Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista (https://www.trojaner-board.de/158559-feven-1-5-better-surf-plus-search-protect-viren-gefunden-wind-vista.html)

Mena 10.09.2014 22:08
Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista
 
Hallo ZUSAMMEN :confused:

ich habe seit längerem das Problem, dass sich ständig Werbung im meinem Firefox Browser
automatisch öffnet. Außerdem ist mein Rechner extrem langsam - nicht nur beim Surfen,
sondern auch bei normalen Programmabläufen im Offlinebereich.

Heute bin ich bei meiner Fehlersuche auf einen Artikel über große Probleme im Sicherheitsbereich von Java gestoßen. Daraufhin habe ich angefangen sämtliche Programme,
die auf meinem Rechner bei google zu erforschen. Dies habe ich auch getan, weil einige Programme wie zum Beispiel "Feven 1.5" nicht deinstalliert werden konnten - nun weiß ich natürlich auch warum das so ist. Auf meiner Suche habe ich bisher Feven 1.5, Better Surf Plus & Search Protect als klare Bedrohungen outen können.

Als ich mir eine Deinstallations-Anleitung für "Feven" einholen wollte, bin ich auf eure Seite gestoßen. Inzwischen habe ich mir auch "Anti-Male-Ware" von "Mailwarebytes" installiert. Nun benötige ich bitte eine Anleitung wie ich weiter vorgehe. So wie es für mich aussieht, ist mein halber PC verseucht. Ich möchte ihn jedoch nicht aufgeben - hängt auch mit wichtigen Programmen für die Arbeit zusammen.

Vorab besten Dank für eure Hilfe!

deeprybka 10.09.2014 22:11
:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.



Los geht's:

Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://deeprybka.trojaner-board.de/tdss/codetags.gif

Mena 10.09.2014 23:15
Code:
[BAdwCleaner Logfile:

       
Code:

       
# AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 00:06:38
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Madeleine - MADELEINE-PC
# Gestartet von : C:\Users\Madeleine\Desktop\adwcleaner_3.309.exe
# Option : Suchen

***** [ Dienste ] *****

Dienst Gefunden : APNMCP

***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\END
Datei Gefunden : C:\Program Files\Mozilla Firefox\nsprotector.js
Datei Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
Datei Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Datei Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\user.js
Datei Gefunden : C:\Users\Madeleine\Desktop\Optimizer Pro.lnk
Datei Gefunden : C:\Users\Madeleine\Favorites\Startfenster.lnk
Datei Gefunden : C:\Windows\system32\conduitEngine.tmp
Ordner Gefunden : C:\Program Files\AskPartnerNetwork
Ordner Gefunden : C:\Program Files\Babylon
Ordner Gefunden : C:\Program Files\BetterSurf
Ordner Gefunden : C:\Program Files\Better-Surf
Ordner Gefunden : C:\Program Files\Conduit
Ordner Gefunden : C:\Program Files\DVDVideoSoftTB
Ordner Gefunden : C:\Program Files\Feven 1.5
Ordner Gefunden : C:\Program Files\Gemeinsame Dateien
Ordner Gefunden : C:\Program Files\glindorus
Ordner Gefunden : C:\Program Files\ICQ6Toolbar
Ordner Gefunden : C:\Program Files\iMesh Applications
Ordner Gefunden : C:\Program Files\LyricsContainer
Ordner Gefunden : C:\Program Files\MediaPlayerV1
Ordner Gefunden : C:\Program Files\MediaViewerV1
Ordner Gefunden : C:\Program Files\MediaViewV1
Ordner Gefunden : C:\Program Files\MediaWatchV1
Ordner Gefunden : C:\Program Files\Moozy
Ordner Gefunden : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gefunden : C:\Program Files\MyPC Backup
Ordner Gefunden : C:\Program Files\Optimizer Pro
Ordner Gefunden : C:\Program Files\ScanQuery
Ordner Gefunden : C:\Program Files\ShopperReports3
Ordner Gefunden : C:\Program Files\SweetIM
Ordner Gefunden : C:\Program Files\Uninstaller
Ordner Gefunden : C:\Program Files\VideoPlayerV3
Ordner Gefunden : C:\Program Files\WebexpEnhancedV1
Ordner Gefunden : C:\Program Files\WinSecurity
Ordner Gefunden : C:\ProgramData\apn
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\AskPartnerNetwork
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\Conduit
Ordner Gefunden : C:\ProgramData\eSafe
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
Ordner Gefunden : C:\ProgramData\sAvernet
Ordner Gefunden : C:\ProgramData\ScanQuery
Ordner Gefunden : C:\ProgramData\SweetIM
Ordner Gefunden : C:\ProgramData\topdeal
Ordner Gefunden : C:\ProgramData\topdeal
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\MADELE~1\AppData\Local\Temp\apn
Ordner Gefunden : C:\Users\MADELE~1\AppData\Local\Temp\mt_ffx
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\AskPartnerNetwork
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\ConduitEngine
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Feven 1.5
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\iMesh
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\lollipop
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\PackageAware
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\SearchProtect
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\Smartbar
Ordner Gefunden : C:\Users\Madeleine\AppData\Local\softonic-de3
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\DataMngr
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\Delta
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\GutscheinCodes
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\imeshbandmltbpi
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\ShopperReports3
Ordner Gefunden : C:\Users\Madeleine\AppData\LocalLow\SweetIM
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\BabSolution
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\BabylonToolbar
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Desktopicon
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\dosearches
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\imeshbandmltbpi
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\mediabarim
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\128
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\130
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\staged\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Optimizer Pro
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\PriceGong
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\SearchProtect
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\ShopperReports3
Ordner Gefunden : C:\Users\Madeleine\AppData\Roaming\Windows Net Data
Ordner Gefunden : C:\Users\Madeleine\Documents\Optimizer Pro
Ordner Gefunden : C:\Windows\system32\SearchProtect

***** [ Tasks ] *****

Task Gefunden : AmiUpdXp
Task Gefunden : BrowserDefendert
Task Gefunden : LyricsContainer Update

***** [ Verknüpfungen ] *****

Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308 )
Verknüpfung Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308 )
Verknüpfung Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308 )
Verknüpfung Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308 )
Verknüpfung Gefunden : C:\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk ( hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308 )

***** [ Registrierungsdatenbank ] *****

Daten Gefunden : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\mediabarim
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ShopperReports3
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\AskPartnerNetwork
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\BABSOLUTION
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\d2d6d0e53bef42
Schlüssel Gefunden : HKCU\Software\Delta
Schlüssel Gefunden : HKCU\Software\Imesh
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gefunden : HKCU\Software\lollipop
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{608FB285-F572-48DE-AE44-28ABFF3F6BF9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\dosearches Browser Protecter
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Feven 1.5
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinSecurity
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKCU\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Tbccint_HKLM
Schlüssel Gefunden : HKCU\Software\YahooPartnerToolbar
Schlüssel Gefunden : HKCU\Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gefunden : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gefunden : HKLM\SOFTWARE\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\BetterSurf
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2189224
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3297265
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344854432}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\d2d6d0e53bef42
Schlüssel Gefunden : HKLM\SOFTWARE\Delta
Schlüssel Gefunden : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\eSafeSecControl
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\ingolnlcamoheiiladeoecpgdbjjmlaf
Schlüssel Gefunden : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\MediaPlayerV1
Schlüssel Gefunden : HKLM\SOFTWARE\MediaViewerV1
Schlüssel Gefunden : HKLM\SOFTWARE\MediaViewV1
Schlüssel Gefunden : HKLM\SOFTWARE\MediaWatchV1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Feven 1.5
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSecurity
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wpm
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Schlüssel Gefunden : HKLM\SOFTWARE\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Video downloader
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16563

Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308&type=default&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1387404308&type=default&q={searchTerms}
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snap.do/?publisher=InternetTurboYB&dpid=InternetTurboYB&co=DE&userid=29f8795c-9b42-4734-a6b1-d89249592a5f&searchtype=ds&q={searchTerms}&installDate=02/04/2013

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js ]


[ Datei : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gefunden [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
Gefunden [Search Provider] : hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
Gefunden [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=&apn_ptnrs=%5EAAA&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5EDE&psv=&q={searchTerms}

*************************

AdwCleaner[R0].txt - [38976 octets] - [10/09/2014 23:57:00]
AdwCleaner[R1].txt - [38895 octets] - [11/09/2014 00:06:38]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [38956 octets] ##########

--- --- ---
Da ist ja richtig die Hölle los :headbang:

deeprybka 10.09.2014 23:17
Äh...wie wäre es, wenn Du meine Anweisungen befolgst? :)

Schritt 1 usw. ;)

Mena 11.09.2014 18:18
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:03 on 11/09/2014 (Madeleine)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Hi sorry war gestern eine unchristliche Uhrzeit. Ich versuche es heute nochmal!
Ich habe jetzt die folgende Liste abgearbeitet:

Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig

Schritt 1:
Laufwerksemulationen abschalten mit Defogger

Punkt 2 weitermachen ?

deeprybka 11.09.2014 18:37
Hi,
bitte befolge nur die Anweisungen die ich hier in den Thread poste. D.h. für Dich Schritt 1 Scan mit FRST. ;)

Mena 11.09.2014 19:16
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-11 20:06:47
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C1001}) (Version: 12.16.1.29 - APN, LLC) <==== ATTENTION
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version:  - )
Better Surf Plus (HKLM\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTION
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
eBay Icon (HKLM\...\eBay Icon) (Version: 1.0 - AD ON Multimedia Advertising GmbH)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
FAST Gigabank (HKLM\...\FAST Gigabank_is1) (Version: 2.0 - FAST LTA AG)
Feven 1.5 (HKLM\...\Feven 1.5) (Version: 1.32.153.0 - Feven) <==== ATTENTION
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Studio version 5.1.4 (HKLM\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
LyricsContainer (HKLM\...\{d07a13d9-0763-4d61-b23a-3e133e87ef96}) (Version:  - RYD Software) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media View (HKLM\...\MediaViewV1alpha1043) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM\...\MediaViewerV1alpha1209) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM\...\MediaWatchV1home2672) (Version: 1.1 - Media Watch) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{36C97B5B-5593-45B8-B50E-DAD87036BD9D}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - MyPC Backup) <==== ATTENTION
Nokia Connectivity Cable Driver (HKLM\...\{11964613-805F-432D-A12B-169554B793E7}) (Version: 6.84.4.0 - Nokia)
Nokia NSeries Application Installer (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Application Installer 6.83.11 (HKLM\...\Nokia NSeries Application Installer) (Version:  - Nokia)
Nokia NSeries Content Copier (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Content Copier 6.83.11 (HKLM\...\Nokia NSeries Content Copier) (Version:  - Nokia)
Nokia NSeries One Touch Access (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries One Touch Access 6.83.11 (HKLM\...\Nokia NSeries One Touch Access) (Version:  - Nokia)
Nokia Nseries PC Suite (HKLM\...\{06A0A943-6ECF-4586-8EC7-58DF050B7CDB}) (Version: 2.0.260 - Nokia)
Nokia NSeries System Utilities (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries System Utilities 6.83.11 (HKLM\...\Nokia NSeries System Utilities) (Version:  - Nokia)
Nokia Photos (HKLM\...\{100B729F-07A2-4A81-A28C-AE4A14FB4FB7}) (Version: 1.0.237 - Ihr Firmenname)
Nokia Software Updater (HKLM\...\{FE5D756F-71E1-47C4-972A-D6775344B40B}) (Version: 01.04.000.29353 - Nokia Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version:  - PC Utilities Software Limited) <==== ATTENTION
PC Connectivity Solution (HKLM\...\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}) (Version: 7.22.7.1 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
SweetIM Toolbar for Internet Explorer 3.9 (HKLM\...\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}) (Version: 3.9.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIS (HKLM\...\VIS) (Version:  - ) <==== ATTENTION
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0) (HKLM\...\4077F884D1BB007055BDB83B621D87220A73F30F) (Version: 06/01/2007 6.84.33.0 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
WinSecurity (HKLM\...\WinSecurity) (Version:  - )
WPM17.8.0.3159 (HKLM\...\WPM) (Version: 17.8.0.3159 - Cherished Technololgy LIMITED) <==== ATTENTION
Wsys Control 10.2.1.2652 (HKLM\...\WsysControl) (Version: 10.2.1.2652 - Wsys Co., Ltd.) <==== ATTENTION
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{61f0d019-b016-4d56-9dae-7b7706cd6755}\InprocServer32 -> C:\Users\Madeleine\AppData\LocalLow\RadioTotal4\prxtbRad0.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Madeleine\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{A10D1118-27C0-4CAF-8D9A-DDAE7EFEDD59}\InprocServer32 -> 42494E41525953545245414D0300000003000000007CA7888E81D11003D7AB764E989B94C47736B3DF53227969A9293AE94C (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{F498FE2B-6CB2-4EE5-A384-D93B11091457}\InprocServer32 -> C:\Users\Madeleine\AppData\LocalLow\RadioTotal4\prxtbRad0.dll No File

==================== Restore Points  =========================

29-08-2014 14:04:58 Geplanter Prüfpunkt
09-09-2014 14:03:26 Geplanter Prüfpunkt
10-09-2014 19:36:30 Removed iTunes
10-09-2014 19:59:40 Removed Java 7 Update 55
10-09-2014 20:01:45 Removed Java(TM) 6 Update 16
10-09-2014 20:03:21 Removed Java(TM) 6 Update 37
10-09-2014 20:07:34 Removed Skype™ 6.11
11-09-2014 14:52:18 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2011-04-16 19:05 - 00000814 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
74.208.10.249 gs.apple.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {086A8FC0-070E-48F1-B604-ED682F605F81} - System32\Tasks\{132BC443-25C9-44C9-84B9-2A4334F78896} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F5FFEFA-3703-40D9-B356-13D037C44D06} - System32\Tasks\AdobeAAMUpdater-1.0-Madeleine-PC-Madeleine => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {2C97108E-C928-48B9-AE7D-8A02E3DF1BE5} - \Feven 1.5-enabler No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D680F75-59D7-4DE1-8ED8-9DA641AB6946} - \BrowserDefendert No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4FF765E6-CAA2-4333-8D80-E3CA59D2C654} - \AmiUpdXp No Task File <==== ATTENTION
Task: {55B3DA69-5676-432B-BE5A-62FBB470C740} - \Feven 1.5-codedownloader No Task File <==== ATTENTION
Task: {5A094696-F9AE-4E59-A6E7-2B8C786BAB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {64644654-CFF3-4EBB-8566-8EFE3B97DBB6} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {70E45419-0013-47A8-9B57-751F1E586C0D} - \Feven 1.5-updater No Task File <==== ATTENTION
Task: {7DA4B87A-E1E7-46B7-A5E8-2237D705C76C} - \Feven 1.5-chromeinstaller No Task File <==== ATTENTION
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {ADCA65C0-211C-4139-A5EE-B6E8E6FC336F} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {B5819B29-1659-471E-B44E-C5F64C798486} - System32\Tasks\{051345A5-0AF2-429F-BC9B-A3AEFD5CF85C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {BF40F182-E830-4E3C-B92D-847A7A02A967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {C09AD99A-A500-4CA1-AB83-A95A8F9AA2AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {D019EE45-9EED-4C88-96DA-0A6E7BE13A7F} - \Feven 1.5-firefoxinstaller No Task File <==== ATTENTION
Task: {DA296E08-42AA-4561-8D12-09D7484FC805} - System32\Tasks\{7C169ADF-65D4-4603-A3C4-9FEFA596E6AC} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-24 14:44 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-18 07:58 - 2009-02-04 07:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-11-12 14:20 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 36966968 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libcef.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00610872 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-11 19:08 - 2014-08-31 15:50 - 00867896 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00886840 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00108600 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-10 20:06 - 2014-07-30 16:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-11 19:01 - 2014-09-11 19:01 - 00050477 _____ () C:\Users\Madeleine\Desktop\Desktop\Defogger.exe
2014-09-10 16:34 - 2014-09-10 21:28 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(2).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental).mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: N82
Description: N82
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2014 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 31.0.0.5310, Zeitstempel 0x53c75e91, fehlerhaftes Modul mozalloc.dll, Version 31.0.0.5310, Zeitstempel 0x53c72e91, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0xf9c, Anwendungsstartzeit plugin-container.exe0.

Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET8

Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET-Zustandsdienst8

Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:59:20 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung mbam.exe, Version 1.0.0.532, Zeitstempel 0x53518532, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x02b823b0,
Prozess-ID 0xa8c, Anwendungsstartzeit mbam.exe0.

Error: (09/11/2014 00:11:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MADELEINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.

Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)

Error: (09/10/2014 11:46:42 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8


System errors:
=============
Error: (09/11/2014 06:37:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update

Error: (09/10/2014 11:45:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (09/10/2014 11:42:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (09/10/2014 09:33:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2

Error: (09/10/2014 09:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053

Error: (09/10/2014 09:08:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search

Error: (09/10/2014 09:08:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/10/2014 08:54:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2

Error: (09/10/2014 05:39:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: AVGIDSAgent

Error: (09/10/2014 05:39:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2


Microsoft Office Sessions:
=========================
Error: (09/11/2014 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bf9c01cfcdd2567100ef

Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET8

Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET-Zustandsdienst8

Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:59:20 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16

Error: (09/11/2014 04:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000502b823b0a8c01cfcdcf49c9417f

Error: (09/11/2014 00:11:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext:  Anwendung, SystemIndex Katalog


Details:
        Ein an das System angeschlossenes Gerät funktioniert nicht.  (0x8007001f)
C:\USERS\MADELEINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL

Error: (09/10/2014 11:46:42 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8


CodeIntegrity Errors:
===================================
  Date: 2014-09-11 20:06:13.611
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:13.198
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:12.815
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:12.426
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:11.795
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:11.413
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:10.993
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:06:10.568
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:03:01.419
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 20:03:01.039
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 48%
Total physical RAM: 2942.45 MB
Available physical RAM: 1510.52 MB
Total Pagefile: 6131.41 MB
Available Pagefile: 4125.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.45 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:298.09 GB) (Free:143.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 94BE57ED)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================
--- --- ---
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 11-09-2014 20:06:02
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\Desktop\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [BabylonToolbar] => "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} -  No File
URLSearchHook: HKLM - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -  No File
URLSearchHook: HKLM - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
URLSearchHook: HKLM - (No Name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {002FB0A4-23BC-4FF0-A626-0C0E44CACC4C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN29123739941512176&UM=2
SearchScopes: HKCU - {002FB0A4-23BC-4FF0-A626-0C0E44CACC4C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN29123739941512176&UM=2
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: CescrtHlpr Object -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: No Name -> {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} ->  No File
BHO: No Name -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} ->  No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: No Name -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} ->  No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - !{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} -  No File
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} -  No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-05-10]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKLM\...\Firefox\Extensions: [{ee8cd9f6-dae3-4889-816b-99fe80dae284}] - C:\Program Files\WinSecurity\winsecurity.xpi
FF Extension: WinSecurity - C:\Program Files\WinSecurity\winsecurity.xpi [2013-08-27]
FF HKCU\...\Firefox\Extensions: [{cd288a68-7b21-4f14-b789-82cc44992259}] - C:\Program Files\LyricsContainer\133.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (LyricsContainer) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh [2013-08-22]
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-11-01]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (BetterSurf) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-14]
CHR Extension: (VIS) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-11-18]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (topdeal) - C:\ProgramData\nnlikkcdnapggndngajijlcneepblkkk\ [2013-08-22]
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [ingolnlcamoheiiladeoecpgdbjjmlaf] - C:\Program Files\WinSecurity\winsecurity.crx [2013-08-27]
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx [2013-08-27]
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx [2013-08-27]
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx [2013-08-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 20:01 - 2014-09-11 20:06 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 00:07 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 15:32 - 2014-08-29 15:32 - 00000320 _____ () C:\Windows\Tasks\0814avUpdateInfo.job
2014-08-29 15:32 - 2014-08-29 15:32 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 20:06 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-11 20:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:49 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 18:54 - 2009-12-12 15:32 - 02026077 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 18:50 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-11 18:45 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-11 18:44 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 18:43 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 18:41 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 18:41 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 18:41 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 18:38 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-11 00:07 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-10 23:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:54 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 23:39 - 2008-01-21 04:47 - 00136100 _____ () C:\Windows\PFRO.log
2014-09-10 23:02 - 2013-11-01 21:56 - 00000000 ____D () C:\ProgramData\eSafe
2014-09-10 22:52 - 2014-01-25 01:44 - 00000000 ____D () C:\ProgramData\topdeal
2014-09-10 22:52 - 2013-12-19 00:05 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-09-10 22:52 - 2013-12-19 00:05 - 00000000 ____D () C:\Program Files\Feven 1.5
2014-09-10 22:52 - 2013-11-18 18:15 - 00000000 ____D () C:\Program Files\RadioTotal4
2014-09-10 22:52 - 2013-09-11 20:12 - 00000000 ____D () C:\Program Files\LyricsContainer
2014-09-10 22:52 - 2011-04-16 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
2014-09-10 22:23 - 2014-01-25 01:43 - 00000000 ____D () C:\ProgramData\sAvernet
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:35 - 2013-12-19 00:06 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:32 - 2014-08-29 15:32 - 00000320 _____ () C:\Windows\Tasks\0814avUpdateInfo.job
2014-08-29 15:32 - 2014-08-29 15:32 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-11 18:48

==================== End Of Log ============================
--- --- ---


Hallo Jürgen,

Kannst du damit etwas anfangen ?
Was soll ich mit dem "Defogger" machen?
Den hab ich ja vorhin laufen lassen.
Hab jetzt zur Auswahl: Disable und Re-enable...

Liebe Grüße & Danke
;-)

deeprybka 11.09.2014 19:28
Hi,
gut gemacht. Den Defogger kannst Du so lassen wie er ist. Am Ende der Bereinigung werden wir ihn entfernen.


(Hinweis: Die Programme mit ATTENTION findest Du in der Addition.txt die Du oben mit der FRST.txt gepostet hast unter installierte Programme. Der ATTENTION-Zusatz ist bei Revo nicht sichtbar.)

So gehts weiter:

Schritt 1
Lade Dir bitte Revo Uninstallerhttp://deeprybka.trojaner-board.de/b...ninstaller.pnghier herunter.
Entpacke die zip-Datei auf den Desktop.Wenn Du ein Programm nicht deinstallieren kannst, mach mit dem nächsten weiter.
Auch wenn am Ende noch Programme übrig geblieben sind, die den ATTENTION-Zusatz haben, führe den nächsten Schritt aus:


Schritt 2
  • Schließe alle offenen Programme und Browser.
  • Starte bitte http://filepony.de/icon/adwcleaner.png Adwcleaner.
  • Klicke auf Suchen und warte, bis der Suchlauf abgeschlossen ist.
  • Klicke nun auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
    Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Sx].txt. (x = fortlaufende Nummer).

Schritt 3
Bitte lade Dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans den Virenscanner, da dieser Zoek stören könnte.
  • Starte die zoek.exe mit einem Doppelklick (bitte sei geduldig das Programm benötigt einige Zeit).
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Schritt 4

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Scan.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.

Mena 11.09.2014 22:44
Hello again,

ich hoffe ich hab alles so hinbekommen wie gewünscht:

Code:
# AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 22:01:16
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Madeleine - MADELEINE-PC
# Gestartet von : C:\Users\Madeleine\Desktop\Desktop\adwcleaner_3.309.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\ShopperReports3
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Madeleine\Documents\Optimizer Pro
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\128
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\130
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\staged\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Madeleine\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\nsprotector.js
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\user.js
Datei Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage

***** [ Tasks ] *****


***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk

***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ingolnlcamoheiiladeoecpgdbjjmlaf
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\d2d6d0e53bef42
Schlüssel Gelöscht : HKLM\SOFTWARE\d2d6d0e53bef42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2189224
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3297265
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344854432}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\mediabarim
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShopperReports3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\BetterSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaPlayerV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaViewerV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaViewV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaWatchV1
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Video downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSecurity
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{608FB285-F572-48DE-AE44-28ABFF3F6BF9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\dosearches Browser Protecter
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Feven 1.5
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinSecurity
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browser ] *****

-\\ Internet Explorer v9.0.8112.16575

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v31.0 (x86 de)

[ Datei : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js ]


[ Datei : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=&apn_ptnrs=%5EAAA&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5EDE&psv=&q={searchTerms}

*************************

AdwCleaner[R0].txt - [38976 octets] - [10/09/2014 23:57:00]
AdwCleaner[R1].txt - [39037 octets] - [11/09/2014 00:06:38]
AdwCleaner[R2].txt - [35056 octets] - [11/09/2014 21:28:52]
AdwCleaner[R3].txt - [33284 octets] - [11/09/2014 21:34:58]
AdwCleaner[R4].txt - [31314 octets] - [11/09/2014 21:49:30]
AdwCleaner[S0].txt - [2310 octets] - [11/09/2014 21:31:18]
AdwCleaner[S1].txt - [2550 octets] - [11/09/2014 21:36:56]
AdwCleaner[S2].txt - [29192 octets] - [11/09/2014 22:01:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [29253 octets] ##########
Code:
Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Madeleine on 11.09.2014 at 22:15:15,18.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Madeleine\Desktop\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 22:16:53,89 =====

--- Create Environment Variables 22:16:55,56
--- Create System Restore Point 22:17:05,09
Code:
Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Madeleine on 11.09.2014 at 22:15:15,18.
Microsoft® Windows Vista™ Home Premium  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Madeleine\Desktop\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.09.2014 22:17:40 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Internet Explorer\SearchScopes\{002FB0A4-23BC-4FF0-A626-0C0E44CACC4C} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{61f0d019-b016-4d56-9dae-7b7706cd6755} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Mozilla\Firefox\Extensions\{cd288a68-7b21-4f14-b789-82cc44992259} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{ee8cd9f6-dae3-4889-816b-99fe80dae284} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ee8cd9f6-dae3-4889-816b-99fe80dae284} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js:

Added to C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js:

Added to C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Zur Info: nach Schritt 3 ist mein Rechner runtergefahren, hat mir beim Booten gefragt wie ich starten will (abgesicherter Modus, Normal Starten). Habe den PC normal gestartet. Das Textdokument ist hierbei nicht wie angesagt automatisch geöffnet worden.

Habe noch die Datei runcheck.txt und zoeck-results.txt. im system c gefunden. Benötigst du diese auch?


Schritt 4

Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-11 23:39:39
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version:  - )
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version:  - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
eBay Icon (HKLM\...\eBay Icon) (Version: 1.0 - AD ON Multimedia Advertising GmbH)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
FAST Gigabank (HKLM\...\FAST Gigabank_is1) (Version: 2.0 - FAST LTA AG)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version:  - DVDVideoSoft Limited.)
Free Studio version 5.1.4 (HKLM\...\Free Studio_is1) (Version:  - DVDVideoSoft Limited.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{36C97B5B-5593-45B8-B50E-DAD87036BD9D}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{11964613-805F-432D-A12B-169554B793E7}) (Version: 6.84.4.0 - Nokia)
Nokia NSeries Application Installer (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Application Installer 6.83.11 (HKLM\...\Nokia NSeries Application Installer) (Version:  - Nokia)
Nokia NSeries Content Copier (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Content Copier 6.83.11 (HKLM\...\Nokia NSeries Content Copier) (Version:  - Nokia)
Nokia NSeries One Touch Access (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries One Touch Access 6.83.11 (HKLM\...\Nokia NSeries One Touch Access) (Version:  - Nokia)
Nokia Nseries PC Suite (HKLM\...\{06A0A943-6ECF-4586-8EC7-58DF050B7CDB}) (Version: 2.0.260 - Nokia)
Nokia NSeries System Utilities (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries System Utilities 6.83.11 (HKLM\...\Nokia NSeries System Utilities) (Version:  - Nokia)
Nokia Photos (HKLM\...\{100B729F-07A2-4A81-A28C-AE4A14FB4FB7}) (Version: 1.0.237 - Ihr Firmenname)
Nokia Software Updater (HKLM\...\{FE5D756F-71E1-47C4-972A-D6775344B40B}) (Version: 01.04.000.29353 - Nokia Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PC Connectivity Solution (HKLM\...\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}) (Version: 7.22.7.1 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version:  - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version:  - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia (WUDFRd) WPD  (06/01/2007 6.84.33.0) (HKLM\...\4077F884D1BB007055BDB83B621D87220A73F30F) (Version: 06/01/2007 6.84.33.0 - Nokia)
Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Madeleine\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{A10D1118-27C0-4CAF-8D9A-DDAE7EFEDD59}\InprocServer32 -> 42494E41525953545245414D0300000003000000007CA7888E81D11003D7AB764E989B94C47736B3DF53227969A9293AE94C (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{F498FE2B-6CB2-4EE5-A384-D93B11091457}\InprocServer32 -> C:\Users\Madeleine\AppData\LocalLow\RadioTotal4\prxtbRad0.dll No File

==================== Restore Points  =========================

29-08-2014 14:04:58 Geplanter Prüfpunkt
09-09-2014 14:03:26 Geplanter Prüfpunkt
10-09-2014 19:36:30 Removed iTunes
10-09-2014 19:59:40 Removed Java 7 Update 55
10-09-2014 20:01:45 Removed Java(TM) 6 Update 16
10-09-2014 20:03:21 Removed Java(TM) 6 Update 37
10-09-2014 20:07:34 Removed Skype™ 6.11
11-09-2014 14:52:18 Windows Update
11-09-2014 18:53:51 Revo Uninstaller's restore point - Ask Toolbar
11-09-2014 18:54:24 Removed Ask Toolbar
11-09-2014 19:04:20 Revo Uninstaller's restore point - Better Surf Plus
11-09-2014 19:06:10 Revo Uninstaller's restore point - Feven 1.5
11-09-2014 19:07:52 Revo Uninstaller's restore point - LyricsContainer
11-09-2014 19:09:26 Revo Uninstaller's restore point - Media View
11-09-2014 19:10:32 Revo Uninstaller's restore point - Media Viewer
11-09-2014 19:11:36 Revo Uninstaller's restore point - Media Watch
11-09-2014 19:12:40 Revo Uninstaller's restore point - MyPC Backup
11-09-2014 19:16:39 Revo Uninstaller's restore point - Optimizer Pro v3.2
11-09-2014 19:18:13 Revo Uninstaller's restore point - SweetIM Toolbar for Internet Explorer 3.9
11-09-2014 19:20:04 Revo Uninstaller's restore point - VIS
11-09-2014 19:21:46 Revo Uninstaller's restore point - WPM17.8.0.3159
11-09-2014 19:22:50 Revo Uninstaller's restore point - Wsys Control 10.2.1.2652
11-09-2014 20:17:05 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 12:23 - 2011-04-16 19:05 - 00000814 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
74.208.10.249 gs.apple.com


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {086A8FC0-070E-48F1-B604-ED682F605F81} - System32\Tasks\{132BC443-25C9-44C9-84B9-2A4334F78896} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsDownload&amp;installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F5FFEFA-3703-40D9-B356-13D037C44D06} - System32\Tasks\AdobeAAMUpdater-1.0-Madeleine-PC-Madeleine => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {2C97108E-C928-48B9-AE7D-8A02E3DF1BE5} - \Feven 1.5-enabler No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D680F75-59D7-4DE1-8ED8-9DA641AB6946} - \BrowserDefendert No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4FF765E6-CAA2-4333-8D80-E3CA59D2C654} - \AmiUpdXp No Task File <==== ATTENTION
Task: {55B3DA69-5676-432B-BE5A-62FBB470C740} - \Feven 1.5-codedownloader No Task File <==== ATTENTION
Task: {5A094696-F9AE-4E59-A6E7-2B8C786BAB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {64644654-CFF3-4EBB-8566-8EFE3B97DBB6} - \0814avUpdateInfo No Task File <==== ATTENTION
Task: {70E45419-0013-47A8-9B57-751F1E586C0D} - \Feven 1.5-updater No Task File <==== ATTENTION
Task: {7DA4B87A-E1E7-46B7-A5E8-2237D705C76C} - \Feven 1.5-chromeinstaller No Task File <==== ATTENTION
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {ADCA65C0-211C-4139-A5EE-B6E8E6FC336F} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {B5819B29-1659-471E-B44E-C5F64C798486} - System32\Tasks\{051345A5-0AF2-429F-BC9B-A3AEFD5CF85C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {BF40F182-E830-4E3C-B92D-847A7A02A967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {C09AD99A-A500-4CA1-AB83-A95A8F9AA2AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {D019EE45-9EED-4C88-96DA-0A6E7BE13A7F} - \Feven 1.5-firefoxinstaller No Task File <==== ATTENTION
Task: {DA296E08-42AA-4561-8D12-09D7484FC805} - System32\Tasks\{7C169ADF-65D4-4603-A3C4-9FEFA596E6AC} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-08-24 14:44 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-18 07:58 - 2009-02-04 07:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-11-12 14:20 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 36966968 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libcef.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00610872 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-11 19:08 - 2014-08-31 15:50 - 00867896 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00886840 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00108600 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-10 20:06 - 2014-07-30 16:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(2).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental).mp4:TOC.WMV

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: N82
Description: N82
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/11/2014 10:07:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotify.exe, Version 0.9.12.10 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ee8
Anfangszeit: 01cfcdfba6dd3d38
Zeitpunkt der Beendigung: 16

Error: (09/11/2014 09:22:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:21:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:20:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:18:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:16:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:12:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:11:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:10:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:09:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}


System errors:
=============
Error: (09/11/2014 11:16:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 11.09.2014 um 23:14:51 unerwartet heruntergefahren.

Error: (09/11/2014 10:32:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/11/2014 10:32:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/11/2014 10:32:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/11/2014 10:32:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/11/2014 10:32:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart

Error: (09/11/2014 06:37:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update

Error: (09/10/2014 11:45:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update

Error: (09/10/2014 11:42:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (09/10/2014 09:33:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2


Microsoft Office Sessions:
=========================
Error: (09/11/2014 10:07:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotify.exe0.9.12.10ee801cfcdfba6dd3d3816

Error: (09/11/2014 09:22:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:21:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:20:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:18:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:16:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:12:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:11:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:10:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}

Error: (09/11/2014 09:09:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
  Generatordaten werden gesammelt

Kontext:
  Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
  Generatorname: System Writer
  Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}


CodeIntegrity Errors:
===================================
  Date: 2014-09-11 23:39:09.885
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:09.516
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:09.148
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:08.779
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:08.330
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:07.961
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:07.586
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:39:07.142
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:38:09.302
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-09-11 23:38:08.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 55%
Total physical RAM: 2942.45 MB
Available physical RAM: 1318.17 MB
Total Pagefile: 6133.44 MB
Available Pagefile: 4306.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.6 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:298.09 GB) (Free:137.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 94BE57ED)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 11-09-2014 23:38:59
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-11 23:39 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 23:39 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-11 23:23 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-11 23:20 - 2009-12-12 15:32 - 02036156 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 23:18 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-11 23:17 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 23:16 - 2008-01-21 04:47 - 00138190 _____ () C:\Windows\PFRO.log
2014-09-11 23:16 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 23:16 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:16 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 23:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 22:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:02 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 18:44 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:54 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-11 23:23

==================== End Of Log ============================
--- --- ---


Merci !

deeprybka 12.09.2014 09:12
OK,

mach noch bitte einen Malwarebytes-Scan. Hast ja schon mal drauf gehabt:

Schritt 1

http://filepony.de/icon/malwarebytes_anti_malware.png Malwarebytes Antimalware
  • Download-Link
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Sollte die Benutzeroberfläche noch in Englisch sein, klicke auf Settings und wähle bei Language Deutsch aus.
  • Klicke im Anschluss auf "Suchlauf", wähle den Bedrohungssuchlauf aus, aktualisiere die Datenbanken und klicke auf "Suchlauf jetzt starten".
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. (geht so...)
  • Poste mir den Inhalt der Logdatei (geht so...). Klicke dazu auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Suchlauf-Protokoll aus und klicke auf Ansicht. Klicke auf "In Zwischenablage kopieren" poste mir den Inhalt in Code-Tags als Antwort in den Thread.

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Mena 12.09.2014 10:15
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 12.09.2014 10:48:50, SYSTEM, MADELEINE-PC, Protection, Malware Protection, Starting,
Protection, 12.09.2014 10:48:50, SYSTEM, MADELEINE-PC, Protection, Malware Protection, Started,
Protection, 12.09.2014 10:48:50, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Starting,
Protection, 12.09.2014 10:49:07, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Started,
Update, 12.09.2014 10:49:24, SYSTEM, MADELEINE-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.10.2,
Update, 12.09.2014 10:49:27, SYSTEM, MADELEINE-PC, Manual, Malware Database, 2014.3.4.9, 2014.9.12.2,
Protection, 12.09.2014 10:49:28, SYSTEM, MADELEINE-PC, Protection, Refresh, Starting,
Protection, 12.09.2014 10:49:28, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Stopping,
Protection, 12.09.2014 10:49:29, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Stopped,
Protection, 12.09.2014 10:49:36, SYSTEM, MADELEINE-PC, Protection, Refresh, Success,
Protection, 12.09.2014 10:49:36, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Starting,
Protection, 12.09.2014 10:49:36, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Started,

(end)

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 12-09-2014 11:11:49
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 10:48 - 2014-09-12 11:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-12 11:11 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 11:11 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-12 11:09 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 11:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 11:06 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 10:43 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 10:42 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-12 10:42 - 2009-12-12 15:32 - 02046358 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 10:37 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 10:37 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:18 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-11 23:16 - 2008-01-21 04:47 - 00138190 _____ () C:\Windows\PFRO.log
2014-09-11 23:16 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:02 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:54 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-11 23:23

==================== End Of Log ============================
--- --- ---


:-) und schwupp - heute lies sich mein PC viel schneller starten... Außerdem bekomme ich jetzt nicht mehr diese Warnnachricht beim Starten "Apple Application was not found"
--- PERFECT :-)

deeprybka 12.09.2014 10:37
Hi,
bitte Suchlaufprotokoll posten... ;)

Ggf. nochmal scannen...


Lesestoff
http://filepony.de/icon/malwarebytes_anti_malware.pngMBAM-Funde posten: So gehts...
Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden.
Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
  • Starte MBAM.
  • Klicke auf Verlauf.
  • Klicke auf Anwendungsprotokolle.
  • Klicke auf das letzte Suchlaufprotokoll mit Funden.
  • Klicke auf "In Zwischenablage kopieren".
  • Poste den Inhalt in Code-Tags [CODE] [/CODE] durch Einfügen mit Strg+V als Antwort in Deinen Thread.
http://deeprybka.trojaner-board.de/b...mbamposten.gif

Mena 12.09.2014 13:44
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 12.09.2014
Suchlauf-Zeit: 13:19:05
Logdatei:
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.09.12.03
Rootkit Datenbank: v2014.09.10.02
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows Vista Service Pack 2
CPU: x86
Dateisystem: NTFS
Benutzer: Madeleine

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 300192
Verstrichene Zeit: 33 Min, 9 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)
So :-) jetzt wurde mir auch die Option SUCHLAUF angezeigt.

Liebe Grüße

P.S. mein PC ist während der letzten Stunde 2 x abgestürzt...

deeprybka 12.09.2014 15:02
Bitte mach mal ein frisches FRST.


Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Mena 12.09.2014 15:20

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 12-09-2014 16:19:06
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-12 15:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-12 16:19 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 16:19 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-12 16:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 15:49 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 15:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 14:44 - 2009-12-12 15:32 - 02055690 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 14:42 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-12 14:41 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-12 14:39 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 14:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 14:39 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 14:39 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 13:12 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-12 13:08 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-12 11:20 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:43 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 23:16 - 2008-01-21 04:47 - 00138190 _____ () C:\Windows\PFRO.log
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-12 14:45

==================== End Of Log ============================
--- --- ---

deeprybka 12.09.2014 18:01
Hi,

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
C:\Windows\System32\drivers\tStLib.sys
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
C:\Program Files\FunWebProducts
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
Emptytemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Nach dem Reboot:

Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Mena 12.09.2014 18:56
Guten Abend Jürgen!

Schritt 1 hat natürlich geklappt... Habe die Datei
ebenfalls am Desktop gespeichert.

Scantool findet die Datei auch & beginnt sie
zu scannen. Der Prozess wird aber leider jedes mal
unterbrochen :-(

Der grüne Scanbalken stockt & ich erhalte keine
Rückmeldung vom Programm.

Was kann ich jetzt tun?
Habe ich die Datei vllt. nur falsch gespeichert?
Aber immerhin erkennt das Tool die Datei ja.

deeprybka 12.09.2014 19:01
Probier mal bitte den Codetext ohne die letzte Zeile, also ohne das EmptyTemp...

Mena 12.09.2014 19:09
YES SIR!

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-12 20:03:34 Run:7
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
C:\Windows\System32\drivers\tStLib.sys
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
C:\Program Files\FunWebProducts
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
*****************

tStLib => Service not found.
"C:\Windows\System32\drivers\tStLib.sys" => File/Directory not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ciofmnkmmkifclnkmflcbopnokbljoeb" => Key not found.
"C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\fajjlmbhnkdcimdnijpnpccgfhplmbmf" => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\jnhbjhjficooacggmaognpejifaofnfj" => Key not found.
"C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ongopfbpiphhgfnlemmkajofmgbbdkne" => Key not found.
"C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx" => File/Directory not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\onpdpoehbhoonfncaenmonlbnonmofin" => Key not found.
"C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx" => File/Directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg directory not found.
C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll not found.
"C:\Program Files\FunWebProducts" => File/Directory not found.
Chrome RestoreOnStartup deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.
"HKCR\CLSID\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.
"HKCR\CLSID\{A2BA2DB7-1711-40F9-93D0-139D05F0F584}" => Key not found.

==== End of Fixlog ====
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

-.-

deeprybka 12.09.2014 19:22
Ok und ein frisches FRST bitte... :)

Mena 12.09.2014 19:28

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 12-09-2014 20:26:20
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-12 19:50 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-12 20:26 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-12 20:26 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-12 20:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 19:50 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 19:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-12 19:33 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-12 19:33 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-12 19:30 - 2014-01-30 15:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-12 19:30 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 19:29 - 2008-01-21 04:47 - 00166652 _____ () C:\Windows\PFRO.log
2014-09-12 19:29 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 19:29 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 19:29 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 19:28 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-12 19:27 - 2009-12-12 15:32 - 02062918 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 19:17 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-12 17:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-12 17:38 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 13:08 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-12 19:40

==================== End Of Log ============================
--- --- ---

deeprybka 12.09.2014 19:32
Ok...

Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
  • Öffne die TFC.exe.
    Vista und Win 7 User mit Rechtsklick "als Administrator starten".
  • Schließe alle anderen Programme.
  • Drücke auf den Button Start.
  • Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Mena 12.09.2014 20:01
Hallo :-)

habe gerade folgenden Schritt durchgeführt:



Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.

Öffne die TFC.exe.
Vista und Win 7 User mit Rechtsklick "als Administrator starten".
Schließe alle anderen Programme.
Drücke auf den Button Start.
Falls du zu einem Neustart aufgefordert wirst, bestätige diesen.


Nachdem ich den Start button gedrückt hatte schien das Programm zu rechnen.
Kurz darauf hat es sich allerdings aufgehängt - wieder keine Rückmeldung.
Hatte zur Auswahl programm beenden - reagiert nicht. Habe das gemacht und im anschluss wurde mein screen "grau". Über STRG. ALT ENTF. kam ich zwar in das Anmeldemenü von Vista, konnte mich aber nicht anmelden (wieder greyscreen). habe neugestartet und im anschluss den vorgang wiederholt. Wieder das selbe problem..

allerdings befinden sich jetzt dateien auf meinem desktop, die vorher nicht da waren !
Diese sind aber eher wie wasserzeichen zu erkennen.

Liebe Grüße

deeprybka 12.09.2014 20:14
Ok, dann lass bitte Tempfilecleaner weg.

Und beachte bitte was ich im Eingangsposting geschrieben habe,
Zitat:
Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Also nicht immer wieder probieren, sondern abbrechen und beschreiben... ;)


Mach bitte mit ESET weiter...

Mena 12.09.2014 20:16
Ok sorry! Wird gemacht...

deeprybka 12.09.2014 20:17
Mach bitte mit ESET weiter...

Mena 12.09.2014 20:19
Soll ich alle Daten oder nur die eigenen bereinigen ? Alle macht mehr Sinn, oder?

deeprybka 12.09.2014 20:21
Bitte mit ESET weitermachen, Datenbereinigung machen wir später.

Mena 12.09.2014 23:49
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7c34cd166c47044f9e69fead13c324ea
# engine=20130
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-12 10:09:05
# local_time=2014-09-13 12:09:05 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 48313 97693729 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 25775605 248092473 0 0
# scanned=277949
# found=64
# cleaned=0
# scan_time=9197
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=93510E07EBD463BE51052EC8114EC16C5423103E ft=0 fh=0000000000000000 vn="Win32/Conduit.SearchProtect.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Mozilla Firefox\nsprotector.js.vir"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="Variante von Win32/Toolbar.Conduit.AJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\Multi\CT3317893\UninstallerUI.exe.vir"
sh=0C73CCC63EC56232CA1EF6BF8573B3A9AB323052 ft=1 fh=d014c1be8c7ac6c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\ConduitEngine\ConduitEngine.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=B00AAA76783727675CF43122549420C894CDE1CF ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg\1.3\i7sQO3ZXObOo.js.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\softonic-de3\tbsof0.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Local\softonic-de3\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\tbDVD0.dll.vir"
sh=3664B7B546B41FBFB469128DEA194DBA1AF556AC ft=1 fh=532d857584187cdc vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\tbDVD1.dll.vir"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\LocalLow\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Roaming\BabSolution\Shared\enhancedNT.dll.vir"
sh=0FBAFB91B97CDAFDF71FC7B04854C0F38A7048BF ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk.vir"
sh=256B50DA47470AA3AEDA47FD13FB9D5A85FABC41 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk.vir"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\DVDVideoSoft\tbDVD0.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=9E0A96449BD16DB18E6E4418F677565712B8EBFF ft=1 fh=79d5711226c99797 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\366TJQ0L\tbedrs[1].dll"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="möglicherweise Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K804MYPB\tbedrs[1].dll"
sh=E31F45110B742889AFD4D31AC4FBF46D2E8044C7 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen Virus" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TT9IG8IB\mzhiphop_com[1].txt"
sh=8DE31C10B78FC6647C351EB26D0AEE308E406F5E ft=0 fh=0000000000000000 vn="HTML/Iframe.B.Gen Virus" ac=I fn="C:\Users\Madeleine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XCLP7GR9\index[1].htm"
sh=BD853E572026DFBF31FA1B6C3BBE47CA8CEDD2AD ft=1 fh=23af513eff6ebc20 vn="Variante von Win32/SProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\0014c823.ftf.ftf"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll"
sh=EA456404E605CF2E7CAC6416ADD1E0717E9BB627 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\tmp-c7f.xpi"
sh=E0814D0F17EE1122F6D3507DC676030F8E1CC133 ft=1 fh=0e0f46db8e6ee8c4 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\BBE19AD9-BAB0-7891-84EE-25C09013C70B\Latest\BabMaint.exe"
sh=E2BA5F8A7BD2BAF32FF31730BAD873C8E7957030 ft=1 fh=6e8622963c31f56a vn="Variante von Win32/Toolbar.Babylon.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\BBE19AD9-BAB0-7891-84EE-25C09013C70B\Latest\BUSolution.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\BBE19AD9-BAB0-7891-84EE-25C09013C70B\Latest\IEHelper.dll"
sh=2B71A57C96480FE13CB46A9F319794A0AF697642 ft=1 fh=296865a4b95bf4e8 vn="Variante von Win32/Toolbar.Babylon.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\bus70A7\enhancedNT.dll"
sh=2E90EBC6D69DF089A01B0F57AC92A42FEC376F17 ft=0 fh=0000000000000000 vn="Win32/AdWare.BetterSurf.A Anwendung" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\scoped_dir_2056_16390\Chrome.crx"
sh=A87B7647DC34B5B6186209377786E946B677C574 ft=1 fh=c2834f18f25710d9 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Madeleine\AppData\Local\Temp\{9C997DDA-4987-41C8-835C-811CB99D234C}\setup.exe"
sh=C2C7BD3BD6C75D5DBCCA298C785C208AB6C73CF0 ft=1 fh=154117e7567d41ef vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\ldrtbDVD2.dll"
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll"
sh=41CDE566540E31CF556FFC948255F45D4A94EAF8 ft=1 fh=3fb8233a96c1e513 vn="Variante von Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD1.dll"
sh=5C684D51F07A183EEA13D66F5C7E9630C48D93B5 ft=1 fh=53be76e80c29ad73 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD2.dll"
sh=7A5B168BB2B8C06B2A9134B656BBF195830D21C2 ft=1 fh=55d4f387d8566cf4 vn="Variante von Win32/PriceGong.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll"
sh=AF2A09062B79711D5D92F58251EE238DF2E5E9F9 ft=1 fh=ea86b3a42b031233 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\AppData\LocalLow\MAX_DE_Atube\tbMAX_.dll"
sh=CE55BBBBAECD415840AC4D09762084A749DBA50A ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBK Trojaner" ac=I fn="C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0\33\30feb821-1bb2fd39"
sh=861D9FCFC5C004CE608C195056CEF6265C2B8387 ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBM Trojaner" ac=I fn="C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0\4\5541aec4-1c51cc5e"
sh=4A9F0A627FFE289F339A2DF6EA68808D47DBB5EA ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.Agent.NBL Trojaner" ac=I fn="C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0\52\31bba1f4-11ca9d7e"
sh=EF8351D907A44D00E3D270A2D8C1AF9B3FA7AE7C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Desktop\Neuer Ordner\Alte Firefox-Daten\33js4w13.default\prefs-1.js"
sh=ACE72A815B965F86C50D998C31307CB8DF18583C ft=1 fh=8a8ff7b68542ea8a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\FreeStudio.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\FreeYouTubeToMp3Converter.exe"
sh=6B5089FE0C65DE83554B4B2047CFCD825850C32D ft=1 fh=5d8f07097d0ed01d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\iMeshV9de.exe"
sh=13C0C3ED4E051740A8C5C8D7B4172F522C8271B6 ft=1 fh=df47965e4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Documents\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe"
sh=ACE72A815B965F86C50D998C31307CB8DF18583C ft=1 fh=8a8ff7b68542ea8a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\FreeStudio.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\FreeYouTubeToMp3Converter.exe"
sh=6B5089FE0C65DE83554B4B2047CFCD825850C32D ft=1 fh=5d8f07097d0ed01d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\iMeshV9de.exe"
sh=13C0C3ED4E051740A8C5C8D7B4172F522C8271B6 ft=1 fh=df47965e4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe"
sh=E647501CDAA9FC44FFBC2BF49A375D1DEB24F3FF ft=1 fh=ef36aaaf5122fd47 vn="Variante von Win32/SweetIM.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\My Art\DVDVideoSoft\SweetImSetup.exe"
sh=C1E721705E99313D1AD4F726E2C86DD6B9C6DAA7 ft=1 fh=a578adafe6b2cc92 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Programme\aTube_Catcher552DE.exe"
sh=7BC60488C1F1B100A6E341944BDC274C6BB3A7A1 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Madeleine\Pictures\2012\Programme\eBay.lnk"
sh=2606DF6F23B8CAEC1210C5A4C8FFFF409FD4AF11 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H Anwendung" ac=I fn="C:\zoek_backup\C_PROGRA~2_nnlikkcdnapggndngajijlcneepblkkk\eKWIWH1Mx65h.js"
sh=ACE72A815B965F86C50D998C31307CB8DF18583C ft=1 fh=8a8ff7b68542ea8a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\FreeStudio.exe"
sh=D66CF06B8760DD8094AE26B85F47BBDB442F80ED ft=1 fh=17056912def553f7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\FreeYouTubeToMp3Converter(2).exe"
sh=07C3A8DE40271B9ECD674AF867A2C7F61D40DFBA ft=1 fh=8a8ff7b630139cd7 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\FreeYouTubeToMp3Converter.exe"
sh=6B5089FE0C65DE83554B4B2047CFCD825850C32D ft=1 fh=5d8f07097d0ed01d vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\iMeshV9de.exe"
sh=13C0C3ED4E051740A8C5C8D7B4172F522C8271B6 ft=1 fh=df47965e4474db9d vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\SoftonicDownloader_fuer_adobe-photoshop.exe"
sh=D080EB1BD0F6772B21D59337480EC99139A75032 ft=1 fh=f2807c5671e19a21 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Downloads\SoftonicDownloader_fuer_atube-catcher.exe"
sh=8C03F5D26ED7FA2B7461932439FE3897A3C5EE65 ft=1 fh=5cb7a4c17ad31409 vn="Variante von Win32/Adware.HotBar.H Anwendung" ac=I fn="F:\2012\Downloads\VLCSetup.exe"
sh=E647501CDAA9FC44FFBC2BF49A375D1DEB24F3FF ft=1 fh=ef36aaaf5122fd47 vn="Variante von Win32/SweetIM.A evtl. unerwünschte Anwendung" ac=I fn="F:\2012\My Art\DVDVideoSoft\SweetImSetup.exe"
sh=C1E721705E99313D1AD4F726E2C86DD6B9C6DAA7 ft=1 fh=a578adafe6b2cc92 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Programme\aTube_Catcher552DE.exe"
sh=7BC60488C1F1B100A6E341944BDC274C6BB3A7A1 ft=0 fh=0000000000000000 vn="Win32/Adware.ADON evtl. unerwünschte Anwendung" ac=I fn="F:\2012\Programme\eBay.lnk"

deeprybka 13.09.2014 16:16
Hi,

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
C:\Users\Madeleine\AppData\Local\DVDVideoSoft\tbDVD0.dll
C:\Users\Madeleine\AppData\Local\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\ldrtbDVD2.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD1.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD2.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Madeleine\AppData\LocalLow\MAX_DE_Atube\tbMAX_.dll
C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0
C:\Users\Madeleine\Desktop\Neuer Ordner\Alte Firefox-Daten\33js4w13.default\prefs-1.js
C:\Program Files\Google\Chrome
C:\Users\Madeleine\AppData\Local\Google\Chrome
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.

Schritt 2
Datenträgerbereinigung: http://deeprybka.trojaner-board.de/c...ista/vista.png

cleanmgr eingeben

http://deeprybka.trojaner-board.de/b...gr%20vista.png

ENTER drücken

http://@deeprybka.trojaner-board.de/...r%20vista2.png

Alle Benutzer auswählen

http://@deeprybka.trojaner-board.de/...r%20vista3.png

Laufwerk C: auswählen

http://@deeprybka.trojaner-board.de/...r%20vista4.png

Alle Haken setzen und mit OK bestätigen.

http://@deeprybka.trojaner-board.de/...r%20vista5.png

Dateien löschen auswählen.


Dann bitte PC neu starten.

Schritt 3

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Mena 15.09.2014 20:09
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 15-09-2014 21:03:27
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Adobe Systems Incorporated.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrodist.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-09-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 13:26 - 2014-09-13 13:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-15 21:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-15 21:03 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 21:03 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-15 21:03 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-15 21:02 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-15 21:00 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 21:00 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 20:59 - 2006-11-02 15:01 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 20:59 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 20:59 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:59 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:57 - 2009-12-12 15:32 - 01079415 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 20:55 - 2009-12-12 20:58 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 20:49 - 2010-06-22 01:15 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\DVDVideoSoft
2014-09-15 20:49 - 2009-12-15 17:20 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Google
2014-09-15 20:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 20:43 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-15 20:40 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 15:03 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-14 22:50 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-14 21:55 - 2013-11-18 16:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 19:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-09-13 13:26 - 2014-09-13 13:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 21:25 - 2009-04-11 18:55 - 08276472 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:47 - 2008-01-21 04:47 - 00169022 _____ () C:\Windows\PFRO.log
2014-09-12 19:30 - 2014-01-30 15:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-12 19:17 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-12 17:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-14 22:07

==================== End Of Log ============================
--- --- ---

--- --- ---


Guten Abend,

vielen Dank für die geniale Hilfe! :sword2:
Aktuell habe augenscheinlich keine
Probleme mehr. Bis auf die Kleinigkeit,
dass mir nach dem Start wieder das
Infofenster "Apple Aplication was not found"
angezeigt wird.

Ich bin mir nicht sicher ob
es überhaupt mit Apple zutun hat, aber
scheinbar geht es um I-tunes - die ich nicht
verwendet habe, weil ich kein Applegerät
habe... Außerdem steht da ich soll die Software
deinstallieren - finde sie aber nicht im System :wtf:

Liebe Grüße :daumenhoc

deeprybka 15.09.2014 20:10
Hi,
die anderen Schritte vorher ausgeführt? :)

Mena 15.09.2014 20:11
FIX
BEREINIGUNG
SCAN

*check*

deeprybka 15.09.2014 20:14
Wo ist das Fixlog? :)

Übrigens,

Code:
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
scheint installiert zu sein. Schau mal mit Revo ob Du es deinstallieren kannst. Software welche Du nicht brauchst sollte deinstalliert werden.

Mena 15.09.2014 20:27
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-15 20:49:43 Run:8
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal



==============================================

Content of fixlist:
*****************
C:\Users\Madeleine\AppData\Local\DVDVideoSoft\tbDVD0.dll
C:\Users\Madeleine\AppData\Local\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\ldrtbDVD2.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD1.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD2.dll
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll
C:\Users\Madeleine\AppData\LocalLow\MAX_DE_Atube\tbMAX_.dll
C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0
C:\Users\Madeleine\Desktop\Neuer Ordner\Alte Firefox-Daten\33js4w13.default\prefs-1.js
C:\Program Files\Google\Chrome
C:\Users\Madeleine\AppData\Local\Google\Chrome
*****************

C:\Users\Madeleine\AppData\Local\DVDVideoSoft\tbDVD0.dll => Moved successfully.
C:\Users\Madeleine\AppData\Local\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => Moved successfully.
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\ldrtbDVD2.dll => Moved successfully.
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD0.dll => Moved successfully.
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD1.dll => Moved successfully.
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\tbDVD2.dll => Moved successfully.
C:\Users\Madeleine\AppData\LocalLow\DVDVideoSoft\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll => Moved successfully.
C:\Users\Madeleine\AppData\LocalLow\MAX_DE_Atube\tbMAX_.dll => Moved successfully.
C:\Users\Madeleine\AppData\Roaming\Sun\Java\Deployment\cache\6.0 => Moved successfully.
C:\Users\Madeleine\Desktop\Neuer Ordner\Alte Firefox-Daten\33js4w13.default\prefs-1.js => Moved successfully.
"C:\Program Files\Google\Chrome" => File/Directory not found.
C:\Users\Madeleine\AppData\Local\Google\Chrome => Moved successfully.

==== End of Fixlog ====
:stirn: :pfeiff:

deeprybka 15.09.2014 20:35
:)

Kannst Du itunes deinstallieren?

Hat das mit der Datenträgerbereinigung geklappt?

Mena 15.09.2014 20:57
Hi Jürgen,

zu Punkt 1:

I-Tunes wird mir nicht angezeigt.
Habe es auch schon seit längerem deinstalliert.
Revo findet auch nichts. Und unter der Windows-
Suchleiste leider auch gar nichts...

Im Internet habe ich gerade folgende Information
gefunden:



Deinstallieren Sie iTunes und installieren Sie es erneut. In den meisten Fällen wird so der Fehler behoben.
Suchen Sie in Ihren Downloads nach der heruntergeladenen iTunes-Datei. Klicken Sie auf diese mit einem Rechtsklick und öffnen Sie sie anschließend mit dem Programm WinRar. Danach wählen Sie "AppleApplicationSupport.msi" mit einem Rechtsklick aus. Extrahieren Sie und öffnen Sie dann diese Datei.
Ist Ihr Windows auf dem neusten Stand? Manchmal verhindern Updates, dass iTunes korrekt läuft. Suchen Sie nach neuen Aktualisierungen und installieren Sie diese gegebenenfalls.
Falls Ihnen alles nicht weiterhelfen wollte, wenden Sie sich an Apples Support und melden Sie den Fehler "Apple Application Support was not found".

- scheint so als müsste ich Itunes nochmal installieren, oder?

Datenträgerbereinigung hat geklappt. Keine Fehlermeldung erhalten, ganz normaler Abschluss des Vorgags

Grüße

Oder kann ich die Updates ausschalten :D nur so eine Idee :D

deeprybka 15.09.2014 21:09
Nö,

mach mal bitte folgenden Fix (und brich FRST bitte nicht ab sondern warte):

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:
Code:
CloseProcesses:
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
C:\Program Files\iTunes\
Hosts:
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.
  • Starte FRST und drücke auf den Fix-Button.
  • Das Tool erstellt eine "Fixlog.txt" -Datei.
  • Poste mir bitte deren Inhalt.


Schritt 2

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Mena 15.09.2014 21:25
Programm hängt sich beim Fix-Vorgang auf

:glaskugel: ich kann in die Vergangenheit sehen ->
das hatten wir bereits...

deeprybka 15.09.2014 21:37
Zitat:
Zitat von Mena (Beitrag 1360211)
Programm hängt sich beim Fix-Vorgang auf
Und das sollte eigentlich nicht sein...

Keine Fortschritte? Dann FRST-Scan bitte.

Mena 15.09.2014 21:47

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 15-09-2014 22:43:53
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-09-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-13 13:26 - 2014-09-13 13:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-15 21:00 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-15 22:43 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 22:43 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-15 22:43 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-15 22:23 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 22:23 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 22:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 22:02 - 2009-12-12 15:32 - 01079511 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 21:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 21:02 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-15 21:00 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 21:00 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 20:59 - 2006-11-02 15:01 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-15 20:59 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 20:55 - 2009-12-12 20:58 - 00000000 ____D () C:\Windows\Minidump
2014-09-15 20:49 - 2010-06-22 01:15 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\DVDVideoSoft
2014-09-15 20:49 - 2009-12-15 17:20 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Google
2014-09-15 20:43 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-15 15:03 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-14 22:50 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-14 21:55 - 2013-11-18 16:59 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 19:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-09-13 13:26 - 2014-09-13 13:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-12 21:25 - 2009-04-11 18:55 - 08276472 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-12 20:47 - 2008-01-21 04:47 - 00169022 _____ () C:\Windows\PFRO.log
2014-09-12 19:30 - 2014-01-30 15:11 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-12 19:17 - 2006-11-02 13:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-12 17:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt
2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt
2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE

Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-15 21:05

==================== End Of Log ============================
--- --- ---

deeprybka 15.09.2014 21:57
http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Mena 15.09.2014 22:13
Nein augenscheinlich keine!

Das Problem mit der Browserwerbung
ist definitiv weg...

:taenzer:

deeprybka 15.09.2014 22:14
Und der itunes-schmarrn?

Mena 15.09.2014 22:56
Der Itunes Schmarrn ist auch fort ! Habe gerade einen Neustart gemacht ! :knuddel:

deeprybka 15.09.2014 23:12
OK...

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:
(Die Reihenfolge ist hier entscheidend)

Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken.

http://deeprybka.trojaner-board.de/b...n/defogger.png


Alle Logs gepostet? Ja! Dann lade Dir bitte http://filepony.de/icon/delfix.pngDelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.




>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

http://www.trojaner-board.de/extra/lesestoff.pngWie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

http://deeprybka.trojaner-board.de/b...ast/schild.pngUpdates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.



http://deeprybka.trojaner-board.de/b...ast/schild.pngFirewall, Antivirus & Co.
http://s1.directupload.net/images/140701/eivrliwa.pngCracks, Downloads & Co.


Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
  • Surfe daher mit Vorsicht und klicke mit Verstand.
  • Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
  • Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
  • Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
  • Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
  • Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .


Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:00 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131