|
Plagegeister aller Art und deren Bekämpfung: "Ads not by this site" und "safesaver"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.06.2013, 17:21 | #1 |
| "Ads not by this site" und "safesaver" Hallo! Ich habe wirklich absolut keine Ahnung, was ich falsch gemacht haben könnte (keine Downloads, keine dubiosen Internet-Seiten besucht, etc.), aber seit neustem erscheint in meinem Browser (Chrome) auf manchen Seiten oben folgende Zeile: "Ads not by this site" - Keine Ahnung, was das bedeuten könnte, dachte erst, das hat mit meinem Adblocker zu tun. Ebenfalls sind auf manchen Internetseiten (deren Inhalte ich ganz sicher kenne und weiß, dass das nicht vorkommen sollte) bestimmte Wörter wie z.B. "Frau" oder "Amazon" ect. mit einem Link unterlegt, der entweder eine Werbe-"Sprechblase" anzeigt oder den Text "Click to Continue > by safesaver" einblendet. So ein Werbezeugs kommt auch am Anfang von manchen YouTube-Videos, das ich mit einem Klick auf ein X wegklicken kann (trotz Adblocker). Ich wäre wirklich froh, wenn man mir damit helfen könnte (wäre schon das dritte Mal, so langsam wird aber eine Spende fällig). Oh, ich sehe gerade, dass mein Skriptblocker so gut wie auf jeder Seite superfish.com, googleapis.com, akamaihd.net, googleadservices.com, adition.com und tracksrv.com findet. Falls das relevant ist. Geändert von step4en (29.06.2013 um 17:37 Uhr) |
29.06.2013, 17:46 | #2 |
/// TB-Ausbilder | "Ads not by this site" und "safesaver" Hi,
__________________ja das ist irgendein Addon der Verursachen. Hatten wir auch schon öfters.. Lass uns mal reinschauen: Downloade dir bitte die für dein System passende Version (32-bit/64-bit) von Farbar Recovery Scan Tool (FRST) und speichere es auf den Desktop. (Wenn du nicht sicher bist, welche du benötigst: Start -> Computer (Rechtsklick) -> Eigenschaften)
__________________ |
29.06.2013, 17:56 | #3 |
| "Ads not by this site" und "safesaver" Hallo, danke für die schnelle Antwort.
__________________FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01 Ran by Thomas (administrator) on 29-06-2013 18:49:38 Running from C:\Users\Thomas\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Dropbox, Inc.) C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation) HKCU\...\Run: [Google Update] "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-02] (Google Inc.) HKCU\...\Run: [Miro] C:\Program Files (x86)\Participatory Culture Foundation\Miro\Miro.exe [390144 2013-04-05] () HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-14] () HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.) HKCU\...\Run: [Spotify Web Helper] "C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-13] (Spotify Ltd) HKCU\...\Run: [Spotify] "C:\Users\Thomas\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [4643328 2013-06-13] (Spotify Ltd) HKCU\...\Run: [GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6] "C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-06-15] (Google Inc.) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS) HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [x] HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x] HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) AppInit_DLLs-x32: c:\progra~2\safesa~1\sprote~1.dll [1050112 2013-01-24] () Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: ssaFe! save - {85636998-5C40-7AC6-FC48-92FA85EAFD21} - C:\ProgramData\ssaFe! save\51cb40f7d603e.dll () BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Keyword.URL: user_pref("keyword.URL", ""); FF Homepage: user_pref("browser.startup.homepage", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com FF Extension: TVU Web Player - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\firefox@tvunetworks.com FF Extension: ssaFe! save - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\yloo@lmre-.com FF Extension: DownloadHelper - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: toolbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\toolbar@web.de.xpi FF Extension: twitter.address.bar.search - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\twitter.address.bar.search@firefox.twitter.xpi FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ FF HKCU\...\Firefox\Extensions: [videosaver@videosaver.net] C:\Program Files (x86)\VideoSaver\FF\ Chrome: ======= CHR Extension: (WOT) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0 CHR Extension: (ssaFe! save) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjobdpnepikjiifmjailookgicdegfio\1 CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Adblock Plus) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0 CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.2_0 CHR Extension: (WEB.DE MailCheck) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo\1.1_0 CHR Extension: ( "name": "feedly") - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja\16.0.528_0 CHR Extension: (NotScripts) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0 CHR Extension: (Google Reader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0 CHR Extension: (RSS Feed Reader) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.1.2_0 ==================== Services (Whitelisted) ================= R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-06] () S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [x] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-01] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-05-31] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-05-31] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\ENG64.SYS [126040 2013-06-23] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\ENG64.SYS [126040 2013-06-23] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\EX64.SYS [2098776 2013-06-23] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\EX64.SYS [2098776 2013-06-23] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-29 18:49 - 2013-06-29 18:49 - 00000000 ____D C:\FRST 2013-06-29 18:48 - 2013-06-29 18:48 - 01933592 ____A (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-29 17:52 - 2013-06-29 17:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-29 12:24 - 2013-06-29 12:33 - 00000000 ____D C:\Users\Thomas\AppData\Local\Solid State Networks 2013-06-29 12:24 - 2013-06-29 12:33 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment 2013-06-26 21:26 - 2013-06-26 21:26 - 00000000 ____D C:\ProgramData\ssaFe! save 2013-06-26 21:26 - 2013-06-26 21:26 - 00000000 ____D C:\Program Files (x86)\SafeSaver 2013-06-26 21:25 - 2013-06-26 21:25 - 00000000 ____D C:\ProgramData\InstallMate 2013-06-26 18:44 - 2013-06-26 18:44 - 00008068 ____A C:\Users\Thomas\Desktop\Unbenannt 1.odt 2013-06-22 11:46 - 2013-06-24 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc 2013-06-22 11:46 - 2013-06-22 11:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-06-19 17:52 - 2013-06-19 17:52 - 00000000 ____D C:\Users\Thomas\AppData\Local\techland 2013-06-18 19:28 - 2013-06-18 19:28 - 00002676 ____A C:\AdwCleaner[S1].txt 2013-06-18 19:27 - 2013-06-18 19:27 - 00648201 ____A C:\Users\Thomas\Desktop\adwcleaner.exe 2013-06-17 21:46 - 2013-06-17 21:46 - 02347384 ____A (ESET) C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe 2013-06-17 20:34 - 2013-06-18 15:43 - 00000000 ____D C:\Users\Thomas\Bilder 2013-06-17 19:42 - 2013-06-18 15:43 - 00000000 ____D C:\Users\Thomas\Documents\dvd 2013-06-17 19:41 - 2013-06-17 21:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\DVD Flick 2013-06-17 19:41 - 2013-06-17 20:19 - 00000000 ____D C:\Program Files (x86)\DVD Flick 2013-06-17 19:41 - 2008-08-31 13:27 - 00028672 ____A (-) C:\Windows\SysWOW64\mousewheel.ocx 2013-06-17 19:41 - 2007-08-31 18:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 01081616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 00609824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx 2013-06-17 19:41 - 2003-01-26 13:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll 2013-06-17 19:41 - 1998-06-24 00:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx 2013-06-17 14:39 - 2013-06-17 14:39 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (3).exe 2013-06-17 14:38 - 2013-06-17 14:38 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (2).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (1).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 19:06 - 2013-06-13 19:06 - 00082694 ____A C:\Users\Thomas\Desktop\Urheberrecht.odp 2013-06-13 19:02 - 2013-06-13 19:02 - 00000000 ____D C:\Users\Thomas\Desktop\Bilder_Informatik 2013-06-12 21:47 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:47 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:47 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:47 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:47 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:47 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 13:43 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 13:43 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 13:43 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 13:43 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 13:43 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 13:43 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 13:43 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 13:43 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 13:43 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 13:43 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 13:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 13:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 13:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 13:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 13:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 13:43 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 13:43 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 13:43 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 13:43 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-03 14:05 - 2013-06-03 14:05 - 02347384 ____A (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_enu.exe 2013-06-02 16:52 - 2013-06-02 18:59 - 3195473839 ____A C:\Users\Thomas\Desktop\TPB AFK_ The Pirate Bay Away From Keyboard.mp4 ==================== One Month Modified Files and Folders ======= 2013-06-29 18:50 - 2012-05-20 20:12 - 00000000 ____D C:\Users\Thomas\AppData\Local\PMB Files 2013-06-29 18:49 - 2013-06-29 18:49 - 00000000 ____D C:\FRST 2013-06-29 18:48 - 2013-06-29 18:48 - 01933592 ____A (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2013-06-29 18:40 - 2011-11-07 18:47 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype 2013-06-29 18:28 - 2013-04-06 12:09 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-29 18:26 - 2012-07-14 13:00 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-29 18:07 - 2012-05-02 21:20 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000UA.job 2013-06-29 17:52 - 2013-06-29 17:52 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-29 17:52 - 2013-06-29 17:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-29 17:52 - 2012-06-23 18:51 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-29 17:52 - 2011-11-07 19:07 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-29 17:52 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-29 17:52 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-29 17:45 - 2013-04-26 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Spotify 2013-06-29 17:45 - 2012-11-29 18:49 - 00000000 ___RD C:\Users\Thomas\Dropbox 2013-06-29 17:45 - 2012-11-29 18:46 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Dropbox 2013-06-29 17:45 - 2012-04-22 18:35 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-29 17:45 - 2011-10-05 03:04 - 00000000 ____D C:\ProgramData\PDFC 2013-06-29 17:44 - 2013-01-24 16:07 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2013-06-29 17:44 - 2012-07-14 13:00 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-29 17:44 - 2011-10-05 02:48 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-29 17:44 - 2010-11-21 05:47 - 00209686 ____A C:\Windows\PFRO.log 2013-06-29 17:44 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-29 17:44 - 2009-07-14 06:51 - 00060250 ____A C:\Windows\setupact.log 2013-06-29 17:43 - 2011-11-07 18:32 - 01473380 ____A C:\Windows\WindowsUpdate.log 2013-06-29 13:28 - 2013-04-26 20:38 - 00000000 ____D C:\Users\Thomas\AppData\Local\Spotify 2013-06-29 12:34 - 2013-06-29 12:24 - 00000000 ____D C:\Users\Thomas\AppData\Local\Solid State Networks 2013-06-29 12:34 - 2013-06-29 12:24 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment 2013-06-29 12:14 - 2012-12-22 14:05 - 00019963 ____A C:\Users\Thomas\Desktop\Wunschliste.sxw 2013-06-29 10:42 - 2012-05-02 21:20 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000Core.job 2013-06-27 23:35 - 2011-12-08 23:12 - 00000000 ___RD C:\Users\Thomas\Desktop\Sonstiges 2013-06-26 21:26 - 2013-06-26 21:26 - 00000000 ____D C:\ProgramData\ssaFe! save 2013-06-26 21:26 - 2013-06-26 21:26 - 00000000 ____D C:\Program Files (x86)\SafeSaver 2013-06-26 21:25 - 2013-06-26 21:25 - 00000000 ____D C:\ProgramData\InstallMate 2013-06-26 18:44 - 2013-06-26 18:44 - 00008068 ____A C:\Users\Thomas\Desktop\Unbenannt 1.odt 2013-06-24 19:09 - 2013-06-22 11:46 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc 2013-06-24 16:38 - 2012-01-10 16:57 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForThomas.job 2013-06-22 13:43 - 2012-04-04 09:42 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-06-22 13:43 - 2011-10-05 03:08 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-06-22 11:46 - 2013-06-22 11:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-06-21 18:53 - 2011-11-07 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-21 18:53 - 2011-11-07 18:47 - 00000000 ____D C:\ProgramData\Skype 2013-06-19 17:52 - 2013-06-19 17:52 - 00000000 ____D C:\Users\Thomas\AppData\Local\techland 2013-06-19 17:51 - 2011-10-05 03:05 - 00658592 ____A C:\Windows\DirectX.log 2013-06-19 13:39 - 2011-10-05 03:08 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-06-19 13:39 - 2011-10-05 03:08 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-06-18 19:28 - 2013-06-18 19:28 - 00002676 ____A C:\AdwCleaner[S1].txt 2013-06-18 19:28 - 2011-11-08 18:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\SoftGrid Client 2013-06-18 19:27 - 2013-06-18 19:27 - 00648201 ____A C:\Users\Thomas\Desktop\adwcleaner.exe 2013-06-18 15:43 - 2013-06-17 20:34 - 00000000 ____D C:\Users\Thomas\Bilder 2013-06-18 15:43 - 2013-06-17 19:42 - 00000000 ____D C:\Users\Thomas\Documents\dvd 2013-06-17 21:46 - 2013-06-17 21:46 - 02347384 ____A (ESET) C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe 2013-06-17 21:11 - 2013-06-17 19:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\DVD Flick 2013-06-17 20:34 - 2011-11-07 18:34 - 00000000 ____D C:\users\Thomas 2013-06-17 20:19 - 2013-06-17 19:41 - 00000000 ____D C:\Program Files (x86)\DVD Flick 2013-06-17 14:39 - 2013-06-17 14:39 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (3).exe 2013-06-17 14:38 - 2013-06-17 14:38 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (2).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (1).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-06-14 21:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-13 21:49 - 2011-12-21 17:43 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps 2013-06-13 19:06 - 2013-06-13 19:06 - 00082694 ____A C:\Users\Thomas\Desktop\Urheberrecht.odp 2013-06-13 19:02 - 2013-06-13 19:02 - 00000000 ____D C:\Users\Thomas\Desktop\Bilder_Informatik 2013-06-12 21:48 - 2012-01-21 10:00 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 13:31 - 2013-04-06 12:09 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 13:31 - 2013-04-06 12:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 16:34 - 2013-01-02 00:22 - 00000000 ____D C:\Users\Thomas\Desktop\Spiele 2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 18:52 - 2012-12-19 20:45 - 00000000 ____D C:\Users\Thomas\AppData\Local\Deployment 2013-06-06 20:56 - 2012-03-22 18:55 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\.minecraft 2013-06-04 16:53 - 2012-06-17 13:01 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForTHOMAS-WINDOWS7$.job 2013-06-03 18:31 - 2011-10-05 02:39 - 03290508 ____A C:\Windows\System32\perfh007.dat 2013-06-03 18:31 - 2011-10-05 02:39 - 00955760 ____A C:\Windows\System32\perfc007.dat 2013-06-03 18:31 - 2009-07-14 07:13 - 00006468 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-03 14:05 - 2013-06-03 14:05 - 02347384 ____A (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_enu.exe 2013-06-02 18:59 - 2013-06-02 16:52 - 3195473839 ____A C:\Users\Thomas\Desktop\TPB AFK_ The Pirate Bay Away From Keyboard.mp4 2013-06-01 18:18 - 2011-10-05 03:08 - 00000000 ____D C:\ProgramData\Norton 2013-06-01 18:13 - 2011-10-05 03:08 - 00000000 ____D C:\Program Files\Symantec ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-14 21:37 ==================== End Of Log ============================ Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-06-2013 01 Ran by Thomas at 2013-06-29 18:50:39 Running from C:\Users\Thomas\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 0 A.D. (HKCU Version: r12995-alpha) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224) Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122) Agatha Christie - Peril at End House (x32 Version: 2.2.0.95) Amnesia - The Dark Descent Demo (x32 Version: 1.0.1) Apple Application Support (x32 Version: 2.1.6) Apple Mobile Device Support (Version: 4.0.0.97) Apple Software Update (x32 Version: 2.1.3.127) ARMA 2: Operation Arrowhead Demo (x32) ASIO4ALL (x32 Version: 2.10) Assassin's Creed (x32 Version: 1.02) Audacity 1.3.14 (Unicode) (x32) Audacity 2.0.3 (x32 Version: 2.0.3) Batman: Arkham Asylum (x32 Version: 1.0.0.0) Bejeweled 2 Deluxe (x32 Version: 2.2.0.95) Big Rig Europe (x32 Version: 2.2.0.95) Blacklight: Retribution (x32) Blasterball 3 (x32 Version: 2.2.0.95) Blender (Version: 2.63-release) Bonjour (Version: 2.0.2.0) Bounce Symphony (x32 Version: 2.2.0.95) Cake Mania (x32 Version: 2.2.0.95) calibre (x32 Version: 0.8.38) Call of Juarez Gunslinger Demo (x32) CamStudio OSS Desktop Recorder (x32 Version: 2.6 Beta r294) CCleaner (Version: 4.02) Celtx (2.9) (x32 Version: 2.9 (de)) Chuzzle Deluxe (x32 Version: 2.2.0.95) Crazy Chicken Kart 2 (x32 Version: 2.2.0.95) Crossfire Europe (x32 Version: 1.107) D3DX10 (x32 Version: 15.4.2368.0902) DC Universe Online Live (HKCU) Desura (x32 Version: 100.53) Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95) Dota 2 (x32) Dropbox (HKCU Version: 2.0.22) DVD Flick 1.3.0.7 (x32 Version: 1.3.0.7) Edna bricht aus Demo (x32) eSpeak version 1.46.02 (x32) Fallen Earth (x32) Farm Frenzy (x32 Version: 2.2.0.95) FATE (x32 Version: 2.2.0.95) Fishdom (x32 Version: 2.2.0.95) FL Studio 10 (x32) Foxit Reader (x32 Version: 6.0.2.413) Fraps (remove only) (x32) GIMP 2.8.0 (Version: 2.8.0) Glest 3.2.2 (x32) Global Agenda (x32) Google Chrome (HKCU Version: 27.0.1453.116) Google Earth (x32 Version: 7.0.3.8542) Google Update Helper (x32 Version: 1.3.21.145) Gotham City Impostors: Free To Play (x32) Groovedown (x32 Version: 1.0) HandBrake 0.9.5 (x32 Version: 0.9.5) Haunt 1.0 32bit (HKCU) Hazard - Journey Of Life Demo HP Auto (Version: 1.0.12935.3667) HP Client Services (Version: 1.1.12938.3539) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Games (x32 Version: 1.0.2.4) HP LinkUp (x32 Version: 2.01.026) HP Odometer (x32 Version: 2.10.0000) HP Setup (x32 Version: 8.6.4530.3651) HP Setup Manager (x32 Version: 1.1.13253.3682) HP Support Information (x32 Version: 10.1.1000) HP Update (x32 Version: 5.002.003.003) HP Vision Hardware Diagnostics (Version: 2.5.0.0) Inkscape 0.48.2 (x32 Version: 0.48.2) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Internet-TV für Windows Media Center (x32 Version: 4.2.2.0) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JavaFX 2.1.1 (x32 Version: 2.1.1) Jewel Quest Solitaire (x32 Version: 2.2.0.95) jose (x32 Version: 1.3) Junk Mail filter update (x32 Version: 15.4.3502.0922) kikin Plugin (NO23 Edition) 1.11 (x32 Version: 1.11) LabelPrint (x32 Version: 2.5.3609) League of Legends (x32 Version: 1.02.0000) LEGO Star Wars (x32 Version: 1.00.0000) LEGO® Batman™ (x32 Version: 1.00.0000) LEGO® Batman™ DEMO (x32 Version: 1.00.0000) Magic Desktop (x32 Version: 3.0) Mah Jong Medley (x32 Version: 2.2.0.95) Maxthon Cloud Browser (x32 Version: 4.0.6.2000) Mercedes CLC Dream Test Drive (x32) Mesh Runtime (x32 Version: 15.4.5722.2) Metin2 (x32) Microsoft .NET Framework 4.5 (Version: 4.5.50709) Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0) Microsoft Flight (x32) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Office 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000) Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000) Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000) Microsoft Silverlight (Version: 5.1.20125.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Miro (x32 Version: 6.0) Mozilla Firefox 21.0 (x86 de) (x32 Version: 21.0) Mozilla Maintenance Service (x32 Version: 21.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MusicStation (x32 Version: 1.0.1.5) Mystery P.I. - The London Caper (x32 Version: 2.2.0.95) Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95) Nettalk 6.7 (x32) Neverwinter (x32) No23 Recorder (x32 Version: 2.1.0.3) Norton Internet Security (x32 Version: 20.4.0.40) Norton Online Backup (x32 Version: 2.1.17869) NVIDIA 3D Vision Driver 267.95 (Version: 267.95) NVIDIA Control Panel 267.95 (Version: 267.95) NVIDIA Graphics Driver 267.95 (Version: 267.95) NVIDIA Install Application (Version: 2.265.41.0) NVIDIA PhysX (x32 Version: 9.10.0514) NVIDIA PhysX System Software 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6795) Octodad (x32) OpenAL (x32) OpenOffice.org 3.4.1 (x32 Version: 3.41.9593) Opera 12.10 (x32 Version: 12.10.1652) Paint.NET v3.5.10 (Version: 3.60.0) Pando Media Booster (x32 Version: 2.6.0.8) Paranormal BETA_5 (x32 Version: BETA_5) PDF Complete Special Edition (x32 Version: 4.0.35) PDF24 Creator 5.4.0 (x32) Penguins! (x32 Version: 2.2.0.95) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95) PlayReady PC Runtime amd64 (Version: 1.3.0) Polar Bowler (x32 Version: 2.2.0.95) PunkBuster Services (x32 Version: 0.992) Realm of the Mad God (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251) Recovery Manager (x32 Version: 5.5.3621) Remote Graphics Receiver (x32 Version: 5.4.5) RPG MAKER VX Ace (x32 Version: 1.01a) RPG MAKER VX Ace RTP (x32 Version: 1.00) RSS Newsfeed Reader & Producer 1.0 (x32) RuneScape Launcher 1.2 (x32 Version: 1.2.0) SafeSaver 1.74 (x32) Six Updater (x32 Version: 2.09.7014) Skype Click to Call (x32 Version: 6.3.11079) Skype™ 6.5 (x32 Version: 6.5.158) Sleeping Dogs™ Demo (x32) Slingo Deluxe (x32 Version: 2.2.0.95) Source Filmmaker (x32) Spellforce 2 - Shadow Wars (x32 Version: 1.00.0000) SpellForce 2 Shadow Wars (x32 Version: 1.0.0) Spotify (HKCU Version: 0.9.1.53.g876fa9df) ssaFe! save (x32 Version: ) Star Trek Online (x32) Steam (x32 Version: 1.0.0.0) Super Monday Night Combat (x32) swMSM (x32 Version: 12.0.0.1) System Requirements Lab CYRI (x32 Version: 5.0.6.0) System Requirements Lab Test (x32 Version: 5.0.6.0) Team Fortress 2 (x32) The Amazing Spider-Man (x32) Tinypic 3.18 (x32 Version: Tinypic 3.18) To the Moon (x32 Version: 1.0) TripleA Version 1_3_2_2 (x32) TVUPlayer 2.5.3.1 (x32 Version: 2.5.3.1) TweetDeck (x32 Version: 1.0.0) Unity Web Player (HKCU Version: ) Unknown Horizons (x32 Version: 2011.3) Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1) Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1) Update Installer for WildTangent Games App (x32) Virtual Villagers - The Secret City (x32 Version: 2.2.0.95) VLC media player 2.0.7 (x32 Version: 2.0.7) Vokabel Trainer 5 (x32) War Inc. Battlezone (x32) WEB.DE MailCheck für Google Chrome (HKCU Version: 1.0.0.0) Wedding Dash (x32 Version: 2.2.0.95) Wildlife Park 2 (x32 Version: 1.25) WildTangent Games App (HP Games) (x32 Version: 4.0.5.31) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0) Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8) Windows Speech Recognition Macros (x32 Version: 1.0.6862.19) World of Warcraft (x32 Version: 4.3.4.15595) Wunderlist (HKCU Version: 2.0.6.13) Wunderlist (x32 Version: 1.2.4) Wunderlist (x32 Version: 2.1.0.18) XCOM: Enemy Unknown Demo (x32) Zattoo4 4.0.5 (x32 Version: 4.0.5) Zinio Reader 4 (x32 Version: 4.0.3184) Zuma Deluxe (x32 Version: 2.2.0.95) ==================== Restore Points ========================= 19-06-2013 15:50:56 DirectX wurde installiert 20-06-2013 01:00:26 Windows Update 28-06-2013 13:21:22 Geplanter Prüfpunkt 29-06-2013 15:51:31 Installed Java 7 Update 25 ==================== Scheduled Tasks (whitelisted) ============= Task: {145ADBEA-1616-400F-91ED-6684449BBEED} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {20FBF342-62EB-46A3-BA78-156C156ED4E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated) Task: {302FDB2B-812D-4666-91C3-477569398E66} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {4371E2E3-5BC0-490E-9D5A-4A29CEBD3017} - System32\Tasks\{4FAE2AA4-7813-47A0-A550-69E1BC2DC162} => C:\Program Files (x86)\Participatory Culture Foundation\Miro\Miro.exe [2013-04-05] () Task: {6BF9D613-5A3F-45B7-AC1D-7ED739040CAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.) Task: {7D6FB839-83BC-4BD3-9B7B-4A6FE988E136} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-21] (Microsoft Corporation) Task: {87D2EF3E-6978-4956-A4DD-F5EDE953A5B9} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\mxup.exe [2013-05-17] (Maxthon International ltd.) Task: {97A80CC0-8F32-4BCB-B005-84806B2A0006} - System32\Tasks\HPCeeScheduleForThomas => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {9AF6A428-6460-4C93-B809-2310457FC2FB} - System32\Tasks\{61CA3E70-FE65-4316-9993-B1339D95EB1E} => C:\program files (x86)\mozilla firefox\firefox.exe [2013-05-23] (Mozilla Corporation) Task: {9E4FD6C1-B56A-49C6-B66D-30BEEFF00E98} - System32\Tasks\Hewlett-Packard\HP Assistant\HPSA Upgrade => C:\ProgramData\Hewlett-Packard\HPSAUpgrade3\HpSAUpgrade.exe [2011-08-11] (Hewlett-Packard) Task: {A8D08F9A-F881-4427-9E9A-A3A7BDD1D12F} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-31] () Task: {AB2B1259-69A4-4F54-BABC-8E2CFC666AF2} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {B0CBE47A-245F-444C-8577-3BD60E065A30} - System32\Tasks\{3FAA1BD3-ADF7-476F-9264-2E7F18B5D5DA} => C:\Program Files (x86)\Participatory Culture Foundation\Miro\Miro.exe [2013-04-05] () Task: {B6E44CF4-C47C-4F62-A8B1-519A7EAB7D94} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe No File Task: {C2A3AD36-7A46-479E-B57C-0EA27E54A51D} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation) Task: {D38DA262-84D4-42EE-B858-F61B1F22D576} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D78D6887-D78A-4A37-8FA7-0E13FC3DCD7B} - System32\Tasks\{AC57A0F9-E7EB-466E-9036-CC057F529242} => C:\Program Files (x86)\Participatory Culture Foundation\Miro\Miro.exe [2013-04-05] () Task: {E3695DE5-ABD3-463D-94CB-3D2DEF5E789D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {F34B295D-154A-4CDF-B00C-E3D3D2463DBC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation) Task: {F35CFEE4-2754-4C81-A96A-E8F9340C3CC0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000UA => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02] (Google Inc.) Task: {F6BCF6D9-8436-41CF-ADDA-50E6C4BF5B33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000Core => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-02] (Google Inc.) Task: {F9C91361-5EAE-43AA-94DA-74AF27F2FC0C} - System32\Tasks\HPCeeScheduleForTHOMAS-WINDOWS7$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard) Task: {FAD99C2F-4428-47A6-8E4A-B04D0DA6BC44} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000Core.job => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000UA.job => C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForTHOMAS-WINDOWS7$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\HPCeeScheduleForThomas.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/29/2013 06:40:44 PM) (Source: Bonjour Service) (User: ) Description: 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error: (06/29/2013 05:42:51 PM) (Source: Bonjour Service) (User: ) Description: 564: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error: (06/29/2013 11:28:48 AM) (Source: Bonjour Service) (User: ) Description: 376: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error: (06/28/2013 11:45:04 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8127 Error: (06/28/2013 11:45:04 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8127 Error: (06/28/2013 11:45:04 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/28/2013 11:45:03 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7129 Error: (06/28/2013 11:45:03 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7129 Error: (06/28/2013 11:45:03 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/28/2013 11:45:02 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6130 System errors: ============= Error: (06/29/2013 05:45:32 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/29/2013 05:45:32 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (06/29/2013 05:45:32 PM) (Source: DCOM) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (06/23/2013 01:05:38 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Error: (06/11/2013 07:21:40 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (06/11/2013 07:21:40 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (06/01/2013 07:19:38 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Update" wurde nicht richtig gestartet. Error: (05/28/2013 02:58:51 PM) (Source: DCOM) (User: ) Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69} Error: (05/22/2013 01:53:18 PM) (Source: Service Control Manager) (User: ) Description: Dienst "Skype Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (05/19/2013 11:38:31 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht. Microsoft Office Sessions: ========================= Error: (06/29/2013 06:40:44 PM) (Source: Bonjour Service)(User: ) Description: 244: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error: (06/29/2013 05:42:51 PM) (Source: Bonjour Service)(User: ) Description: 564: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error: (06/29/2013 11:28:48 AM) (Source: Bonjour Service)(User: ) Description: 376: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde vom Remotehost geschlossen.) Error: (06/28/2013 11:45:04 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 8127 Error: (06/28/2013 11:45:04 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 8127 Error: (06/28/2013 11:45:04 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/28/2013 11:45:03 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 7129 Error: (06/28/2013 11:45:03 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 7129 Error: (06/28/2013 11:45:03 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (06/28/2013 11:45:02 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6130 ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8172.83 MB Available physical RAM: 5537.86 MB Total Pagefile: 16343.85 MB Available Pagefile: 13411.87 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:641.87 GB) (Free:299.24 GB) NTFS (Disk=0 Partition=2) Drive d: (HP_RECOVERY) (Fixed) (Total:12.23 GB) (Free:1.5 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: EB3205E1) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=642 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=277 GB) - (Type=05) ==================== End Of Log ============================ |
29.06.2013, 18:16 | #4 |
/// TB-Ausbilder | "Ads not by this site" und "safesaver" Also, ich denk, ich hab den Verantwortlichen identifiziert.. Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
29.06.2013, 18:46 | #5 |
| "Ads not by this site" und "safesaver" Merkwürdig, alle meine Einstellungen und Addons in Chrome sind gelöscht - sogar die standardmäßig vorinstallierten. Aber gut, hier die Files: ADWCleaner: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 29/06/2013 um 19:32:46 erstellt # Aktualisiert am 08/06/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Thomas - THOMAS-WINDOWS7 # Bootmodus : Normal # Ausgeführt unter : C:\Users\Thomas\Desktop\adwcleaner (1).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\InstallMate Ordner Gelöscht : C:\ProgramData\ssaFe! save Ordner Gelöscht : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjobdpnepikjiifmjailookgicdegfio Ordner Gelöscht : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\extensions\yloo@lmre-.com ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} Schlüssel Gelöscht : HKLM\Software\SP Global Schlüssel Gelöscht : HKLM\Software\SProtector Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} ***** [Internet Browser] ***** -\\ Internet Explorer v10.0.9200.16611 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v21.0 (de) Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\prefs.js Gelöscht : user_pref("aol_toolbar.default.homepage.check", false); Gelöscht : user_pref("aol_toolbar.default.search.check", false); Gelöscht : user_pref("extensions.51cb40f7d5f55.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...] Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0); Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v27.0.1453.116 Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. -\\ Opera v12.10.1652.0 Datei : C:\Users\Thomas\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [2676 octets] - [18/06/2013 19:28:09] AdwCleaner[S2].txt - [2820 octets] - [29/06/2013 19:32:46] ########## EOF - C:\AdwCleaner[S2].txt - [2880 octets] ########## FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-06-2013 01 Ran by Thomas (administrator) on 29-06-2013 19:42:33 Running from C:\Users\Thomas\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe () C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe (Spotify Ltd) C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Dropbox, Inc.) C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1641896 2013-06-07] (Valve Corporation) HKCU\...\Run: [Google Update] "C:\Users\Thomas\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-02] (Google Inc.) HKCU\...\Run: [Miro] C:\Program Files (x86)\Participatory Culture Foundation\Miro\Miro.exe [390144 2013-04-05] () HKCU\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2012-11-14] () HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.) HKCU\...\Run: [Spotify Web Helper] "C:\Users\Thomas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-13] (Spotify Ltd) HKCU\...\Run: [Spotify] "C:\Users\Thomas\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart [4643328 2013-06-13] (Spotify Ltd) HKCU\...\Run: [GoogleChromeAutoLaunch_D1D0AD69A13928375769191006ADC5F6] "C:\Users\Thomas\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-06-15] (Google Inc.) HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableTaskMgr] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation) HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS) HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.) HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [x] HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x] HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) AppInit_DLLs-x32: [0 ] () Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", ""); FF Keyword.URL: user_pref("keyword.URL", ""); FF Homepage: user_pref("browser.startup.homepage", ""); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com FF Extension: TVU Web Player - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\firefox@tvunetworks.com FF Extension: DownloadHelper - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: toolbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\toolbar@web.de.xpi FF Extension: twitter.address.bar.search - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\twitter.address.bar.search@firefox.twitter.xpi FF Extension: No Name - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\cv9tw4lc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\ FF HKCU\...\Firefox\Extensions: [videosaver@videosaver.net] C:\Program Files (x86)\VideoSaver\FF\ Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Thomas\AppData\Local\Google\Chrome\Application\27.0.1453.116\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (Foxit Reader Plugin for Mozilla) - C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Unity Player) - C:\Users\Thomas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) ==================== Services (Whitelisted) ================= R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-06] () S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [x] ==================== Drivers (Whitelisted) ==================== R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130620.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation) R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-06-01] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-05-31] (Symantec Corporation) R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130628.001\IDSvia64.sys [513184 2013-05-31] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\ENG64.SYS [126040 2013-06-23] (Symantec Corporation) R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\ENG64.SYS [126040 2013-06-23] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\EX64.SYS [2098776 2013-06-23] (Symantec Corporation) R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130628.024\EX64.SYS [2098776 2013-06-23] (Symantec Corporation) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation) R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation) S3 X6va011; \??\C:\Windows\SysWOW64\Drivers\X6va011 [x] S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-29 19:42 - 2013-06-29 19:42 - 00002947 ____A C:\Users\Thomas\Desktop\AdwCleaner[S2].txt 2013-06-29 19:32 - 2013-06-29 19:32 - 00002947 ____A C:\AdwCleaner[S2].txt 2013-06-29 19:31 - 2013-06-29 19:31 - 00648201 ____A C:\Users\Thomas\Desktop\adwcleaner (1).exe 2013-06-29 18:50 - 2013-06-29 18:51 - 00023053 ____A C:\Users\Thomas\Desktop\Addition.txt 2013-06-29 18:49 - 2013-06-29 18:49 - 00000000 ____D C:\FRST 2013-06-29 18:48 - 2013-06-29 18:48 - 01933592 ____A (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-29 17:52 - 2013-06-29 17:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-29 12:24 - 2013-06-29 12:34 - 00000000 ____D C:\Users\Thomas\AppData\Local\Solid State Networks 2013-06-29 12:24 - 2013-06-29 12:34 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment 2013-06-26 21:26 - 2013-06-29 19:33 - 00000000 ____D C:\Program Files (x86)\SafeSaver 2013-06-26 18:44 - 2013-06-26 18:44 - 00008068 ____A C:\Users\Thomas\Desktop\Unbenannt 1.odt 2013-06-22 11:46 - 2013-06-24 19:09 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc 2013-06-22 11:46 - 2013-06-22 11:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-06-19 17:52 - 2013-06-19 17:52 - 00000000 ____D C:\Users\Thomas\AppData\Local\techland 2013-06-18 19:28 - 2013-06-18 19:28 - 00002676 ____A C:\AdwCleaner[S1].txt 2013-06-17 21:46 - 2013-06-17 21:46 - 02347384 ____A (ESET) C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe 2013-06-17 20:34 - 2013-06-18 15:43 - 00000000 ____D C:\Users\Thomas\Bilder 2013-06-17 19:42 - 2013-06-18 15:43 - 00000000 ____D C:\Users\Thomas\Documents\dvd 2013-06-17 19:41 - 2013-06-17 21:11 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\DVD Flick 2013-06-17 19:41 - 2013-06-17 20:19 - 00000000 ____D C:\Program Files (x86)\DVD Flick 2013-06-17 19:41 - 2008-08-31 13:27 - 00028672 ____A (-) C:\Windows\SysWOW64\mousewheel.ocx 2013-06-17 19:41 - 2007-08-31 18:36 - 00036864 ____A (Robdogg Inc.) C:\Windows\SysWOW64\trayicon_handler.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 01081616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomctl.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 00662288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mscomct2.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 00609824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.ocx 2013-06-17 19:41 - 2004-03-09 00:00 - 00212240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\richtx32.ocx 2013-06-17 19:41 - 2003-01-26 13:41 - 00040960 ____A (vbAccelerator) C:\Windows\SysWOW64\ssubtmr6.dll 2013-06-17 19:41 - 1998-06-24 00:00 - 00164144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\comct232.ocx 2013-06-17 14:39 - 2013-06-17 14:39 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (3).exe 2013-06-17 14:38 - 2013-06-17 14:38 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (2).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (1).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-06-16 03:00 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-16 03:00 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-16 03:00 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-16 03:00 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-16 03:00 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-16 03:00 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-16 03:00 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-13 19:06 - 2013-06-13 19:06 - 00082694 ____A C:\Users\Thomas\Desktop\Urheberrecht.odp 2013-06-13 19:02 - 2013-06-13 19:02 - 00000000 ____D C:\Users\Thomas\Desktop\Bilder_Informatik 2013-06-12 21:47 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-12 21:47 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-12 21:47 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-12 21:47 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-12 21:47 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-12 21:47 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-12 21:47 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-12 21:47 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-12 13:43 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-12 13:43 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-12 13:43 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-12 13:43 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-12 13:43 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-12 13:43 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-12 13:43 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-12 13:43 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-12 13:43 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-12 13:43 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-12 13:43 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-12 13:43 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-12 13:43 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-12 13:43 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-12 13:43 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-12 13:43 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-12 13:43 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-12 13:43 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-12 13:43 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-03 14:05 - 2013-06-03 14:05 - 02347384 ____A (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_enu.exe 2013-06-02 16:52 - 2013-06-02 18:59 - 3195473839 ____A C:\Users\Thomas\Desktop\TPB AFK_ The Pirate Bay Away From Keyboard.mp4 ==================== One Month Modified Files and Folders ======= 2013-06-29 19:42 - 2013-06-29 19:42 - 00002947 ____A C:\Users\Thomas\Desktop\AdwCleaner[S2].txt 2013-06-29 19:42 - 2012-05-20 20:12 - 00000000 ____D C:\Users\Thomas\AppData\Local\PMB Files 2013-06-29 19:41 - 2013-04-26 20:37 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Spotify 2013-06-29 19:41 - 2011-11-07 18:47 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Skype 2013-06-29 19:41 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-29 19:41 - 2009-07-14 06:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-29 19:38 - 2011-11-07 18:32 - 01487961 ____A C:\Windows\WindowsUpdate.log 2013-06-29 19:35 - 2012-11-29 18:49 - 00000000 ___RD C:\Users\Thomas\Dropbox 2013-06-29 19:35 - 2012-11-29 18:46 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\Dropbox 2013-06-29 19:34 - 2013-01-24 16:07 - 00000354 ____A C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job 2013-06-29 19:34 - 2012-07-14 13:00 - 00001106 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-29 19:34 - 2012-04-22 18:35 - 00000000 ____D C:\Program Files (x86)\Steam 2013-06-29 19:34 - 2011-10-05 03:04 - 00000000 ____D C:\ProgramData\PDFC 2013-06-29 19:34 - 2011-10-05 02:48 - 00000000 ____D C:\ProgramData\NVIDIA 2013-06-29 19:34 - 2009-07-14 07:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-06-29 19:34 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-29 19:34 - 2009-07-14 06:51 - 00060306 ____A C:\Windows\setupact.log 2013-06-29 19:33 - 2013-06-26 21:26 - 00000000 ____D C:\Program Files (x86)\SafeSaver 2013-06-29 19:33 - 2010-11-21 05:47 - 00211752 ____A C:\Windows\PFRO.log 2013-06-29 19:32 - 2013-06-29 19:32 - 00002947 ____A C:\AdwCleaner[S2].txt 2013-06-29 19:31 - 2013-06-29 19:31 - 00648201 ____A C:\Users\Thomas\Desktop\adwcleaner (1).exe 2013-06-29 19:31 - 2011-12-08 23:12 - 00000000 ___RD C:\Users\Thomas\Desktop\Sonstiges 2013-06-29 19:28 - 2013-04-06 12:09 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-29 19:26 - 2012-07-14 13:00 - 00001110 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-29 19:07 - 2012-05-02 21:20 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000UA.job 2013-06-29 18:51 - 2013-06-29 18:50 - 00023053 ____A C:\Users\Thomas\Desktop\Addition.txt 2013-06-29 18:49 - 2013-06-29 18:49 - 00000000 ____D C:\FRST 2013-06-29 18:48 - 2013-06-29 18:48 - 01933592 ____A (Farbar) C:\Users\Thomas\Desktop\FRST64.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-29 17:52 - 2013-06-29 17:52 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-29 17:52 - 2013-06-29 17:52 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-29 17:52 - 2012-06-23 18:51 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-29 17:52 - 2011-11-07 19:07 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-06-29 13:28 - 2013-04-26 20:38 - 00000000 ____D C:\Users\Thomas\AppData\Local\Spotify 2013-06-29 12:34 - 2013-06-29 12:24 - 00000000 ____D C:\Users\Thomas\AppData\Local\Solid State Networks 2013-06-29 12:34 - 2013-06-29 12:24 - 00000000 ____D C:\Program Files (x86)\MeteorEntertainment 2013-06-29 12:14 - 2012-12-22 14:05 - 00019963 ____A C:\Users\Thomas\Desktop\Wunschliste.sxw 2013-06-29 10:42 - 2012-05-02 21:20 - 00001072 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016465000-965126481-3645123389-1000Core.job 2013-06-26 18:44 - 2013-06-26 18:44 - 00008068 ____A C:\Users\Thomas\Desktop\Unbenannt 1.odt 2013-06-24 19:09 - 2013-06-22 11:46 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\vlc 2013-06-24 16:38 - 2012-01-10 16:57 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForThomas.job 2013-06-22 13:43 - 2012-04-04 09:42 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk 2013-06-22 13:43 - 2011-10-05 03:08 - 00000000 ____D C:\Windows\System32\Drivers\NISx64 2013-06-22 11:46 - 2013-06-22 11:46 - 00000000 ____D C:\Program Files (x86)\VideoLAN 2013-06-21 18:53 - 2011-11-07 18:47 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-06-21 18:53 - 2011-11-07 18:47 - 00000000 ____D C:\ProgramData\Skype 2013-06-19 17:52 - 2013-06-19 17:52 - 00000000 ____D C:\Users\Thomas\AppData\Local\techland 2013-06-19 17:51 - 2011-10-05 03:05 - 00658592 ____A C:\Windows\DirectX.log 2013-06-19 13:39 - 2011-10-05 03:08 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2013-06-19 13:39 - 2011-10-05 03:08 - 00007631 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2013-06-18 19:28 - 2013-06-18 19:28 - 00002676 ____A C:\AdwCleaner[S1].txt 2013-06-18 19:28 - 2011-11-08 18:57 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\SoftGrid Client 2013-06-18 15:43 - 2013-06-17 20:34 - 00000000 ____D C:\Users\Thomas\Bilder 2013-06-18 15:43 - 2013-06-17 19:42 - 00000000 ____D C:\Users\Thomas\Documents\dvd 2013-06-17 21:46 - 2013-06-17 21:46 - 02347384 ____A (ESET) C:\Users\Thomas\Desktop\esetsmartinstaller_enu.exe 2013-06-17 21:11 - 2013-06-17 19:41 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\DVD Flick 2013-06-17 20:34 - 2011-11-07 18:34 - 00000000 ____D C:\users\Thomas 2013-06-17 20:19 - 2013-06-17 19:41 - 00000000 ____D C:\Program Files (x86)\DVD Flick 2013-06-17 14:39 - 2013-06-17 14:39 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (3).exe 2013-06-17 14:38 - 2013-06-17 14:38 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (2).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 07872648 ____A (Adobe Systems Inc.) C:\Users\Thomas\Downloads\Shockwave_Installer_Slim (1).exe 2013-06-17 14:37 - 2013-06-17 14:37 - 00000000 ____D C:\Windows\SysWOW64\Adobe 2013-06-14 21:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-06-13 21:49 - 2011-12-21 17:43 - 00000000 ____D C:\Users\Thomas\AppData\Local\CrashDumps 2013-06-13 19:06 - 2013-06-13 19:06 - 00082694 ____A C:\Users\Thomas\Desktop\Urheberrecht.odp 2013-06-13 19:02 - 2013-06-13 19:02 - 00000000 ____D C:\Users\Thomas\Desktop\Bilder_Informatik 2013-06-12 21:48 - 2012-01-21 10:00 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-12 13:31 - 2013-04-06 12:09 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 13:31 - 2013-04-06 12:09 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-11 16:34 - 2013-01-02 00:22 - 00000000 ____D C:\Users\Thomas\Desktop\Spiele 2013-06-08 16:08 - 2013-06-16 03:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 16:07 - 2013-06-16 03:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 16:06 - 2013-06-16 03:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 14:28 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 13:42 - 2013-06-16 03:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 13:40 - 2013-06-16 03:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 13:13 - 2013-06-16 03:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 18:52 - 2012-12-19 20:45 - 00000000 ____D C:\Users\Thomas\AppData\Local\Deployment 2013-06-06 20:56 - 2012-03-22 18:55 - 00000000 ____D C:\Users\Thomas\AppData\Roaming\.minecraft 2013-06-04 16:53 - 2012-06-17 13:01 - 00000356 ____A C:\Windows\Tasks\HPCeeScheduleForTHOMAS-WINDOWS7$.job 2013-06-03 18:31 - 2011-10-05 02:39 - 03290508 ____A C:\Windows\System32\perfh007.dat 2013-06-03 18:31 - 2011-10-05 02:39 - 00955760 ____A C:\Windows\System32\perfc007.dat 2013-06-03 18:31 - 2009-07-14 07:13 - 00006468 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-03 14:05 - 2013-06-03 14:05 - 02347384 ____A (ESET) C:\Users\Thomas\Downloads\esetsmartinstaller_enu.exe 2013-06-02 18:59 - 2013-06-02 16:52 - 3195473839 ____A C:\Users\Thomas\Desktop\TPB AFK_ The Pirate Bay Away From Keyboard.mp4 2013-06-01 18:18 - 2011-10-05 03:08 - 00000000 ____D C:\ProgramData\Norton 2013-06-01 18:13 - 2011-10-05 03:08 - 00000000 ____D C:\Program Files\Symantec ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-06-14 21:37 ==================== End Of Log ============================ |
29.06.2013, 19:11 | #6 |
/// TB-Ausbilder | "Ads not by this site" und "safesaver" Kannst du versuchen, ob du deine Addons und Einstellungen wieder irgendwie aus C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default (und Unterverzeichnisse) wiederherstellen kannst? Ich muss in der Zwischenzeit mal abklären, was hier schiefgelaufen ist...
__________________ --> "Ads not by this site" und "safesaver" |
29.06.2013, 19:16 | #7 |
| "Ads not by this site" und "safesaver" Das überschreitet dann doch meine technischen Kenntnisse. Ich sehe hier leider nichts, das ich wie auch immer wiederherstellen könnte. Nur zwei Ordner namens Default, mit weiteren Ordnern wie Application Cache oder Extensions. |
29.06.2013, 19:20 | #8 |
/// TB-Ausbilder | "Ads not by this site" und "safesaver" Hast du dich mit dem Google-Konto im Chrome angemeldet? Dann solltest du deine Einstellungen wieder mit diesem synchronisieren können.
__________________ cheers, Leo |
29.06.2013, 19:25 | #9 |
| "Ads not by this site" und "safesaver" Nein, hatte ich nicht. Ist aber auch halb so wild, meine Chronik ist noch vorhanden - die fehlenden Addons werde ich eben nochmal installieren, waren nur vier. |
29.06.2013, 19:28 | #10 |
/// TB-Ausbilder | "Ads not by this site" und "safesaver" Tut mir leid dafür, irgendwas beim AdwCleaner ist da ziemlich schief gegangen.. Sind aber wenigstens die "ads not by this site" und die Verlinkungen verschwunden?
__________________ cheers, Leo |
29.06.2013, 19:42 | #11 |
| "Ads not by this site" und "safesaver" Sieht ganz danach aus. Allerdings funktioniert von den Addons nur noch Adblock und WOT. Norton Identity Safe (braucht man das überhaupt? Mich hat es immer ziemlich genervt) und NotScripts funktionieren nicht. Zumindest wegen NotScripts werde ich dann wohl wieder auf Firefox umsteigen und NoScript nutzen. Trotzdem danke für die Hilfe! |
Themen zu "Ads not by this site" und "safesaver" |
absolut, ads, ads not by this site, ahnung, bedeuten, bestimmte, besuch, besucht, browser, click, continue, downloads, ebenfalls, erscheint, falsch, folge, folgende, googleadservices.com, interne, internetseite, internetseiten, klick, langsam, link, not, safesaver, superfish.com, this, trotz, trotz adblocker, wirklich, wörter |