CombiFix Code:
ComboFix 14-08-15.01 - Sarah 16.08.2014 23:25:54.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4026.2214 [GMT 2:00]
ausgeführt von:: c:\users\Sarah\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Sarah\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Search
c:\program files (x86)\Search\HtmlAgilityPack.dll
c:\program files (x86)\Search\makecert.exe
c:\program files (x86)\Search\Newtonsoft.Json.dll
c:\program files (x86)\Search\WebSearch.exe
c:\program files (x86)\Search\WebSearch.exe.config
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Search
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-07-16 bis 2014-08-16 ))))))))))))))))))))))))))))))
.
.
2014-08-16 11:03 . 2014-08-16 11:03 -------- dc----w- c:\windows\ERUNT
2014-08-12 15:00 . 2014-08-16 14:24 -------- dc----w- C:\FRST
2014-08-12 12:39 . 2014-08-16 14:14 122584 -c--a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-12 12:39 . 2014-08-12 12:39 -------- dc----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-08-12 12:39 . 2014-05-12 05:26 91352 -c--a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-12 12:39 . 2014-05-12 05:25 25816 -c--a-w- c:\windows\system32\drivers\mbam.sys
2014-08-12 12:11 . 2014-08-12 12:11 -------- dc----w- c:\program files (x86)\Common Files\Java
2014-08-12 12:11 . 2014-07-25 10:55 98216 -c--a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-11 08:25 . 2014-08-11 08:25 -------- dc----w- c:\users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 08:25 . 2014-08-11 08:25 -------- dc----w- c:\programdata\PlayFirst
2014-08-11 06:07 . 2010-08-30 06:34 536576 -c--a-w- c:\windows\SysWow64\sqlite3.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-15 14:19 . 2010-06-24 09:33 23256 -c--a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-05 07:20 . 2011-07-09 06:49 270496 -c----w- c:\windows\system32\MpSigStub.exe
2014-07-14 02:12 . 2014-08-12 11:30 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F64CCA3A-A19C-4500-827F-1806A3ED0F1D}\mpengine.dll
2014-07-09 16:34 . 2013-12-06 13:28 71344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 16:34 . 2013-12-06 13:28 699056 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 04:56 . 2013-03-21 11:46 427360 -c--a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-09 04:55 . 2013-12-31 23:57 92008 -c--a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-09 04:55 . 2013-03-21 11:46 224896 -c--a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-09 04:55 . 2013-03-21 11:46 1041168 -c--a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-09 04:55 . 2013-03-21 11:46 65776 -c--a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-09 04:55 . 2013-03-21 11:46 79184 -c--a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-09 04:55 . 2014-04-30 05:37 29208 -c--a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-09 04:55 . 2013-03-21 11:46 307344 -c--a-w- c:\windows\system32\aswBoot.exe
2014-07-09 04:55 . 2013-03-21 11:46 93568 -c--a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-09 04:55 . 2014-07-09 04:55 43152 -c--a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Sarah\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-11-15 3093624]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-09-21 1814440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-10-22 181480]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2012-9-25 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0;PCDSRVC{EDD8E36B-450E27F9-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0;PCDSRVC{EDD8E36B-AED7022D-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms;c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DailytoolsInstallerService REG_MULTI_SZ DailytoolsInstallerService
DailytoolsUpdateService REG_MULTI_SZ DailytoolsUpdateService
.
Inhalt des "geplante Tasks" Ordners
.
2014-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-06 16:34]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 10:51]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29 10:51]
.
2014-08-14 c:\windows\Tasks\Norton Security Scan for Sarah.job
- c:\progra~2\NORTON~2\Engine\410~1.28\Nss.exe [2014-04-11 06:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-09 04:55 634872 -c--a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-10-29 822816]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-11-13 306472]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
AddRemove-Cultures - Die Entdeckung Vinlands - c:\windows\IsUn0407.exe
AddRemove-Fallout 2 Restoration Project_is1 - c:\users\Sarah\Pictures\Furcht\Fallout2\unins000.exe
AddRemove-Fallout 2 Unofficial Patch_is1 - c:\users\Sarah\Pictures\Anime - Avatare\BlackIsle\Fallout2\New Folder\unins000.exe
AddRemove-Uninstall_is1 - c:\program files (x86)\Common Files\DVDVideoSoft\unins000.exe
AddRemove-{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1 - c:\program files (x86)\Kalenderchen\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-450E27F9-06020101}_0]
"ImagePath"="\??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{EDD8E36B-AED7022D-06020101}_0]
"ImagePath"="\??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2738482735-3593245532-1885912090-1000\Software\SecuROM\License information*]
"datasecu"=hex:ed,15,7d,56,d7,57,1f,e9,d2,ba,e0,f2,c5,d9,5b,a8,de,5d,80,1d,3f,
1b,f1,07,fe,9f,f4,2b,2f,63,91,52,c9,34,bb,b4,b3,b9,3c,8e,de,6e,b7,13,68,54,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-08-16 23:44:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-08-16 21:44
ComboFix2.txt 2014-08-16 15:22
.
Vor Suchlauf: 22 Verzeichnis(se), 308.160.163.840 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 308.353.060.864 Bytes frei
.
- - End Of File - - 4F9A68FD9F4D3F0FF541E72FEA0EA6C5
A36C5E4F47E84449FF07ED3517B43A31 FRST
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2014 04
Ran by Sarah (administrator) on SARAH-PC on 16-08-2014 23:46:27
Running from C:\Users\Sarah\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [306472 2009-11-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157128 2009-08-18] (Dritek System Inc.)
HKLM-x32\...\Run: [EgisTecLiveUpdate] => C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe [199464 2009-08-04] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeDeluxeAgent] => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [419112 2009-10-29] (CyberLink Corp.)
HKLM-x32\...\Run: [PlayMovie] => C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe [181480 2009-10-22] (Acer Corp.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Sarah\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-16] ()
HKU\S-1-5-21-2738482735-3593245532-1885912090-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1814440 2013-09-21] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5732z&r=27360311f545l0484z105t54i2d40o
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE425
SearchScopes: HKCU - {90A988B0-6C3F-4000-A612-9180A1343E3A} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A010DE662&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
BHO-x32: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> No File
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SimpleAdblock Class -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Windows\system32\d3dyueev6.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @zylom.com/ZylomGamesPlayer -> C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sarah\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin -> C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npzylomgamesplayer.dll (Zylom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\sb4n51z4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-10]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-21]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sarah\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-09]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-09] (AVAST Software)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) [File not signed]
S2 LanmanWorkstation; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)
R2 SystemStore; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [50176 2012-05-21] () [File not signed]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-09] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-03-09] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-18] (Symantec Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-03-09] ()
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-02] (Realtek Semiconductor Corp.)
R1 vmm; C:\Windows\system32\Treiber\vmm.sys [296816 2007-02-18] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{EDD8E36B-450E27F9-06020101}_0; \??\c:\users\sarah\appdata\local\temp\5nt.gwrc6k78\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
S3 PCDSRVC{EDD8E36B-AED7022D-06020101}_0; \??\c:\users\sarah\appdata\local\temp\gejc2xp6brkt\pcdrdiag\bin\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-16 23:46 - 2014-08-16 23:46 - 02101760 ____C (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2014-08-16 23:46 - 2014-08-16 23:46 - 00019549 ____C () C:\Users\Sarah\Desktop\FRST.txt
2014-08-16 23:44 - 2014-08-16 23:44 - 00020912 ____C () C:\ComboFix.txt
2014-08-16 23:22 - 2014-08-16 23:22 - 05571320 ___RC (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-08-16 23:09 - 2014-08-16 23:09 - 00001605 ____C () C:\Users\Sarah\Desktop\ComboFix - Verknüpfung.lnk
2014-08-16 16:59 - 2014-08-16 23:44 - 00000000 ___DC () C:\Qoobox
2014-08-16 16:59 - 2011-06-26 08:45 - 00256000 ____C () C:\Windows\PEV.exe
2014-08-16 16:59 - 2010-11-07 19:20 - 00208896 ____C () C:\Windows\MBR.exe
2014-08-16 16:59 - 2009-04-20 06:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00098816 ____C () C:\Windows\sed.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00080412 ____C () C:\Windows\grep.exe
2014-08-16 16:59 - 2000-08-31 02:00 - 00068096 ____C () C:\Windows\zip.exe
2014-08-16 16:58 - 2014-08-16 23:35 - 00000000 ___DC () C:\Windows\erdnt
2014-08-16 16:23 - 2014-08-16 16:23 - 00002974 ____C () C:\Windows\System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75}
2014-08-16 16:15 - 2014-08-16 16:15 - 00001156 ____C () C:\mbam.txt
2014-08-16 15:26 - 2014-08-16 15:26 - 00026147 ____C () C:\Users\Sarah\Desktop\JRT.txt
2014-08-16 13:03 - 2014-08-16 13:03 - 00000000 ___DC () C:\Windows\ERUNT
2014-08-16 10:43 - 2014-08-16 10:44 - 00049653 ____C () C:\Users\Sarah\Desktop\Addition.txt
2014-08-12 17:00 - 2014-08-16 23:46 - 00000000 ___DC () C:\FRST
2014-08-12 15:10 - 2014-08-12 15:12 - 00002528 ____C () C:\Users\Sarah\Desktop\Rkill.txt
2014-08-12 14:39 - 2014-08-16 16:14 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-12 14:39 - 2014-08-12 14:39 - 00001110 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 14:39 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-12 14:39 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-12 14:11 - 2014-07-25 12:55 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-12 14:11 - 2014-07-25 12:49 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-12 14:11 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-12 14:11 - 2014-07-25 12:49 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-12 14:10 - 2014-08-12 14:11 - 00004250 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-12 14:07 - 2014-08-12 14:07 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Sun
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\ProgramData\PlayFirst
2014-08-11 08:07 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-10 16:42 - 2014-08-10 16:42 - 00000683 ____C () C:\Users\Sarah\Sarah - Verknüpfung.lnk
2014-08-10 16:32 - 2014-08-10 16:32 - 00002966 ____C () C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}
2014-08-10 16:31 - 2014-08-10 16:31 - 00001167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 16:31 - 2014-08-10 16:31 - 00001155 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 16:18 - 2014-08-10 16:18 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-10 16:14 - 2014-08-10 16:14 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0.exe
2014-07-17 18:19 - 2014-07-17 18:19 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Divine
2014-07-17 13:47 - 2014-07-17 18:19 - 00000000 ___DC () C:\Divine
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-16 23:46 - 2014-08-16 23:46 - 02101760 ____C (Farbar) C:\Users\Sarah\Desktop\FRST64.exe
2014-08-16 23:46 - 2014-08-16 23:46 - 00019549 ____C () C:\Users\Sarah\Desktop\FRST.txt
2014-08-16 23:46 - 2014-08-12 17:00 - 00000000 ___DC () C:\FRST
2014-08-16 23:44 - 2014-08-16 23:44 - 00020912 ____C () C:\ComboFix.txt
2014-08-16 23:44 - 2014-08-16 16:59 - 00000000 ___DC () C:\Qoobox
2014-08-16 23:42 - 2011-03-28 12:09 - 01182795 ____C () C:\Windows\WindowsUpdate.log
2014-08-16 23:39 - 2013-03-21 13:46 - 00004182 ____C () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-16 23:37 - 2011-03-29 12:51 - 00001110 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-16 23:37 - 2011-03-29 12:51 - 00001106 ____C () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-16 23:37 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-08-16 23:37 - 2009-07-14 04:34 - 00000215 ____C () C:\Windows\system.ini
2014-08-16 23:36 - 2014-06-13 19:06 - 00016434 ____C () C:\Windows\PFRO.log
2014-08-16 23:36 - 2014-06-10 12:17 - 00018648 ____C () C:\Windows\setupact.log
2014-08-16 23:36 - 2009-07-14 04:34 - 68730880 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 00466944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-16 23:36 - 2009-07-14 04:34 - 00028672 _____ () C:\Windows\system32\config\SAM.bak
2014-08-16 23:35 - 2014-08-16 16:58 - 00000000 ___DC () C:\Windows\erdnt
2014-08-16 23:34 - 2013-12-06 15:28 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-16 23:22 - 2014-08-16 23:22 - 05571320 ___RC (Swearware) C:\Users\Sarah\Desktop\ComboFix.exe
2014-08-16 23:09 - 2014-08-16 23:09 - 00001605 ____C () C:\Users\Sarah\Desktop\ComboFix - Verknüpfung.lnk
2014-08-16 20:12 - 2012-11-16 01:20 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\PMB Files
2014-08-16 19:51 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-16 19:51 - 2009-07-14 06:45 - 00009696 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-16 19:46 - 2013-10-06 16:57 - 00000000 ___DC () C:\Program Files (x86)\Steam
2014-08-16 17:22 - 2009-07-14 05:20 - 00000000 _RHDC () C:\Users\Default
2014-08-16 16:23 - 2014-08-16 16:23 - 00002974 ____C () C:\Windows\System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75}
2014-08-16 16:15 - 2014-08-16 16:15 - 00001156 ____C () C:\mbam.txt
2014-08-16 16:14 - 2014-08-12 14:39 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-16 15:26 - 2014-08-16 15:26 - 00026147 ____C () C:\Users\Sarah\Desktop\JRT.txt
2014-08-16 13:09 - 2012-02-24 10:54 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\CrashDumps
2014-08-16 13:03 - 2014-08-16 13:03 - 00000000 ___DC () C:\Windows\ERUNT
2014-08-16 12:25 - 2013-12-05 11:39 - 00000000 ___DC () C:\AdwCleaner
2014-08-16 10:44 - 2014-08-16 10:43 - 00049653 ____C () C:\Users\Sarah\Desktop\Addition.txt
2014-08-16 10:20 - 2012-09-25 19:13 - 00000000 ___DC () C:\Program Files (x86)\Marble Mouse Wheel
2014-08-14 17:59 - 2011-08-23 18:12 - 00000452 ___HC () C:\Windows\Tasks\Norton Security Scan for Sarah.job
2014-08-12 15:12 - 2014-08-12 15:10 - 00002528 ____C () C:\Users\Sarah\Desktop\Rkill.txt
2014-08-12 14:39 - 2014-08-12 14:39 - 00001110 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-12 14:39 - 2014-08-12 14:39 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-12 14:12 - 2011-03-28 12:13 - 00000000 ___DC () C:\Users\Sarah\AppData\Local\Google
2014-08-12 14:12 - 2009-11-03 06:22 - 00000000 ___DC () C:\Program Files (x86)\Google
2014-08-12 14:11 - 2014-08-12 14:10 - 00004250 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-12 14:11 - 2012-03-23 12:29 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-08-12 14:07 - 2014-08-12 14:07 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Sun
2014-08-12 13:47 - 2009-11-03 06:23 - 00000000 ___DC () C:\ProgramData\McAfee
2014-08-12 13:47 - 2009-11-03 06:23 - 00000000 ___DC () C:\Program Files (x86)\McAfee
2014-08-12 13:34 - 2013-02-07 10:24 - 00000000 ___DC () C:\Program Files\McAfee
2014-08-12 13:34 - 2012-09-25 14:48 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-08-12 13:34 - 2012-09-25 14:46 - 00000000 ___DC () C:\ProgramData\LogiShrd
2014-08-12 13:34 - 2012-09-25 14:46 - 00000000 ___DC () C:\Program Files\Common Files\Logishrd
2014-08-12 13:33 - 2014-06-16 17:21 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\PlayFirst
2014-08-11 10:25 - 2014-08-11 10:25 - 00000000 ___DC () C:\ProgramData\PlayFirst
2014-08-10 22:49 - 2013-05-24 15:51 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Purplehills
2014-08-10 22:49 - 2013-05-24 15:50 - 00000000 ___DC () C:\Program Files (x86)\Purplehills
2014-08-10 16:53 - 2011-03-28 12:17 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Mozilla
2014-08-10 16:42 - 2014-08-10 16:42 - 00000683 ____C () C:\Users\Sarah\Sarah - Verknüpfung.lnk
2014-08-10 16:42 - 2011-03-28 12:09 - 00000000 ___DC () C:\Users\Sarah
2014-08-10 16:32 - 2014-08-10 16:32 - 00002966 ____C () C:\Windows\System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494}
2014-08-10 16:31 - 2014-08-10 16:31 - 00001167 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-10 16:31 - 2014-08-10 16:31 - 00001155 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-10 16:31 - 2013-08-17 10:58 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-08-10 16:18 - 2014-08-10 16:18 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0 (1).exe
2014-08-10 16:14 - 2014-08-10 16:14 - 00244408 ____C () C:\Users\Sarah\Downloads\Firefox Setup Stub 31.0.exe
2014-08-10 15:51 - 2013-10-25 17:44 - 00000000 ___DC () C:\Users\Sarah\Desktop\Alte Firefox-Daten
2014-08-10 15:37 - 2012-04-13 08:58 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Malwarebytes
2014-08-10 15:36 - 2012-04-13 08:57 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2014-08-10 15:36 - 2012-04-13 08:57 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-05 09:20 - 2011-07-09 08:49 - 00270496 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-07-28 19:29 - 2011-03-28 21:55 - 00709186 ____C () C:\Windows\system32\perfh007.dat
2014-07-28 19:29 - 2011-03-28 21:55 - 00153786 ____C () C:\Windows\system32\perfc007.dat
2014-07-28 19:29 - 2009-07-14 07:13 - 01641884 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 21:28 - 2011-06-12 16:10 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-07-25 12:55 - 2014-08-12 14:11 - 00098216 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-25 12:49 - 2014-08-12 14:11 - 00272808 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-25 12:49 - 2014-08-12 14:11 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-25 12:49 - 2014-08-12 14:11 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-17 18:19 - 2014-07-17 18:19 - 00000000 ___DC () C:\Users\Sarah\AppData\Roaming\Divine
2014-07-17 18:19 - 2014-07-17 13:47 - 00000000 ___DC () C:\Divine
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-08 11:15
==================== End Of Log ============================ --- --- ---
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2014 04
Ran by Sarah at 2014-08-16 23:47:30
Running from C:\Users\Sarah\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
Abenteuer Hawaii - Pearl Harbor (HKLM-x32\...\Abenteuer Hawaii - Pearl Harbor) (Version: - )
Abenteuer Hawaii 2 - Die Verborgene Insel (HKLM-x32\...\Abenteuer Hawaii 2 - Die Verborgene Insel) (Version: - )
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 3.0.7029 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 3.0.7029 - CyberLink Corp.) Hidden
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1) (Version: 5.1.0.2 - Oberon Media, Inc.)
Acer GridVista (HKLM-x32\...\GridVista) (Version: 3.01.0730 - Acer Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.02.3006 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.02.0804 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 3.9.0 - Atomi Systems, Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
Alice Greenfingers (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}) (Version: - Oberon Media)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.102.2002.209 - Alps Electric)
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Babylonia (HKLM-x32\...\Babylonia) (Version: - )
calibre (HKLM-x32\...\{779EB69C-6DD9-4CB0-B316-2BEE4361755A}) (Version: 1.2.0 - Kovid Goyal)
calibre 64bit (HKLM\...\{0F072A3A-7D6F-4CE0-AB44-10DB3A7B3852}) (Version: 1.17.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3099 - CDBurnerXP)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media)
City Style (HKLM-x32\...\City Style) (Version: - )
ClipGrab 3.2.0.11 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
Common RTP 1.0 (HKLM-x32\...\RPGAdvocates_RTP_1.0) (Version: - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Core Temp 1.0 RC3 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cultures Gold Edition (HKLM-x32\...\Cultures - Die Entdeckung Vinlands) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media)
DANGER ZONE! (HKLM-x32\...\DANGER ZONE!) (Version: - )
Das rätselhafte Kristall-Portal (HKLM-x32\...\Das rätselhafte Kristall-Portal) (Version: - )
Der Schatz Persiens (HKLM-x32\...\Der Schatz Persiens_is1) (Version: - Contendo Media GmbH)
Der zerstreute Pharao (HKLM-x32\...\Der zerstreute Pharao_is1) (Version: - tewi publishing GmbH)
DEUTSCHLAND SPIELT GAME CENTER (HKLM-x32\...\DSGPlayer) (Version: - )
D-Fend Reloaded 1.3.2 (deinstallieren) (HKLM-x32\...\D-Fend Reloaded) (Version: 1.3.2 - Alexander Herzog)
Diablo II (HKLM-x32\...\Diablo II) (Version: - Blizzard Entertainment)
Die Sage von Odysseus (HKLM-x32\...\Die Sage von Odysseus_is1) (Version: - rondomedia Marketing & Vertriebs GmbH)
Die Supertalent-Agentur (HKLM-x32\...\Die Supertalent-Agentur) (Version: - )
DINO DEFENDER (HKLM-x32\...\DINO DEFENDER) (Version: - )
DivX-Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.4.1.4 - DivX, LLC)
Drakensang (HKLM-x32\...\Drakensang_is1) (Version: - dtp)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dunkle Schatten 2.04 (HKLM-x32\...\{47588300-ECCC-4E3A-919A-9AE01A34C5AC}_is1) (Version: Dunkle Schatten 2.04 - Brianum/Dawnatic)
DupDetector (HKLM-x32\...\{9604876E-6DF3-11D9-9526-CC60569E6209}) (Version: 3.2.0.1 - Prismatic Software)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Enchanted Katya (HKLM-x32\...\Enchanted Katya) (Version: 1.00 - phenomedia publishing gmbh)
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Fallout 2 (HKLM-x32\...\Fallout 2) (Version: - )
Fallout 2 Unofficial Patch 1.02.22 (HKLM-x32\...\Fallout 2 Unofficial Patch_is1) (Version: - killap Inc)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
FilePanther 1.21.259.372 (HKLM-x32\...\FilePanther 1.21.259.372) (Version: - )
First Class Flurry (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}) (Version: - Oberon Media)
FO2 Restoration Project 2.2 (HKLM-x32\...\Fallout 2 Restoration Project_is1) (Version: - killap)
Frankenstein (HKLM-x32\...\Frankenstein_is1) (Version: v1.1 - Play)
Free YouTube Download version 3.2.11.812 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.11.812 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.12.827 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.12.827 - DVDVideoSoft Ltd.)
Freemake Youtube Mp3 Converter (HKLM-x32\...\Freemake Youtube Mp3 Converter_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Gameforge Live 1.9.0 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.9.0 - Gameforge)
Germany's next Topmodel 2011 (HKLM-x32\...\Germany's next Topmodel 2011) (Version: 1.0.0.1 - Sevengames)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gourmania (HKLM-x32\...\Gourmania) (Version: - )
Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media)
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.308 - Happy Cloud, Inc.)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Juniper's Knot (HKLM-x32\...\Junipers_Knot) (Version: - Dischan)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kalenderchen 5 (HKLM-x32\...\{11464943-4682-4F6B-A96D-D4E8C26DD111}_is1) (Version: - Daniel Manger)
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 3.0.03 - Acer Inc.)
Legend of the Piper Girl Version 1.3 (HKLM-x32\...\{AD9BBA69-4691-44AB-98EF-D62D0D6E34E0}_is1) (Version: 1.3 - Unbroken Hours)
LibreOffice 3.4 (HKLM-x32\...\{D64833F8-860D-4216-8EDC-DD08AD68C0B5}) (Version: 3.4.402 - LibreOffice)
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Lost Chronicles of Zerzura (HKLM-x32\...\Lost Chronicles of Zerzura_is1) (Version: - dtp)
Luka und der verborgene Schatz (HKCU\...\Luka und der verborgene Schatz) (Version: - )
Luxor Amun Rising with Luxor (HKLM-x32\...\Luxor Amun Rising with Luxor) (Version: - MumboJumbo, LLC)
Magicians Handbook (HKLM-x32\...\{6850696D-FC0A-48A7-9097-7EB301FB0FEA}) (Version: 1.00.0000 - Purplehills)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Master Wu (HKLM-x32\...\Master Wu) (Version: - )
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE (HKLM-x32\...\{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}) (Version: 2.0.675.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}) (Version: 3.0.19.0 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (German) (HKLM-x32\...\{95120000-00AF-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
Minefield 4.2a1pre (x64 en-US) (HKLM\...\Minefield 4.2a1pre (x64 en-US)) (Version: 4.2a1pre - Mozilla)
Mord im Laufrad (HKLM-x32\...\{1A8BADF4-9D45-4574-9C3A-47A98442F10E}) (Version: 1.00.0000 - Mord im Laufrad)
Morrowind (HKLM-x32\...\{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}) (Version: - )
Mouse Recorder Pro 1.3 (HKLM-x32\...\{5E6ACA2E-60D5-461C-8FD3-04BA9C174B27}_is1) (Version: - Nemex)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My beautiful vacation (HKLM-x32\...\{487E15A0-83FF-45E9-86FF-67355FE65A7D}_is1) (Version: - UIG GmbH)
MyMDb 3.6 (HKLM-x32\...\MyMDb_0) (Version: - )
Mystery Agency - A Vampire's Kiss (HKLM-x32\...\Mystery Agency - A Vampire's Kiss_is1) (Version: - dtp)
MyVideoConverter Pro 3.14 (HKLM-x32\...\MyVideoConverter Pro) (Version: 3.14 - MySoft, Inc.)
MyWinLocker (HKLM-x32\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.76.0 - Egis Technology Inc.)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.627 - NewTech Infosystems)
NTI Backup Now Standard (x32 Version: 5.1.2.627 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6623 - NewTech Infosystems)
NTI Media Maker 8 (x32 Version: 8.0.12.6623 - NewTech Infosystems) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Pizzadude 1.0 (HKLM-x32\...\Pizzadude) (Version: 1.0 - Team6 game studios)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RE: Alistair++ (HKLM-x32\...\RE: Alistair++) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Risen (HKLM-x32\...\{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}) (Version: 1.00.0000 - Deep Silver)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
RM2K Mp3 Patch v1.1 (HKLM-x32\...\{37A58B85-C98F-11D5-B694-00E07D72A995}) (Version: - )
Robin Hood TsoSF (HKLM-x32\...\Robin Hood TsoSF) (Version: - )
RPG Maker 2000 1.05 (HKLM-x32\...\RPG Maker 2000 1.05) (Version: - )
RPG Maker 2000 1.07b (HKLM-x32\...\RPG Maker 2000 1.07b) (Version: - )
RPG Maker Fonts (HKLM-x32\...\{5A96225D-A3B7-4535-AE49-3BF217999669}) (Version: 1.0.0 - <no manufacturer>)
RPG Maker VX RTP (HKLM-x32\...\RPG Maker VX RTP_is1) (Version: 1.02 - Enterbrain)
RTP 1.32 Add-On for RM2k (HKLM-x32\...\RTP 1.32 Add-On for RM2k) (Version: - )
RTP for RM2K (Png, Wav, Midi, Fonts) (HKLM-x32\...\RTP for RM2K (Png, Wav, Midi, Fonts)) (Version: - )
Schlag den Raab - Das 2. Spiel (HKLM-x32\...\SDR2) (Version: 1.0 - Sproing Interactive GmbH)
Scrabble3D (HKLM-x32\...\{E11BBF69-C686-45B3-9267-CE44603B47AE}) (Version: 3.1.0.29 - Heiko Tietze)
Simple Adblock (HKLM-x32\...\{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}) (Version: 1.1.0 - Simple Adblock)
Skype™ 5.8 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.8.158 - Skype Technologies S.A.)
Sleepless Night (HKLM-x32\...\Sleepless Night) (Version: - )
Sleepless Night 2 (HKLM-x32\...\Sleepless Night 2) (Version: - )
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Soulmates (HKLM-x32\...\Soulmates) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stolz und Vorurteil (HKLM-x32\...\Stolz und Vorurteil) (Version: - )
Stray Souls - Das Haus der Puppen (HKLM-x32\...\Stray Souls - Das Haus der Puppen) (Version: - )
Strike Ball 3 (HKLM-x32\...\Strike Ball 3) (Version: - )
Sven 004 XS (HKLM-x32\...\{4D43D5AF-A393-463D-8C78-8E6C4FA2CEE9}) (Version: - )
Sven 2 XXL (HKLM-x32\...\{AF507761-0AD4-4BCC-A636-42DB38E689B0}) (Version: - )
Sven Bømwøllen (HKLM-x32\...\{E24AECDA-101F-11D6-986D-00500443CF9F}) (Version: - )
Sven XXX - XXL (HKLM-x32\...\{BE5D79E8-0B8E-4E97-97E1-3CDEBAB2DEB1}) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TES Construction Set (HKLM-x32\...\{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}) (Version: - )
This Is Where I Want To Die (HKLM-x32\...\This Is Where I Want To Die) (Version: - )
TreeSize Personal V5.5.5 (HKLM-x32\...\TreeSize Personal_is1) (Version: 5.5.5 - JAM Software)
TubeBox (HKLM-x32\...\{dfba3ed5-70d7-4801-8429-7e77a5fb11ea}) (Version: 5.0.0.0 - Freetec)
TubeBox (x32 Version: 5.0.0.0 - Freetec) Hidden
Two Worlds (HKLM-x32\...\Two Worlds) (Version: 1.7.0 - )
Uninstall 1.0.0.1 (HKLM-x32\...\Uninstall_is1) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB2284654) (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{FB166E7C-8AA6-48C8-B726-1F25BEE7825A}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 (KB980729) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{329050A9-EF80-40F9-B633-74508F54C1FF}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
Vampires Dawn: Reign of Blood (HKLM-x32\...\{CF55095E-07AA-432E-8376-CEF71D70746A}_is1) (Version: Vampires Dawn: Reign of Blood 1.31 - Brianum)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3008 - Acer Incorporated)
Wild Earth - Africa (HKLM-x32\...\{9D56D5FF-9B49-4435-B23C-E6FE1D4C708C}) (Version: - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wordpool 2.7.7 (HKLM-x32\...\Wordpool_is1) (Version: - Thorsten Gottlob)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
Xvid 1.1.2 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))
Zip Motion Block Video codec (Remove Only) (HKLM-x32\...\ZMBV) (Version: - DOSBox Team)
Zylom Games Player Plugin (HKLM-x32\...\Zylom Games Player Plugin) (Version: - Zylom Games)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl_x64.dll (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-2738482735-3593245532-1885912090-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll (OpenOffice.org)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-08-16 23:37 - 00000027 ___AC C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {032860FB-E501-499A-973C-526E9973849D} - System32\Tasks\{908628FC-D33F-4F87-872D-124767B41DBA} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {0A6F3F4D-7B3D-48D8-8DAB-5DBCE1A7B153} - System32\Tasks\{1E175039-0B33-4334-BE0B-C5EAEC15FC62} => C:\Program Files\BlackIsle\Fallout2\fallout2.exe [2013-12-04] ()
Task: {15DE84B3-5007-4948-A9DF-2414EE23DAB0} - System32\Tasks\{B68316D6-EBE5-403C-A1CB-C3E3559BA30C} => C:\Users\Sarah\Pictures\Comics\Biber\f2patch-gr.exe [2013-11-24] ()
Task: {16C1E7AC-21F5-4F82-A71B-02BAE87CFAE8} - System32\Tasks\{B4A6BEFD-3AD7-4DD7-BE6C-41283E631407} => D:\Setup.exe
Task: {1908BECC-26A8-4F19-95CA-41A5F509C207} - \Plus-HD-3.8-updater No Task File <==== ATTENTION
Task: {1C95CEBC-5FAF-4EB0-A17D-B6A3EE68B6C7} - System32\Tasks\{F019608E-FA9B-4289-8426-129E3CBAC1E3} => D:\Setup.exe
Task: {25B8EA26-CB76-4D38-B1E5-B0FE6C725967} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {2FF5F493-B6E1-4FE2-8D81-08E0B99D55D6} - System32\Tasks\{DB0BDB56-F6C3-47A3-8F87-E5E31ED77A76} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\DieSupertalentAgenturCD\DieSupertalentAgentur_og.exe [2009-09-01] ()
Task: {33E45341-BBD4-4CA2-B44C-9A5876329EAF} - System32\Tasks\{62B07373-AF3E-4138-B329-55735F88B046} => C:\Phenomedia AG\Sven zwo XXL\Sven2.exe [2002-11-13] ()
Task: {3A3B68E4-D617-45A4-98E1-986695FD188C} - System32\Tasks\{EE0971F9-6E65-45BA-B759-211ABDE53ECE} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {49D9D5A3-37A6-4553-B746-1472C5CAAE13} - \Plus-HD-3.8-firefoxinstaller No Task File <==== ATTENTION
Task: {50AA2405-6723-43BA-AD0A-1FB3D32904E3} - System32\Tasks\{6E901973-4519-4ADC-A2A7-F48C624E9451} => Firefox.exe
Task: {518F6E86-0B51-4B4F-9BDA-1B2A84A6E535} - System32\Tasks\{0FE207D0-2C83-44E5-BC1A-3E97F80D63C1} => C:\Program Files (x86)\Sevengames\GNTM2011\bin\Gntm11.exe [2011-01-27] (Independent Arts Software GmbH)
Task: {532F08A1-4680-49E1-9CA6-2EAC32D127E1} - System32\Tasks\{686E36BE-4A86-4736-95EE-9EAFD0EB6769} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {5341D64B-2A79-4438-81C4-83D39E6F13C6} - System32\Tasks\{5A76323A-75B2-4AAC-8F47-ABE32592F040} => C:\Users\Sarah\Downloads\scrnsav1.exe [2012-05-18] ()
Task: {55C44F49-416A-4316-871C-8E33D21CB280} - System32\Tasks\{61B2A627-7F9B-4197-91F4-169590D8A7CB} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {59BD72F5-2380-4121-ABEF-80D4A70216E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29] (Google Inc.)
Task: {5D216631-7729-474B-9995-E49990FE9A01} - System32\Tasks\{1C176B42-A2C2-40B5-9582-812109898D75} => C:\Users\Sarah\Desktop\FRST-OlderVersion\FRST64(1).exe
Task: {5EC1605C-9C6D-4BB0-9711-8F73D70BE0A2} - \Plus-HD-3.8-codedownloader No Task File <==== ATTENTION
Task: {6174608E-DBA3-49B4-96F5-A6FB9237AD3F} - System32\Tasks\{F5F002CB-F043-4E25-AE2E-5AA53F2DFB57} => C:\Program Files (x86)\MyMDb\MyMDb.exe
Task: {758133FC-63B4-4782-B92C-0B6C07F5A692} - System32\Tasks\{A092F01D-4E70-4133-AEE6-4C2E3AC56788} => C:\Phenomedia AG\Sven zwo XXL\Sven2.exe [2002-11-13] ()
Task: {76A842BD-8423-442E-A0A9-FC99E244A606} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-09] (AVAST Software)
Task: {790A861E-D518-4B43-B050-9462B9D945AF} - System32\Tasks\{CBA65AA1-0BDE-4084-AB61-3AECF3AD327C} => C:\Program Files (x86)\rondomedia\Beyond the Legend Mysteries of Olympus\MysteriesOfOlympus.exe
Task: {798D4C86-E220-4169-9013-614B706AF5FC} - System32\Tasks\Norton Security Scan for Sarah => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {7A9BDD88-25FE-47C2-B773-6339AB6F3744} - System32\Tasks\{8A06A33B-EA19-4496-91E4-0560988D5C84} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {7D2FC61A-6732-458F-B221-5FB39E3D3113} - System32\Tasks\{539BD50E-C683-4AB4-9916-B5BEA62E0FC9} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {843BA38A-4DD0-4D37-8EBD-E0F3D878647B} - System32\Tasks\{9A4BFED0-5FE2-4871-AD24-F1C852C23C49} => C:\Program Files (x86)\Team6\Pizzadude\Pizza.exe [2005-08-25] ()
Task: {86D33314-72C1-4CAF-8EAB-C672D9B44B28} - System32\Tasks\{D30EBFA2-D03C-4AB0-9F40-C741FFAC5494} => Firefox.exe
Task: {88E7727E-1F92-49D9-ACC7-B1C9D4CCC8E7} - System32\Tasks\{BF6FB462-6206-4FD3-9236-0D9FFBCF6CFB} => C:\Program Files (x86)\DEUTSCHLAND SPIELT\DieSupertalentAgenturCD\DieSupertalentAgentur_og.exe [2009-09-01] ()
Task: {8B447F9D-703A-4311-B874-A0F67DBCC625} - System32\Tasks\{B92031EA-A95C-4776-8EDE-7E16DBAFFD8D} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {9B182628-6F30-4D56-AB6D-43A9D18FCFFD} - System32\Tasks\{6900BB4E-F314-4347-841C-A323397E3D0C} => C:\Program Files (x86)\MyMDb\MyMDb.exe
Task: {9BBD5199-DB01-4942-88D0-BF37F4CBC939} - System32\Tasks\{43AFED53-2E0A-4812-BF70-9775779216B0} => Firefox.exe
Task: {9EF8973A-2D5A-4B63-81C3-9BC632F2D327} - System32\Tasks\{A3551CEC-8D2F-46A7-81D0-1BD9CF882D6B} => C:\Users\Sarah\Downloads\scrnsav1.exe [2012-05-18] ()
Task: {AD8BDF11-AF96-4B6C-A286-563101F7A122} - \Plus-HD-3.8-chromeinstaller No Task File <==== ATTENTION
Task: {B39F013C-0DDE-47EA-8A4A-8AC2DB52E8EC} - System32\Tasks\{391CFB0D-5B64-41D5-BACE-152703C23AE8} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {B6325D1F-6D6F-411F-B7FD-005FC97EDD3E} - System32\Tasks\{E2F737C3-FA56-4B6E-AE7A-BE997D130442} => Firefox.exe
Task: {BC9DC276-AD8E-44EE-A536-09BFAD120BDC} - System32\Tasks\{49AF0BDB-6CCA-4DA3-802C-0020BB11EEAD} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3ng.exe [2008-09-18] (Bethesda Softworks)
Task: {C32E871F-3DF7-4DED-A2FD-54C009DBD23A} - System32\Tasks\{0A1CEB46-F3C4-465D-8356-E411496995AD} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-02-29] (Skype Technologies S.A.)
Task: {C677707C-9037-478F-B9EE-BCEBFA73BA30} - System32\Tasks\{520D3F34-33DC-4F0A-AE94-4C3C8C178FA6} => C:\Program Files (x86)\The Witcher Enhanced Edition\launcher.exe
Task: {C7A6ED93-7FB0-4128-B7B6-DB0AAF28F1F3} - System32\Tasks\{60F25028-D646-44ED-A6B3-EC96896C988C} => C:\Program Files (x86)\Bethesda Softworks\Fallout 3\Fallout3ng.exe [2008-09-18] (Bethesda Softworks)
Task: {CBA67A05-C8FD-40B1-BB3F-D72DD75B23B2} - System32\Tasks\Recovery Management\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-10-01] (Acer)
Task: {CD03EBE0-A313-4474-A7BB-26EACE9D5F98} - System32\Tasks\{B8C0B267-3CB9-45C0-91D2-936BD12C96CF} => C:\Users\Sarah\Downloads\europaeischer-zeichensatz-komplett.exe [2011-06-11] ()
Task: {D093D724-59A1-4E17-B7B7-5979AE6EF319} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D3401B57-D134-4616-86D6-F6EDC3C4DD9E} - System32\Tasks\{2865776C-9E68-49AC-AB19-0A2A705AF765} => C:\Program Files\BlackIsle\Fallout2\fallout2.exe [2013-12-04] ()
Task: {D511EB43-D12C-4D49-B290-99298C351A0E} - System32\Tasks\{F3A6F751-33E3-440A-B18B-2100CB8FE1BF} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {D8BB4043-2506-410A-A4FF-3F528F44E809} - System32\Tasks\{B3902843-EE73-4FB9-930E-361668657EB1} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsMain
Task: {D9720FC7-A84C-4DA5-8CC9-14EB02850863} - System32\Tasks\{E9A7E957-A966-426F-847F-09043B276C0B} => Firefox.exe
Task: {DD668C30-66EF-45DA-AE36-E022B68D2CEE} - System32\Tasks\{5A0832CF-D018-4774-8324-C79A9319B224} => C:\Users\Sarah\Pictures\Comics\Biber\f2patch-gr.exe [2013-11-24] ()
Task: {E4BBB579-5103-4493-8B3C-D8DE0AA583DF} - System32\Tasks\{FFE47AAB-83DC-4B60-9A66-A62A4CF2F202} => C:\Program Files (x86)\Team6\Pizzadude\Pizza.exe [2005-08-25] ()
Task: {ECF2E370-A09A-4DAB-90AE-F6626721DE88} - \Plus-HD-3.8-enabler No Task File <==== ATTENTION
Task: {F40C7E67-6DCC-44D7-A63D-A1B38D6372DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-29] (Google Inc.)
Task: {F69A26A3-5170-4CBD-943B-A24C78CBEEA5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {F7CACCBB-2712-4E97-AAFD-702CB6225AF2} - System32\Tasks\{B595A3E7-CBC3-4A5F-B182-4D0967A4E6EC} => C:\Users\Sarah\Downloads\werbung_ds2\Ds2inst.exe [1997-05-06] ()
Task: {FE4427D0-4F9B-48DC-8DEE-B4F29830E401} - System32\Tasks\{66F1581B-1426-4E85-8767-A1DAF02F1AB3} => C:\Program Files (x86)\JoWood\Hotel Gigant\Hotel.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for Sarah.job => C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe
==================== Loaded Modules (whitelisted) =============
2012-05-21 15:42 - 2012-05-21 15:42 - 00050176 ____C () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
2014-07-09 06:54 - 2014-07-09 06:54 - 00301152 ____C () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-16 19:43 - 2014-08-16 19:43 - 02797568 ____C () C:\Program Files\AVAST Software\Avast\defs\14081601\algo.dll
2012-05-21 15:42 - 2012-05-21 15:42 - 00020480 ____C () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.Infrastructure.dll
2014-08-10 16:30 - 2014-07-17 07:42 - 03800688 ____C () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:93DE1838
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (08/16/2014 11:46:14 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%2
Error: (08/16/2014 11:44:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Arbeitsstationsdienst" wurde mit folgendem Fehler beendet:
%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-08-16 23:34:28.215
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-16 23:34:28.168
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-16 23:34:28.121
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-16 23:34:28.074
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-16 17:12:45.508
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-08-16 17:12:45.461
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 4025.98 MB
Available physical RAM: 2491.48 MB
Total Pagefile: 8050.14 MB
Available Pagefile: 6553.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:453.66 GB) (Free:287.19 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4760A999)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |