst LIVE! (HKLM-x32\...\GamersFirst LIVE!) (Version:  - GamersFirst)
Games_Bar_1 Toolbar (HKLM-x32\...\Games_Bar_1 Toolbar) (Version:  - )
GameSpy Arcade (HKLM-x32\...\GameSpy Arcade) (Version:  - )
GPGNet (HKLM-x32\...\{C194D333-B84A-4BB7-B35E-060732D98DC4}) (Version: 1.0.0 - Gas Powered Games)
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version:  - Oberon Media)
H.264 Decoder (HKLM-x32\...\{A96E97134CA649888820BCDE5E300BBD}) (Version: 1.1.0 - DivX, Inc.)
heroes in the sky (HKLM-x32\...\heroes in the sky) (Version: CBT - gamigo AG)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version:  - Oberon Media)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3002 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java(TM) 6 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216015FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
JDownloader (HKLM-x32\...\JDownloader) (Version: 0.89 - AppWork UG (haftungsbeschränkt))
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live 8.2.2 (HKLM-x32\...\Live 8.2.2) (Version:  - )
MAGIX Foto Manager 8 (HKLM-x32\...\MAGIX Foto Manager 8 D) (Version: 6.0.1.499 - MAGIX AG)
MAGIX Fotobuch 3.6 (HKLM-x32\...\MAGIX Fotobuch) (Version: 3.6 - MAGIX AG)
MAGIX Goya burnR 1.3.1.3 (D) (HKLM-x32\...\MAGIX Goya burnR D) (Version: 1.3.1.3 - MAGIX AG)
MAGIX Music Maker 15 15.0.1.11 (D) (HKLM-x32\...\MAGIX Music Maker 15 D) (Version: 15.0.1.11 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version:  - Oberon Media)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2007 - German/Deutsch (HKLM-x32\...\OMUI.de-de) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MKV Splitter (HKLM-x32\...\{AAC389499AEF40428987B3D30CFC76C9}) (Version: 1.0.1 - DivX, Inc.)
Mozilla Firefox 33.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 33.0.3 (x86 de)) (Version: 33.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.5.3.255 (D) (HKLM-x32\...\Mufin MusicFinder Base D) (Version: 1.5.3.255 - MAGIX AG)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Naviextras Toolbox Prerequesities (HKLM-x32\...\{537575D6-3B96-474C-BD8F-DFF667363DBD}) (Version: 1.0.0 - Nav N Go Ltd.)
NCH DE Toolbar (HKLM-x32\...\NCH_DE Toolbar) (Version: 6.2.7.3 - NCH DE)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.991 - Electronic Arts)
Nero 9 Essentials (HKLM-x32\...\{67c93cea-627f-4563-86a5-e934a3d248ca}) (Version:  - Nero AG)
Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
Phoenix Backup Professional (HKLM-x32\...\{BF34527D-7B27-43AD-9994-7B3ABCEF3625}) (Version: 3.5.000 - SYDATEC)
PKR (HKLM-x32\...\PKR) (Version:  - PKR Ltd)
POI FINDER 1.71 (HKLM-x32\...\POI FINDER_is1) (Version:  - POICON)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Reason 4.0 (HKLM-x32\...\Reason4_is1) (Version: 4.0 - Propellerhead Software AB)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C1101}) (Version: 12.17.1.65 - APN, LLC) <==== ATTENTION
SoundTap Streaming Audio Recorder (HKLM-x32\...\SoundTap) (Version:  - NCH Software)
Supreme Commander (HKLM-x32\...\{25A1E6A4-2DBD-4AC0-8650-8EA9A45B183D}) (Version: 1.00.0000 - Gas Powered Games)
Switch Audiodatei-Konverter (HKLM-x32\...\Switch) (Version:  - NCH Software)
System Requirements Lab (HKLM-x32\...\{92482FB3-C05B-41C6-89E7-75D985602A6E}) (Version: 4.1.72.0 - Husdawg, LLC)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Uniblue RegistryBooster 2010 (HKLM-x32\...\{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1) (Version:  - Uniblue Systems Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
VLC media player 1.0.3 (HKLM-x32\...\VLC media player) (Version: 1.0.3 - VideoLAN Team)
War Rock (HKLM-x32\...\GamersFirst War Rock) (Version:  - GamersFirst)
WavePad Audiobearbeitungs-Software (HKLM-x32\...\WavePad) (Version:  - NCH Software)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.572  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-404474871-2797502028-3006622951-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-11-2014 08:01:59 Windows-Sicherung
10-11-2014 13:39:12 Entfernt Arc

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2014-11-10 14:44 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {054D3581-ABAA-4B5C-8851-2A597F0F5ECB} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {1970D614-A2FD-4097-BC4A-08AB4F41FAE0} - System32\Tasks\NCH Swift Sound\wavepadDowngrade => C:\Program Files (x86)\NCH Swift Sound\WavePad\wavepad.exe [2011-01-11] (NCH Software)
Task: {9CD0309E-EF0B-465D-A51D-AFEBB52C2CE9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E2ECA403-3BE7-4F50-B806-C191BF7CD191} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-404474871-2797502028-3006622951-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E57AB1CA-1E37-42EE-B2CF-1A1F52F62DF9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {F22F4D41-D822-4614-8490-4E23B71445F4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-404474871-2797502028-3006622951-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-01-10 00:39 - 2013-02-19 10:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2009-06-23 15:02 - 2009-06-23 15:02 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2007-10-10 12:03 - 2007-10-10 12:03 - 00270336 _____ () C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-02-03 01:33 - 2009-02-03 01:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2008-09-29 01:55 - 2008-09-29 01:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: BDESVC => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: WSearch => 2
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ArcadeDeluxeAgent => "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
MSCONFIG\startupreg: BackupManagerTray => "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
MSCONFIG\startupreg: EgisTecLiveUpdate => "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
MSCONFIG\startupreg: mcagent_exe => "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: PlayMovie => "C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-404474871-2797502028-3006622951-500 - Administrator - Disabled)
Gast (S-1-5-21-404474871-2797502028-3006622951-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-404474871-2797502028-3006622951-1002 - Limited - Enabled)
Martin (S-1-5-21-404474871-2797502028-3006622951-1000 - Administrator - Enabled) => C:\Users\Martin

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2-Maus
Description: Microsoft PS/2-Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2014 07:38:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, Zeitstempel: 0x515663e0
Name des fehlerhaften Moduls: WebKit.dll, Version: 6531.9.0.0, Zeitstempel: 0x51566370
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000a9965
ID des fehlerhaften Prozesses: 0x324
Startzeit der fehlerhaften Anwendung: 0xLolClient.exe0
Pfad der fehlerhaften Anwendung: LolClient.exe1
Pfad des fehlerhaften Moduls: LolClient.exe2
Berichtskennung: LolClient.exe3

Error: (11/09/2014 05:12:31 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Die abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (11/10/2014 02:47:33 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/10/2014 02:45:51 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/10/2014 02:45:43 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/10/2014 02:45:14 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 02:45:14 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/10/2014 02:40:02 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/10/2014 02:38:20 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002

Error: (11/10/2014 02:37:50 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (11/10/2014 02:37:50 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (11/10/2014 02:37:19 PM) (Source: WMPNetworkSvc) (EventID: 14324) (User: )
Description: WMPNetworkSvc0x80004002


Microsoft Office Sessions:
=========================
Error: (04/01/2010 09:49:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9700 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-11-08 05:50:34.594
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-11-08 05:50:34.506
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-27 02:31:19.405
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-27 02:10:42.148
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-27 01:27:07.842
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 14:53:56.091
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 14:44:58.463
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-23 00:15:54.965
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-21 16:10:10.475
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-02-18 20:55:00.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 28%
Total physical RAM: 6143.18 MB
Available physical RAM: 4379.4 MB
Total Pagefile: 12284.53 MB
Available Pagefile: 10613.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:209.13 GB) NTFS
Drive d: (DATA) (Fixed) (Total:458.87 GB) (Free:426.73 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 278A5868)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=458.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

cosinus 10.11.2014 15:02
Ok, neuer Fix bitte, Virenscanner vorher bitte wieder deaktivieren

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} ->  No File
BHO-x32: No Name -> {42ad2408-abba-2408-1972-4706560e817b} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {A18A516C-AA41-46A9-92DB-60208917E442} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
FF Extension: No Name - {0153E448-190B-4987-BDE1-F256CADA672F} [Not Found]
Task: {054D3581-ABAA-4B5C-8851-2A597F0F5ECB} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
C:\Program Files (x86)\avira\Internet Explorer

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Jokeer 10.11.2014 15:06
Code:
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: Martin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} ->  No File
BHO-x32: No Name -> {42ad2408-abba-2408-1972-4706560e817b} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {A18A516C-AA41-46A9-92DB-60208917E442} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
Filter-x32: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} -  No File
FF Extension: No Name - {0153E448-190B-4987-BDE1-F256CADA672F} [Not Found]
Task: {054D3581-ABAA-4B5C-8851-2A597F0F5ECB} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
C:\Program Files (x86)\avira\Internet Explorer
       
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key Deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" => Key Deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42ad2408-abba-2408-1972-4706560e817b}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{42ad2408-abba-2408-1972-4706560e817b}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key Deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{A18A516C-AA41-46A9-92DB-60208917E442}" => Key Deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key Deleted successfully.
"HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully.
"HKCR\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}" => Key Deleted successfully.
"HKCR\Wow6432Node\PROTOCOLS\Filter\text/xml" => Key not found.
"HKCR\Wow6432Node\CLSID\{807563E5-5146-11D5-A672-00B0D022E945}" => Key Deleted successfully.
FF Extension: No Name - {0153E448-190B-4987-BDE1-F256CADA672F} [Not Found] not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{054D3581-ABAA-4B5C-8851-2A597F0F5ECB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{054D3581-ABAA-4B5C-8851-2A597F0F5ECB}" => Key deleted successfully.
C:\Windows\System32\Tasks\aviraSWU => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\aviraSWU" => Key deleted successfully.
C:\Program Files (x86)\avira\Internet Explorer => Moved successfully.

==== End of Fixlog ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:44 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131