| |
| |||||||
Log-Analyse und Auswertung: Ständige Werbung im InternetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.05.2014, 18:32
| #1 |
| |  Ständige Werbung im Internet Hallo liebes Trjonar Board Team, Seit ein paar Wochen werde ich im Internet immer mit Werbung genervt, sodass ich sogar ein Online Spiel nicht spielen kann weil um das komplette Fenster Werbung ist und so alles abgehakt ist. Manchmal funktioniert sogar der ganze Browser nicht, was mich sehr verwundert Ein Freund von mir meinte ich habe einen Trojaner, der diese Werbung verursacht und hat mir zu euch geraten. Ich wollte euch daher um Hilfe bitten, mir bei meinem Problem zu helfen.  |
|
11.05.2014, 05:51
| #2 |
| /// the machine /// TB-Ausbilder    | Ständige Werbung im Internet hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.05.2014, 11:22
| #3 |
| | Ständige Werbung im Internet [QUOTE=Andy015;1298173]Hallo liebes Trjonar Board Team,
__________________Hab unten die beiden Dateien eingefügt. Ich hoffe ihr findet einen Fehler und Dankschön schonmal im Vorraus |
|
12.05.2014, 11:00
| #4 |
| /// the machine /// TB-Ausbilder | Ständige Werbung im Internet Hi, Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.05.2014, 17:54
| #5 |
| | Ständige Werbung im Internet FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Andreas Uhl at 2014-05-11 11:50:50
Running from C:\Users\Andreas Uhl\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
AllSharePlayLink (HKLM-x32\...\{CE1836A8-3F2B-49BD-8395-93DD414068D2}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
AMD Accelerated Video Transcoding (Version: 12.5.100.20912 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
AnyProtect (HKLM-x32\...\AnyProtect) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.5.512 - AVG Technologies)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version: - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version: - Infinity Ward)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.13 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Euro Truck Simulator 2 (HKLM-x32\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.1.1 - SCS Software)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.12.827 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.12.827 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.11.812 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.11.812 - DVDVideoSoft Ltd.)
Freeven pro (HKLM-x32\...\Freeven pro) (Version: 1.34.4.10 - Freeven) <==== ATTENTION
Galerie de photos (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.2.0.38 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Opera 12.16 (HKLM-x32\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.216 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.7 - Samsung Electronics CO., LTD.)
Re-markit (HKLM-x32\...\C41FBC48-71F7-7251-7D3C-727F8A92664B) (Version: - Re-markit-software) <==== ATTENTION
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
SeaMonkey 2.26 (x86 de) (HKLM-x32\...\SeaMonkey 2.26 (x86 de)) (Version: 2.26 - Mozilla)
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Softonic toolbar on IE and Chrome (HKLM-x32\...\Softonic) (Version: 1.8.21.14 - Softonic) <==== ATTENTION
SpeedUpMyPC (HKLM-x32\...\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1) (Version: 6.0.3.3 - Uniblue Systems Limited) <==== ATTENTION
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 1.3.0.0 - IObit)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Support Center (HKLM\...\{8EC7C961-2CD2-49DC-8F39-75E9CD20BB19}) (Version: 2.1.100 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.3020.2 - TuneUp Software)
TuneUp Utilities 2013 (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.3020.2 - TuneUp Software) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
User Guide (HKLM-x32\...\{2888FDD1-5EEC-4D56-84B7-4D20DAC0E090}) (Version: 1.3.00 - Samsung Electronics CO., LTD.)
VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) <==== ATTENTION
webssearches uninstaller (HKLM-x32\...\webssearches uninstaller) (Version: - webssearches) <==== ATTENTION
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)
Windows Live (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL) <==== ATTENTION
==================== Restore Points =========================
27-02-2014 18:29:34 Windows Update
08-03-2014 14:11:36 Windows Update
14-03-2014 18:43:36 Windows Update
16-04-2014 09:12:32 Entfernt Age of Empires III
07-05-2014 16:25:01 Windows Update
==================== Hosts content: ==========================
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {239E4D5C-D213-4FAB-8782-FA852F24F6B6} - System32\Tasks\Re-markit_wd => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe [2014-04-17] () <==== ATTENTION
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2F10A837-DF27-43E7-863C-D403E530B120} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2013-01-28] (TuneUp Software)
Task: {360E6A74-D5C4-4B13-8771-2673A7168F63} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3852D275-616A-4724-B0AB-B8BE2B787024} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {3B12E344-1CE2-4974-A12D-302C071A5BCE} - System32\Tasks\Google Updater and Installer => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {3C8973ED-B646-4D33-9350-2A35B2218C71} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {40A94FA5-E64A-44B2-93B0-94237A573362} - System32\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3 => C:\Program Files (x86)\Freeven pro\60279aff-e671-4cc9-b706-f086fc50f81f-3.exe [2014-04-17] (Freeven) <==== ATTENTION
Task: {44DEEF41-235F-47FC-8292-275F601CD1B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4790FD94-D9C2-41D0-BD67-D7B7AB983D6F} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-05-01] (SEC)
Task: {4BB7FF46-3E09-4C3C-A413-237F828DFBF4} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {55035035-5010-47E1-8ABE-DAA1022C458D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {56D1DF60-15A3-4566-AA2F-3388DE692E50} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-17] (AnyProtect by CMI) <==== ATTENTION
Task: {5F30E545-214E-486D-9751-3F566A3C62B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {6AB0C885-B053-4F79-BF40-FA489BDDF224} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {743CD877-32DF-4F1E-A8BA-9554F0573543} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {8AD90E8B-5EF5-48E3-9CBD-402CA9FD6680} - System32\Tasks\SpeedUpMyPC Maintenance => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe [2014-03-24] (Uniblue Systems Limited) <==== ATTENTION
Task: {9063CD4A-979E-4EF5-B911-FF86DA191B7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-04-17] (Piriform Ltd)
Task: {929E05A2-66C3-4687-9117-9E9C245F4A5E} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {94188A6C-630C-468B-B6BD-54498CDE7BD4} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-17] (AnyProtect by CMI) <==== ATTENTION
Task: {99271166-5755-40A4-B57D-C3FA4E7253F4} - System32\Tasks\Re-markit Update => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe [2014-04-17] () <==== ATTENTION
Task: {9BB44B33-A3EF-4757-921F-CDA799883782} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AF534745-F1AB-4DD2-96ED-E239E01EFCA8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {B9816848-292F-4719-B8EF-034CFCD8E64C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-04-17] (AnyProtect by CMI) <==== ATTENTION
Task: {C2F4C8DE-3A24-40F8-9F88-C16CE76919D2} - System32\Tasks\StartMenuAutoupdate => C:\Program Files (x86)\IObit\Start Menu 8\AutoUpdate.exe [2013-09-29] (IObit)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {D956701E-715C-4E59-8E5B-AD512A176318} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-09-05] (Samsung Electronics CO., LTD.)
Task: {E0C63C4D-F429-4DAD-B8F5-438D03F61077} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-26] ()
Task: {E8A9A260-B780-471B-B239-65BE5C6991AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-07] (Google Inc.)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F8418E5E-95FA-46E2-A1F8-9F175419DCCC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\WSCStub.exe [2014-03-12] (Symantec Corporation)
Task: {FCA34E62-C572-4BEB-A4C6-310EDFE35F0A} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2014-04-26] ()
Task: C:\windows\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3.job => C:\Program Files (x86)\Freeven pro\60279aff-e671-4cc9-b706-f086fc50f81f-3.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core.job => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA.job => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Re-markit Update.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQL.exe <==== ATTENTION
Task: C:\windows\Tasks\Re-markit_wd.job => C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe <==== ATTENTION
Task: C:\windows\Tasks\SpeedUpMyPC Maintenance.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
Task: C:\windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-04-17 09:35 - 2014-04-17 09:35 - 00142336 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
2014-05-08 18:34 - 2014-05-08 18:32 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
2012-09-05 09:50 - 2012-09-05 09:50 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-04-17 09:35 - 2014-04-17 09:35 - 00077312 _____ () C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
2014-04-26 17:59 - 2014-04-26 17:58 - 02725912 _____ () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
2012-12-05 20:44 - 2012-12-05 20:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-12-05 20:39 - 2012-12-05 20:39 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-12-05 20:41 - 2012-12-05 20:41 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-03-14 16:06 - 2014-03-14 16:06 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-03-14 16:00 - 2014-03-14 16:00 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2012-12-05 20:44 - 2012-12-05 20:44 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-16 19:15 - 2013-10-16 19:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-02-04 19:03 - 2014-05-08 18:32 - 02561560 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2012-09-12 10:07 - 2012-09-12 10:07 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00173568 _____ () C:\Program Files\TeamSpeak 3 Client\quazip.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 01080832 _____ () C:\Program Files\TeamSpeak 3 Client\platforms\qwindows.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00833024 _____ () C:\Program Files\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00102344 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00108488 _____ () C:\Program Files\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00030208 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qgif.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00233984 _____ () C:\Program Files\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00563656 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00577480 _____ () C:\Program Files\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-03-26 17:04 - 2014-03-26 17:04 - 00159232 _____ () C:\Program Files\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 11:15:45 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.2.9200.16628, Zeitstempel: 0x51a94434
Name des fehlerhaften Moduls: twinui.dll, Version: 6.2.9200.16680, Zeitstempel: 0x51fb45f3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000186c
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5
Error: (05/10/2014 10:13:08 AM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm Explorer.EXE, Version 6.2.9200.16628 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 654
Startzeit: 01cf6c23938120eb
Endzeit: 0
Anwendungspfad: C:\windows\Explorer.EXE
Berichts-ID: dc54934f-d81a-11e3-8117-50b7c353d3f6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (05/09/2014 07:20:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3011)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (05/09/2014 07:20:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (05/09/2014 07:20:40 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (05/09/2014 01:19:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3011)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (05/09/2014 01:19:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (05/09/2014 01:19:36 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (05/09/2014 01:07:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3011)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (05/09/2014 01:07:14 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (05/11/2014 11:19:44 AM) (Source: Service Control Manager) (User: ) (EventID: 7022)
Description: Der Dienst "Norton Internet Security" wurde nicht richtig gestartet.
Error: (05/11/2014 11:15:09 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Service Component of VO" wurde aufgrund folgenden Fehlers nicht gestartet:
%%193
Error: (05/11/2014 11:15:05 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/11/2014 11:15:05 AM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (05/11/2014 11:14:10 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) (EventID: 6)
Description: 0xc000014d0
Error: (05/11/2014 11:13:18 AM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: Der Dienst "WerSvc" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/11/2014 11:02:36 AM) (Source: DCOM) (User: NB2) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NB2Andreas UhlS-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/11/2014 11:02:36 AM) (Source: DCOM) (User: NB2) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NB2Andreas UhlS-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/11/2014 11:02:36 AM) (Source: DCOM) (User: NB2) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NB2Andreas UhlS-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Error: (05/11/2014 11:02:36 AM) (Source: DCOM) (User: NB2) (EventID: 10016)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}NB2Andreas UhlS-1-5-21-1225493163-4127186220-2738876131-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 5595.02 MB
Available physical RAM: 3786.51 MB
Total Pagefile: 6683.02 MB
Available Pagefile: 4898.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:905.82 GB) (Free:786.9 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 3945EBAC)
Partition: GPT Partition Type.
==================== End Of Log ============================
Ich hoffe es ist so richtig  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Andreas Uhl (administrator) on NB2 on 11-05-2014 11:47:36
Running from C:\Users\Andreas Uhl\Downloads
Platform: Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\loggingserver.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe
() C:\Program Files (x86)\Re-markit-soft\Re-markitfQLOWw.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\POWERPNT.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2561560 2014-05-08] ()
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Google Update] => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-07] (Google Inc.)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-26] ()
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\RunOnce: [Uninstall C:\Users\Andreas Uhl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andreas Uhl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\MountPoints2: {1ede5cad-1987-11e2-be6d-806e6f6e6963} - "D:\autorun.exe"
HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\MountPoints2: {31192742-cec3-11e2-beaa-50b7c353d3f6} - "E:\iLinker.exe"
Startup: C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:13828
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
SearchScopes: HKLM - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
SearchScopes: HKLM-x32 - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=46BD50B7C353D3F6&affID=121564&tsp=4979
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://mysearch.avg.com/search?cid={098456AC-AC4B-4D70-863A-362B7BA139AC}&mid=4cc4156e3ec547d39cdb81fe85b73a05-420ca00577a5727bc8b5849da0b7e6cd81344f39&lang=ge/finishurl=hxxp://toolbar.avg.com/p-install?lang=ge&ds=ht011&pr=sa&d=2013-09-03 11:42:04&v=15.4.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL =
SearchScopes: HKCU - {F4F8CB4B-F94B-4899-8EDD-8660259C025D} URL = hxxp://search.softonic.com/MOY00359/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=46bd14d800000000000050b7c353d3f6&r=809
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Flagfox - {BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24} - C:\Users\Andreas Uhl\AppData\LocalLow\Flagfox\IE\Flagfox.dll (Dave G)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.5.512\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.5\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default
FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.5\\npsitesafety.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andreas Uhl\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andreas Uhl\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Freeven pro - C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\Extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com [2014-04-17]
FF Extension: Flagfox - C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\Extensions\info@flagfox.net [2013-05-29]
FF Extension: Quick Start - C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\Extensions\quick_start@gmail.com [2014-04-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.5.512 [2014-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-19]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\extensions\quick_start@gmail.com [2014-04-17]
FF HKCU\...\Firefox\Extensions: [{372479DD-B552-F0A8-F0E5-EEEEA6602285}] - C:\Program Files (x86)\Re-markit-soft\158.xpi
FF Extension: Re-markit - C:\Program Files (x86)\Re-markit-soft\158.xpi [2014-04-17]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-07]
CHR Extension: (Google Drive) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-07]
CHR Extension: (YouTube) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07]
CHR Extension: (Flagfox) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2013-07-07]
CHR Extension: (Google Search) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07]
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-09-04]
CHR Extension: (Re-markit) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-17]
CHR Extension: (Freeven pro) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl [2014-04-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-07]
CHR Extension: (AVG SafeGuard) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-09-03]
CHR Extension: (DVDVideoSoft) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-20]
CHR Extension: (Google Wallet) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [cfdfamfnacokbbbnmpdfmhonipnhmbid] - C:\Users\Andreas Uhl\AppData\LocalLow\Flagfox\CHROME\Flagfox.crx [2013-04-28]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-17]
==================== Services (Whitelisted) =================
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Re-markit; C:\Program Files (x86)\Re-markit-soft\Re-markitfQL158.exe [142336 2014-04-17] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software)
S2 vosr; C:\Users\Andreas Uhl\AppData\Roaming\VOPackage\VOsrv.exe [355328 2014-04-15] ()
R2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [1801752 2014-05-08] (AVG Secure Search)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-05-08] (AVG Technologies)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140509.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140510.001\ENG64.SYS [126040 2014-03-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140510.001\EX64.SYS [2099288 2014-03-15] (Symantec Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 11:47 - 2014-05-11 11:48 - 00029675 _____ () C:\Users\Andreas Uhl\Downloads\FRST.txt
2014-05-11 11:46 - 2014-05-11 11:47 - 00000000 ____D () C:\FRST
2014-05-11 11:41 - 2014-05-11 11:41 - 02066432 _____ (Farbar) C:\Users\Andreas Uhl\Desktop\FRST64.exe
2014-05-11 11:17 - 2014-05-11 11:17 - 00000000 ___RD () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-11 11:01 - 2014-05-11 11:01 - 00000330 _____ () C:\windows\PFRO.log
2014-05-10 09:52 - 2014-05-10 09:52 - 00000165 ____H () C:\Users\Andreas Uhl\Documents\~$GFS Geschichte 2WK.pptx
2014-05-08 18:34 - 2014-05-08 18:34 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-07 18:20 - 2014-05-08 18:54 - 00024191 _____ () C:\windows\WindowsUpdate.log
2014-05-07 17:38 - 2014-05-07 17:38 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Skype
2014-05-07 17:35 - 2014-05-07 17:35 - 00002729 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 19:18 - 2014-05-06 19:18 - 00000002 _____ () C:\Users\Andreas
2014-05-06 19:17 - 2014-05-06 19:17 - 00991848 _____ () C:\Users\Andreas Uhl\Downloads\setup (3).exe
2014-05-06 18:58 - 2014-05-06 18:58 - 00001996 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-05-06 18:51 - 2014-05-06 18:52 - 26335205 _____ () C:\Users\Andreas Uhl\Downloads\SeaMonkey_Setup_de2.26.exe
2014-05-06 18:43 - 2014-05-06 18:43 - 00002784 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-05-06 18:43 - 2014-05-06 18:43 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 18:40 - 2014-05-06 18:40 - 03671432 _____ (Piriform Ltd) C:\Users\Andreas Uhl\Downloads\ccsetup413_slim.exe
2014-05-03 18:14 - 2014-05-03 18:14 - 00698337 _____ () C:\Users\Andreas Uhl\Downloads\ManSpedEckhardtSkinV1.2.rar
2014-05-03 18:02 - 2014-05-03 18:03 - 09656654 _____ () C:\Users\Andreas Uhl\Downloads\zZz_schmitz_sko_v2.7z
2014-05-03 17:58 - 2014-05-03 17:58 - 00499720 _____ () C:\Users\Andreas Uhl\Downloads\Player_Setup.exe
2014-04-26 17:59 - 2014-05-11 11:15 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-04-26 17:59 - 2014-05-11 11:15 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-04-26 17:59 - 2014-04-26 17:59 - 00002656 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv
2014-04-26 17:59 - 2014-04-26 17:59 - 00002654 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel
2014-04-26 17:59 - 2014-04-26 17:59 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update
2014-04-25 19:29 - 2014-04-25 19:29 - 00991832 _____ () C:\Users\Andreas Uhl\Downloads\setup (2).exe
2014-04-25 08:43 - 2014-04-25 08:43 - 04317175 _____ () C:\Users\Andreas Uhl\Downloads\Michael Jackson Show Truck .rar
2014-04-23 09:19 - 2014-04-23 09:19 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 10:05 - 2014-04-22 10:06 - 04313606 _____ () C:\Users\Andreas Uhl\Downloads\EfficientLine.RAR
2014-04-22 09:53 - 2014-04-22 09:56 - 00001124 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-04-22 09:25 - 2014-04-22 09:25 - 00993712 _____ () C:\Users\Andreas Uhl\Downloads\setup (1).exe
2014-04-18 14:48 - 2014-04-18 14:48 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\WinRAR
2014-04-18 14:47 - 2014-04-22 10:24 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-18 14:47 - 2014-04-22 09:56 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-18 14:47 - 2014-04-22 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-18 14:46 - 2014-04-18 14:46 - 02087616 _____ () C:\Users\Andreas Uhl\Downloads\winrar-x64-501d.exe
2014-04-18 14:22 - 2014-04-18 14:26 - 17180155 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part3.rar
2014-04-18 14:19 - 2014-04-18 14:40 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part2.rar
2014-04-18 14:18 - 2014-04-18 14:40 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part1.rar
2014-04-18 14:16 - 2014-04-18 14:16 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java (1).exe
2014-04-18 14:11 - 2014-04-18 14:11 - 00337562 _____ () C:\Users\Andreas Uhl\Downloads\promods-def-v162.scs
2014-04-17 18:38 - 2014-04-17 18:38 - 00012519 _____ () C:\Users\Andreas Uhl\Downloads\Fahrtenbuch TIMO.ods
2014-04-17 09:48 - 2014-04-17 18:32 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP3.job
2014-04-17 09:48 - 2014-04-17 09:48 - 00002820 _____ () C:\windows\System32\Tasks\APSnotifierPP3
2014-04-17 09:47 - 2014-04-17 18:32 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP2.job
2014-04-17 09:47 - 2014-04-17 10:10 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP1.job
2014-04-17 09:47 - 2014-04-17 09:47 - 00002822 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2014-04-17 09:47 - 2014-04-17 09:47 - 00002820 _____ () C:\windows\System32\Tasks\APSnotifierPP2
2014-04-17 09:42 - 2014-04-17 09:46 - 00002868 _____ () C:\Users\Andreas Uhl\AppData\Roaming\aps.scan.results
2014-04-17 09:42 - 2014-04-17 09:46 - 00001226 _____ () C:\Users\Andreas Uhl\AppData\Roaming\aps.scan.quick.results
2014-04-17 09:42 - 2014-04-17 09:46 - 00000314 _____ () C:\Users\Andreas Uhl\AppData\Roaming\aps.uninstall.scan.results
2014-04-17 09:42 - 2014-04-17 09:42 - 00001065 _____ () C:\Users\Andreas Uhl\Desktop\AnyProtect.lnk
2014-04-17 09:42 - 2014-04-17 09:42 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-04-17 09:41 - 2014-04-17 09:40 - 01097384 _____ (AnyProtect.com) C:\Users\Andreas Uhl\AppData\Local\nsd3982.tmp
2014-04-17 09:40 - 2014-04-17 09:42 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-04-17 09:40 - 2014-04-17 09:40 - 00001987 _____ () C:\Users\Andreas Uhl\Desktop\Sync Folder.lnk
2014-04-17 09:40 - 2014-04-17 09:40 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\VOPackage
2014-04-17 09:40 - 2014-04-17 09:40 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-17 09:39 - 2014-05-11 11:39 - 00000298 _____ () C:\windows\Tasks\SpeedUpMyPC Maintenance.job
2014-04-17 09:39 - 2014-05-11 11:17 - 00000292 _____ () C:\windows\Tasks\SpeedUpMyPC Startup.job
2014-04-17 09:39 - 2014-04-17 09:40 - 00003202 _____ () C:\windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-04-17 09:39 - 2014-04-17 09:40 - 00002506 _____ () C:\windows\System32\Tasks\SpeedUpMyPC Startup
2014-04-17 09:38 - 2014-04-22 08:45 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-17 09:38 - 2014-04-17 09:38 - 00001183 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-04-17 09:38 - 2014-04-17 09:38 - 00001105 _____ () C:\Users\Andreas Uhl\Desktop\MyPC Backup.lnk
2014-04-17 09:38 - 2014-04-17 09:38 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-04-17 09:38 - 2014-04-17 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-04-17 09:37 - 2014-04-17 09:37 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-04-17 09:36 - 2014-05-11 11:15 - 00002788 _____ () C:\windows\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3.job
2014-04-17 09:36 - 2014-04-18 15:15 - 00000000 ____D () C:\Program Files (x86)\Freeven pro
2014-04-17 09:36 - 2014-04-17 09:37 - 00005792 _____ () C:\windows\System32\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3
2014-04-17 09:35 - 2014-05-11 11:15 - 00000426 _____ () C:\windows\Tasks\Re-markit Update.job
2014-04-17 09:35 - 2014-05-11 11:15 - 00000416 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-04-17 09:35 - 2014-04-17 09:35 - 00003078 _____ () C:\windows\System32\Tasks\Re-markit Update
2014-04-17 09:35 - 2014-04-17 09:35 - 00003008 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-04-17 09:35 - 2014-04-17 09:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-17 09:35 - 2014-04-17 09:35 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-17 09:30 - 2014-04-17 09:30 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java.exe
2014-04-16 19:03 - 2014-04-16 19:03 - 00133200 _____ () C:\Users\Andreas Uhl\Downloads\Scania CAT GTB.scs
2014-04-16 18:38 - 2014-04-16 18:50 - 701254664 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe
2014-04-16 18:37 - 2014-04-16 18:37 - 00053921 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe.torrent
2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (2).torrent
2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (1).torrent
2014-04-16 18:33 - 2014-04-16 18:33 - 00994872 _____ () C:\Users\Andreas Uhl\Downloads\setup.exe
2014-04-16 18:33 - 2014-04-16 18:33 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe.torrent
2014-04-16 11:53 - 2014-04-16 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-04-16 11:28 - 2014-04-16 11:29 - 00000000 ____D () C:\0d43f13f00f98aa4e739aa4c4d43
2014-04-16 11:12 - 2014-04-16 11:12 - 00000000 ____D () C:\ProgramData\InstallShield
==================== One Month Modified Files and Folders =======
2014-05-11 11:48 - 2014-05-11 11:47 - 00029675 _____ () C:\Users\Andreas Uhl\Downloads\FRST.txt
2014-05-11 11:47 - 2014-05-11 11:46 - 00000000 ____D () C:\FRST
2014-05-11 11:41 - 2014-05-11 11:41 - 02066432 _____ (Farbar) C:\Users\Andreas Uhl\Desktop\FRST64.exe
2014-05-11 11:39 - 2014-04-17 09:39 - 00000298 _____ () C:\windows\Tasks\SpeedUpMyPC Maintenance.job
2014-05-11 11:39 - 2013-07-07 17:19 - 00001152 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA.job
2014-05-11 11:39 - 2013-07-07 13:28 - 00001128 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 11:33 - 2013-06-15 19:43 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\TS3Client
2014-05-11 11:33 - 2013-05-30 12:56 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Skype
2014-05-11 11:24 - 2012-10-19 08:12 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-11 11:21 - 2013-05-27 20:12 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1225493163-4127186220-2738876131-1001
2014-05-11 11:18 - 2013-09-27 16:39 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-11 11:17 - 2014-05-11 11:17 - 00000000 ___RD () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-11 11:17 - 2014-04-17 09:39 - 00000292 _____ () C:\windows\Tasks\SpeedUpMyPC Startup.job
2014-05-11 11:15 - 2014-04-26 17:59 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2014-05-11 11:15 - 2014-04-26 17:59 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2014-05-11 11:15 - 2014-04-17 09:36 - 00002788 _____ () C:\windows\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3.job
2014-05-11 11:15 - 2014-04-17 09:35 - 00000426 _____ () C:\windows\Tasks\Re-markit Update.job
2014-05-11 11:15 - 2014-04-17 09:35 - 00000416 _____ () C:\windows\Tasks\Re-markit_wd.job
2014-05-11 11:15 - 2013-07-07 13:28 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 11:14 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-11 11:01 - 2014-05-11 11:01 - 00000330 _____ () C:\windows\PFRO.log
2014-05-10 20:10 - 2013-05-29 19:15 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\Word Dateien
2014-05-10 20:02 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-10 19:39 - 2013-07-07 17:19 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core.job
2014-05-10 19:34 - 2013-07-07 13:28 - 00004100 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-10 19:34 - 2013-07-07 13:28 - 00003864 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-10 19:06 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-05-10 09:53 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF
2014-05-10 09:52 - 2014-05-10 09:52 - 00000165 ____H () C:\Users\Andreas Uhl\Documents\~$GFS Geschichte 2WK.pptx
2014-05-09 19:34 - 2013-07-07 17:19 - 00004110 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA
2014-05-09 19:34 - 2013-07-07 17:19 - 00003730 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core
2014-05-09 19:20 - 2012-10-19 23:07 - 12288682 _____ () C:\windows\system32\perfh007.dat
2014-05-09 19:20 - 2012-10-19 23:07 - 03639694 _____ () C:\windows\system32\perfc007.dat
2014-05-09 19:20 - 2012-07-26 09:28 - 00005434 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-08 18:54 - 2014-05-07 18:20 - 00024191 _____ () C:\windows\WindowsUpdate.log
2014-05-08 18:34 - 2014-05-08 18:34 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-05-08 18:34 - 2013-09-03 11:41 - 00003790 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-05-08 18:34 - 2013-09-03 11:41 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-05-08 18:32 - 2013-09-03 11:42 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-05-08 18:31 - 2013-05-27 20:03 - 00000000 ____D () C:\Users\Andreas Uhl
2014-05-07 17:38 - 2014-05-07 17:38 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Skype
2014-05-07 17:36 - 2013-05-30 12:56 - 00000000 ____D () C:\ProgramData\Skype
2014-05-07 17:35 - 2014-05-07 17:35 - 00002729 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-06 19:18 - 2014-05-06 19:18 - 00000002 _____ () C:\Users\Andreas
2014-05-06 19:17 - 2014-05-06 19:17 - 00991848 _____ () C:\Users\Andreas Uhl\Downloads\setup (3).exe
2014-05-06 18:58 - 2014-05-06 18:58 - 00001996 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk
2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey
2014-05-06 18:58 - 2013-05-27 22:50 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Mozilla
2014-05-06 18:58 - 2013-05-27 22:50 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Mozilla
2014-05-06 18:52 - 2014-05-06 18:51 - 26335205 _____ () C:\Users\Andreas Uhl\Downloads\SeaMonkey_Setup_de2.26.exe
2014-05-06 18:45 - 2013-06-02 15:15 - 00000000 ____D () C:\windows\Minidump
2014-05-06 18:45 - 2013-05-27 20:05 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\CrashDumps
2014-05-06 18:45 - 2012-08-06 00:07 - 00000000 ____D () C:\windows\Panther
2014-05-06 18:43 - 2014-05-06 18:43 - 00002784 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-05-06 18:43 - 2014-05-06 18:43 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-06 18:40 - 2014-05-06 18:40 - 03671432 _____ (Piriform Ltd) C:\Users\Andreas Uhl\Downloads\ccsetup413_slim.exe
2014-05-06 18:34 - 2013-08-22 14:36 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\Euro Truck Simulator 2
2014-05-03 18:14 - 2014-05-03 18:14 - 00698337 _____ () C:\Users\Andreas Uhl\Downloads\ManSpedEckhardtSkinV1.2.rar
2014-05-03 18:03 - 2014-05-03 18:02 - 09656654 _____ () C:\Users\Andreas Uhl\Downloads\zZz_schmitz_sko_v2.7z
2014-05-03 17:58 - 2014-05-03 17:58 - 00499720 _____ () C:\Users\Andreas Uhl\Downloads\Player_Setup.exe
2014-05-02 16:56 - 2013-07-07 17:21 - 00002599 _____ () C:\Users\Andreas Uhl\Desktop\Google Chrome.lnk
2014-05-01 13:36 - 2013-05-27 20:07 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\Bluetooth Folder
2014-05-01 12:26 - 2013-09-03 11:42 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\AVG SafeGuard toolbar
2014-04-26 17:59 - 2014-04-26 17:59 - 00002656 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv
2014-04-26 17:59 - 2014-04-26 17:59 - 00002654 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel
2014-04-26 17:59 - 2014-04-26 17:59 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update
2014-04-25 20:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-04-25 19:29 - 2014-04-25 19:29 - 00991832 _____ () C:\Users\Andreas Uhl\Downloads\setup (2).exe
2014-04-25 08:43 - 2014-04-25 08:43 - 04317175 _____ () C:\Users\Andreas Uhl\Downloads\Michael Jackson Show Truck .rar
2014-04-23 09:19 - 2014-04-23 09:19 - 00000000 ____D () C:\Users\dub_cm_auto
2014-04-22 10:24 - 2014-04-18 14:47 - 00000000 ____D () C:\Program Files\WinRAR
2014-04-22 10:06 - 2014-04-22 10:05 - 04313606 _____ () C:\Users\Andreas Uhl\Downloads\EfficientLine.RAR
2014-04-22 09:56 - 2014-04-22 09:53 - 00001124 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2014-04-22 09:56 - 2014-04-18 14:47 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-22 09:56 - 2014-04-18 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-04-22 09:25 - 2014-04-22 09:25 - 00993712 _____ () C:\Users\Andreas Uhl\Downloads\setup (1).exe
2014-04-22 08:45 - 2014-04-17 09:38 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-04-18 15:15 - 2014-04-17 09:36 - 00000000 ____D () C:\Program Files (x86)\Freeven pro
2014-04-18 14:48 - 2014-04-18 14:48 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\WinRAR
2014-04-18 14:46 - 2014-04-18 14:46 - 02087616 _____ () C:\Users\Andreas Uhl\Downloads\winrar-x64-501d.exe
2014-04-18 14:40 - 2014-04-18 14:19 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part2.rar
2014-04-18 14:40 - 2014-04-18 14:18 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part1.rar
2014-04-18 14:26 - 2014-04-18 14:22 - 17180155 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part3.rar
2014-04-18 14:16 - 2014-04-18 14:16 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java (1).exe
2014-04-18 14:11 - 2014-04-18 14:11 - 00337562 _____ () C:\Users\Andreas Uhl\Downloads\promods-def-v162.scs
2014-04-17 18:38 - 2014-04-17 18:38 - 00012519 _____ () C:\Users\Andreas Uhl\Downloads\Fahrtenbuch TIMO.ods
2014-04-17 18:32 - 2014-04-17 09:48 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP3.job
2014-04-17 18:32 - 2014-04-17 09:47 - 00000378 _____ () C:\windows\Tasks\APSnotifierPP2.job
2014-04-17 10:24 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-04-17 10:10 - 2014-04-17 09:47 - 00000380 _____ () C:\windows\Tasks\APSnotifierPP1.job
2014-04-17 09:48 - 2014-04-17 09:48 - 00002820 _____ () C:\windows\System32\Tasks\APSnotifierPP3
2014-04-17 09:47 - 2014-04-17 09:47 - 00002822 _____ () C:\windows\System32\Tasks\APSnotifierPP1
2014-04-17 09:47 - 2014-04-17 09:47 - 00002820 _____ () C:\windows\System32\Tasks\APSnotifierPP2
2014-04-17 09:46 - 2014-04-17 09:42 - 00002868 _____ () C:\Users\Andreas Uhl\AppData\Roaming\aps.scan.results
2014-04-17 09:46 - 2014-04-17 09:42 - 00001226 _____ () C:\Users\Andreas Uhl\AppData\Roaming\aps.scan.quick.results
2014-04-17 09:46 - 2014-04-17 09:42 - 00000314 _____ () C:\Users\Andreas Uhl\AppData\Roaming\aps.uninstall.scan.results
2014-04-17 09:43 - 2013-05-29 09:02 - 00002055 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-04-17 09:43 - 2013-05-27 22:50 - 00001379 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-17 09:42 - 2014-04-17 09:42 - 00001065 _____ () C:\Users\Andreas Uhl\Desktop\AnyProtect.lnk
2014-04-17 09:42 - 2014-04-17 09:42 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2014-04-17 09:42 - 2014-04-17 09:40 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx
2014-04-17 09:41 - 2013-05-27 20:05 - 00001678 _____ () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-17 09:40 - 2014-04-17 09:41 - 01097384 _____ (AnyProtect.com) C:\Users\Andreas Uhl\AppData\Local\nsd3982.tmp
2014-04-17 09:40 - 2014-04-17 09:40 - 00001987 _____ () C:\Users\Andreas Uhl\Desktop\Sync Folder.lnk
2014-04-17 09:40 - 2014-04-17 09:40 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\VOPackage
2014-04-17 09:40 - 2014-04-17 09:40 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-04-17 09:40 - 2014-04-17 09:39 - 00003202 _____ () C:\windows\System32\Tasks\SpeedUpMyPC Maintenance
2014-04-17 09:40 - 2014-04-17 09:39 - 00002506 _____ () C:\windows\System32\Tasks\SpeedUpMyPC Startup
2014-04-17 09:40 - 2013-05-29 09:02 - 00002067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-04-17 09:40 - 2013-05-27 22:50 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-04-17 09:38 - 2014-04-17 09:38 - 00001183 _____ () C:\Users\Public\Desktop\SpeedUpMyPC.lnk
2014-04-17 09:38 - 2014-04-17 09:38 - 00001105 _____ () C:\Users\Andreas Uhl\Desktop\MyPC Backup.lnk
2014-04-17 09:38 - 2014-04-17 09:38 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-04-17 09:38 - 2014-04-17 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
2014-04-17 09:38 - 2013-05-27 20:05 - 00000000 ___RD () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-17 09:37 - 2014-04-17 09:37 - 00000000 ____D () C:\Program Files (x86)\Uniblue
2014-04-17 09:37 - 2014-04-17 09:36 - 00005792 _____ () C:\windows\System32\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3
2014-04-17 09:35 - 2014-04-17 09:35 - 00003078 _____ () C:\windows\System32\Tasks\Re-markit Update
2014-04-17 09:35 - 2014-04-17 09:35 - 00003008 _____ () C:\windows\System32\Tasks\Re-markit_wd
2014-04-17 09:35 - 2014-04-17 09:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-04-17 09:35 - 2014-04-17 09:35 - 00000000 ____D () C:\Program Files (x86)\Re-markit-soft
2014-04-17 09:35 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-04-17 09:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy
2014-04-17 09:30 - 2014-04-17 09:30 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java.exe
2014-04-16 19:07 - 2014-02-10 19:44 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2
2014-04-16 19:03 - 2014-04-16 19:03 - 00133200 _____ () C:\Users\Andreas Uhl\Downloads\Scania CAT GTB.scs
2014-04-16 18:50 - 2014-04-16 18:38 - 701254664 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe
2014-04-16 18:37 - 2014-04-16 18:37 - 00053921 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe.torrent
2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (2).torrent
2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (1).torrent
2014-04-16 18:33 - 2014-04-16 18:33 - 00994872 _____ () C:\Users\Andreas Uhl\Downloads\setup.exe
2014-04-16 18:33 - 2014-04-16 18:33 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe.torrent
2014-04-16 12:17 - 2013-09-04 13:01 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\My Games
2014-04-16 11:53 - 2014-04-16 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-04-16 11:29 - 2014-04-16 11:28 - 00000000 ____D () C:\0d43f13f00f98aa4e739aa4c4d43
2014-04-16 11:29 - 2013-09-07 15:27 - 00000000 ____D () C:\windows\system32\MRT
2014-04-16 11:12 - 2014-04-16 11:12 - 00000000 ____D () C:\ProgramData\InstallShield
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
C:\Users\Public\AlexaNSISPlugin.34328.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-07 18:27
==================== End Of Log ============================
--- --- --- |
|
13.05.2014, 13:36
| #6 |
| /// the machine /// TB-Ausbilder | Ständige Werbung im Internet Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Ständige Werbung im Internet |
|
13.05.2014, 16:34
| #7 |
| | Ständige Werbung im Internet So als erstes kommt die mbam.txt datei Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 13.05.2014 14:58:29, SYSTEM, NB2, Protection, Malware Protection, Starting, Protection, 13.05.2014 14:58:29, SYSTEM, NB2, Protection, Malware Protection, Started, Protection, 13.05.2014 14:58:29, SYSTEM, NB2, Protection, Malicious Website Protection, Starting, Protection, 13.05.2014 14:58:30, SYSTEM, NB2, Protection, Malicious Website Protection, Started, (end) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 13/05/2014 um 16:44:32
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Andreas Uhl - NB2
# Gestartet von : C:\Users\Andreas Uhl\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BackupStack
Dienst Gelöscht : Re-markit
[#] Dienst Gelöscht : vosr
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\AVG SafeGuard toolbar
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\AnyProtectEx
Ordner Gelöscht : C:\Program Files (x86)\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Re-markit-soft
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Local\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\LocalLow\AVG SafeGuard toolbar
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\LocalLow\FlagFox
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Softonic
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Uniblue
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\webssearches
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\Extensions\quick_start@gmail.com
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\Extensions\a0046b9b-fdb9-497f-a4b1-2a108ad6007a@5cdf80b7-0420-4bb7-b3c0-e188e6f4fb8a.com
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Ordner Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Datei Gelöscht : C:\Users\Public\Desktop\speedupmypc.lnk
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\aps.scan.quick.results
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\aps.scan.results
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Andreas Uhl\Desktop\AnyProtect.lnk
Datei Gelöscht : C:\Users\Andreas Uhl\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\Andreas Uhl\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\invalidprefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\webssearches.xml
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.triple-search.com_0.localstorage
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.triple-search.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
Datei Gelöscht : C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal
Datei Gelöscht : C:\windows\Tasks\APSnotifierPP1.job
Datei Gelöscht : C:\windows\System32\Tasks\APSnotifierPP1
Datei Gelöscht : C:\windows\Tasks\APSnotifierPP2.job
Datei Gelöscht : C:\windows\System32\Tasks\APSnotifierPP2
Datei Gelöscht : C:\windows\Tasks\APSnotifierPP3.job
Datei Gelöscht : C:\windows\System32\Tasks\APSnotifierPP3
Datei Gelöscht : C:\windows\Tasks\Re-markit Update.job
Datei Gelöscht : C:\windows\System32\Tasks\Re-markit Update
Datei Gelöscht : C:\windows\Tasks\Re-markit_wd.job
Datei Gelöscht : C:\windows\System32\Tasks\Re-markit_wd
Datei Gelöscht : C:\windows\Tasks\SpeedUpMyPC Maintenance.job
Datei Gelöscht : C:\windows\System32\Tasks\SpeedUpMyPC Maintenance
Datei Gelöscht : C:\windows\Tasks\SpeedUpMyPC Startup.job
Datei Gelöscht : C:\windows\System32\Tasks\SpeedUpMyPC Startup
Datei Gelöscht : C:\windows\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3.job
Datei Gelöscht : C:\windows\System32\Tasks\60279aff-e671-4cc9-b706-f086fc50f81f-3
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{372479DD-B552-F0A8-F0E5-EEEEA6602285}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\speedupmypc_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054248.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054248.BHO.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054248.Sandbox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CrossriderApp0054248.Sandbox.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422248}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426648}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424448}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422248}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425548}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426648}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\webssearchesSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstaller
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\installedbrowserextensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16798
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://istart.webssearches.com/newtab/?type=nt&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://istart.webssearches.com/?type=hp&ts=1397720182&from=tugs&uid=ST1000LM024XHN-M101MBB_S2RQJ9GCA15015");
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00359/tb_v1?SearchSource=13&cc=&mi=46bd14d800000000000050b7c353d3f6");
Zeile gelöscht : user_pref("extensions.Softonic.id", "46bd14d800000000000050b7c353d3f6");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "15952");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00359");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00359/tb_v1/?SearchSource=15&cc=&mi=46bd14d800000000000050b7c353d3f6");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "2013desingbrand");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00359/tb_v1?SearchSource=1&cc=&mi=46bd14d800000000000050b7c353d3f6&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1413:34:02");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "46bd14d800000000000050b7c353d3f6");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15936");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.513:07:01");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4979");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [32182 octets] - [13/05/2014 16:44:17]
AdwCleaner[S0].txt - [27492 octets] - [13/05/2014 16:44:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27553 octets] ##########
so hier ist die JRT datei JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Andreas Uhl on 13.05.2014 at 16:56:47,02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F4F8CB4B-F94B-4899-8EDD-8660259C025D}
~~~ Files
Successfully deleted: [File] "C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk"
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.05.2014 at 17:27:21,58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
so und als letztes noch die zweite FRST log datei FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014 01 Ran by Andreas Uhl (administrator) on NB2 on 13-05-2014 17:29:35 Running from C:\Users\Andreas Uhl\Desktop\FRST-OlderVersion Platform: Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\nis.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices64.exe (IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (mozilla.org) C:\Program Files (x86)\SeaMonkey\seamonkey.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor) HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-12-05] (Qualcomm Atheros) HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [128640 2012-12-05] (Atheros Communications) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [37960 2013-05-10] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Google Update] => C:\Users\Andreas Uhl\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-07] (Google Inc.) HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-24] (Valve Corporation) HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [AVG-Secure-Search-Update_0414c] => C:\Program Files (x86)\Avg Secure Update\AVG-Secure-Search-Update_0414c.exe [2725912 2014-04-26] () HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\RunOnce: [Uninstall C:\Users\Andreas Uhl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Andreas Uhl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\Policies\system: [DisableLockWorkstation] 0 HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\MountPoints2: {1ede5cad-1987-11e2-be6d-806e6f6e6963} - "D:\autorun.exe" HKU\S-1-5-21-1225493163-4127186220-2738876131-1001\...\MountPoints2: {31192742-cec3-11e2-beaa-50b7c353d3f6} - "E:\iLinker.exe" GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKLM-x32 - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS SearchScopes: HKCU - {CFAA2CD5-5AA6-405A-A7FD-92AB2F3C3A18} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations) BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation) DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andreas Uhl\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andreas Uhl\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Flagfox - C:\Users\Andreas Uhl\AppData\Roaming\Mozilla\Firefox\Profiles\63luk1tu.default\Extensions\info@flagfox.net [2013-05-29] FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-19] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Google Docs) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-07] CHR Extension: (Google Drive) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-07] CHR Extension: (YouTube) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07] CHR Extension: (No Name) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2013-07-07] CHR Extension: (Google Search) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07] CHR Extension: (No Name) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-09-04] CHR Extension: (Re-markit) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikcggonfhgaingjbhjanbibmlfeomooc [2014-04-17] CHR Extension: (Freeven pro) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl [2014-04-17] CHR Extension: (Norton Identity Protection) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-07-07] CHR Extension: (No Name) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-09-03] CHR Extension: (DVDVideoSoft) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-20] CHR Extension: (Google Wallet) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] CHR Extension: (Gmail) - C:\Users\Andreas Uhl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-08-20] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-26] ==================== Services (Whitelisted) ================= R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231552 2012-12-05] (Qualcomm Atheros Commnucations) R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376 2014-03-12] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation) R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [75584 2013-09-29] (IObit) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-21] (Samsung Electronics CO., LTD.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2402080 2013-01-28] (TuneUp Software) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-12-05] (Atheros) S2 vToolbarUpdater18.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.5\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices) R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50464 2014-05-08] (AVG Technologies) R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-12-05] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2012-12-05] (Qualcomm Atheros) R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1502000.026\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation) R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140512.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-13] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140512.035\ENG64.SYS [126040 2014-03-15] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140512.035\EX64.SYS [2099288 2014-03-15] (Symantec Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1502000.026\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation) R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1502000.026\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation) R3 SymDS; C:\Windows\system32\drivers\NISx64\1502000.026\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation) R3 SymEFA; C:\Windows\system32\drivers\NISx64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NISx64\1502000.026\SymELAM.sys [23568 2013-09-10] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-18] (Symantec Corporation) R3 SymIRON; C:\Windows\system32\drivers\NISx64\1502000.026\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation) R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1502000.026\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-13 17:29 - 2014-05-13 17:29 - 02066944 _____ (Farbar) C:\Users\Andreas Uhl\Desktop\FRST64.exe 2014-05-13 17:28 - 2014-05-13 17:29 - 00000000 ____D () C:\Users\Andreas Uhl\Desktop\FRST-OlderVersion 2014-05-13 17:27 - 2014-05-13 17:27 - 00001137 _____ () C:\Users\Andreas Uhl\Desktop\JRT.txt 2014-05-13 16:56 - 2014-05-13 16:56 - 00000000 ____D () C:\windows\ERUNT 2014-05-13 16:55 - 2014-05-13 16:55 - 01016261 _____ (Thisisu) C:\Users\Andreas Uhl\Desktop\JRT.exe 2014-05-13 16:53 - 2014-05-13 16:53 - 00027758 _____ () C:\Users\Andreas Uhl\Desktop\AdwCleaner[S0].txt 2014-05-13 16:51 - 2014-05-13 16:51 - 00000000 ___RD () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-05-13 16:45 - 2014-05-13 16:45 - 00001342 _____ () C:\Users\Andreas Uhl\Desktop\Google Chrome.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00001019 _____ () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00000977 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-05-13 16:43 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll 2014-05-13 16:39 - 2014-05-13 16:45 - 00000000 ____D () C:\AdwCleaner 2014-05-13 16:30 - 2014-05-13 16:30 - 01325827 _____ () C:\Users\Andreas Uhl\Desktop\adwcleaner.exe 2014-05-13 16:28 - 2014-05-13 16:28 - 00000438 _____ () C:\Users\Andreas Uhl\Desktop\mbam.txt 2014-05-13 15:17 - 2014-05-13 16:50 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-13 14:56 - 2014-05-13 14:56 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-13 14:56 - 2014-05-13 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-13 14:56 - 2014-05-13 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-13 14:56 - 2014-05-13 14:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-13 14:56 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-05-13 14:56 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-05-13 14:56 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-05-13 14:53 - 2014-05-13 14:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andreas Uhl\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-11 11:50 - 2014-05-11 11:52 - 00039580 _____ () C:\Users\Andreas Uhl\Downloads\Addition.txt 2014-05-11 11:47 - 2014-05-11 11:52 - 00055588 _____ () C:\Users\Andreas Uhl\Downloads\FRST.txt 2014-05-11 11:46 - 2014-05-13 17:29 - 00000000 ____D () C:\FRST 2014-05-11 11:01 - 2014-05-13 16:47 - 00001166 _____ () C:\windows\PFRO.log 2014-05-10 09:52 - 2014-05-10 09:52 - 00000165 ____H () C:\Users\Andreas Uhl\Documents\~$GFS Geschichte 2WK.pptx 2014-05-07 18:20 - 2014-05-08 18:54 - 00024191 _____ () C:\windows\WindowsUpdate.log 2014-05-07 17:38 - 2014-05-07 17:38 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Skype 2014-05-07 17:35 - 2014-05-07 17:35 - 00002729 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-05-06 19:18 - 2014-05-06 19:18 - 00000002 _____ () C:\Users\Andreas 2014-05-06 19:17 - 2014-05-06 19:17 - 00991848 _____ () C:\Users\Andreas Uhl\Downloads\setup (3).exe 2014-05-06 18:58 - 2014-05-06 18:58 - 00001996 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk 2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey 2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey 2014-05-06 18:51 - 2014-05-06 18:52 - 26335205 _____ () C:\Users\Andreas Uhl\Downloads\SeaMonkey_Setup_de2.26.exe 2014-05-06 18:43 - 2014-05-06 18:43 - 00002784 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-05-06 18:43 - 2014-05-06 18:43 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-06 18:40 - 2014-05-06 18:40 - 03671432 _____ (Piriform Ltd) C:\Users\Andreas Uhl\Downloads\ccsetup413_slim.exe 2014-05-03 18:14 - 2014-05-03 18:14 - 00698337 _____ () C:\Users\Andreas Uhl\Downloads\ManSpedEckhardtSkinV1.2.rar 2014-05-03 18:02 - 2014-05-03 18:03 - 09656654 _____ () C:\Users\Andreas Uhl\Downloads\zZz_schmitz_sko_v2.7z 2014-05-03 17:58 - 2014-05-03 17:58 - 00499720 _____ () C:\Users\Andreas Uhl\Downloads\Player_Setup.exe 2014-04-26 17:59 - 2014-05-13 16:50 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job 2014-04-26 17:59 - 2014-05-13 16:50 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job 2014-04-26 17:59 - 2014-04-26 17:59 - 00002656 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv 2014-04-26 17:59 - 2014-04-26 17:59 - 00002654 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel 2014-04-26 17:59 - 2014-04-26 17:59 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update 2014-04-25 19:29 - 2014-04-25 19:29 - 00991832 _____ () C:\Users\Andreas Uhl\Downloads\setup (2).exe 2014-04-25 08:43 - 2014-04-25 08:43 - 04317175 _____ () C:\Users\Andreas Uhl\Downloads\Michael Jackson Show Truck .rar 2014-04-23 09:19 - 2014-04-23 09:19 - 00000000 ____D () C:\Users\dub_cm_auto 2014-04-22 10:05 - 2014-04-22 10:06 - 04313606 _____ () C:\Users\Andreas Uhl\Downloads\EfficientLine.RAR 2014-04-22 09:53 - 2014-04-22 09:56 - 00001124 _____ () C:\Users\Public\Desktop\WinRAR.lnk 2014-04-22 09:25 - 2014-04-22 09:25 - 00993712 _____ () C:\Users\Andreas Uhl\Downloads\setup (1).exe 2014-04-18 14:48 - 2014-04-18 14:48 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\WinRAR 2014-04-18 14:47 - 2014-04-22 10:24 - 00000000 ____D () C:\Program Files\WinRAR 2014-04-18 14:47 - 2014-04-22 09:56 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-18 14:47 - 2014-04-22 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-18 14:46 - 2014-04-18 14:46 - 02087616 _____ () C:\Users\Andreas Uhl\Downloads\winrar-x64-501d.exe 2014-04-18 14:22 - 2014-04-18 14:26 - 17180155 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part3.rar 2014-04-18 14:19 - 2014-04-18 14:40 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part2.rar 2014-04-18 14:18 - 2014-04-18 14:40 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part1.rar 2014-04-18 14:16 - 2014-04-18 14:16 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java (1).exe 2014-04-18 14:11 - 2014-04-18 14:11 - 00337562 _____ () C:\Users\Andreas Uhl\Downloads\promods-def-v162.scs 2014-04-17 18:38 - 2014-04-17 18:38 - 00012519 _____ () C:\Users\Andreas Uhl\Downloads\Fahrtenbuch TIMO.ods 2014-04-17 09:36 - 2014-04-18 15:15 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 2014-04-17 09:35 - 2014-04-17 09:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-17 09:30 - 2014-04-17 09:30 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java.exe 2014-04-16 19:03 - 2014-04-16 19:03 - 00133200 _____ () C:\Users\Andreas Uhl\Downloads\Scania CAT GTB.scs 2014-04-16 18:38 - 2014-04-16 18:50 - 701254664 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe 2014-04-16 18:37 - 2014-04-16 18:37 - 00053921 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe.torrent 2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (2).torrent 2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (1).torrent 2014-04-16 18:33 - 2014-04-16 18:33 - 00994872 _____ () C:\Users\Andreas Uhl\Downloads\setup.exe 2014-04-16 18:33 - 2014-04-16 18:33 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe.torrent 2014-04-16 11:53 - 2014-04-16 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2014-04-16 11:28 - 2014-04-16 11:29 - 00000000 ____D () C:\0d43f13f00f98aa4e739aa4c4d43 2014-04-16 11:12 - 2014-04-16 11:12 - 00000000 ____D () C:\ProgramData\InstallShield ==================== One Month Modified Files and Folders ======= 2014-05-13 17:29 - 2014-05-13 17:29 - 02066944 _____ (Farbar) C:\Users\Andreas Uhl\Desktop\FRST64.exe 2014-05-13 17:29 - 2014-05-13 17:28 - 00000000 ____D () C:\Users\Andreas Uhl\Desktop\FRST-OlderVersion 2014-05-13 17:29 - 2014-05-11 11:46 - 00000000 ____D () C:\FRST 2014-05-13 17:27 - 2014-05-13 17:27 - 00001137 _____ () C:\Users\Andreas Uhl\Desktop\JRT.txt 2014-05-13 17:10 - 2013-05-27 20:12 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1225493163-4127186220-2738876131-1001 2014-05-13 17:00 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\sru 2014-05-13 16:56 - 2014-05-13 16:56 - 00000000 ____D () C:\windows\ERUNT 2014-05-13 16:55 - 2014-05-13 16:55 - 01016261 _____ (Thisisu) C:\Users\Andreas Uhl\Desktop\JRT.exe 2014-05-13 16:53 - 2014-05-13 16:53 - 00027758 _____ () C:\Users\Andreas Uhl\Desktop\AdwCleaner[S0].txt 2014-05-13 16:53 - 2013-05-30 12:56 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Skype 2014-05-13 16:53 - 2012-10-19 08:12 - 00000000 ____D () C:\ProgramData\WinClon 2014-05-13 16:52 - 2013-09-27 16:39 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-05-13 16:51 - 2014-05-13 16:51 - 00000000 ___RD () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2014-05-13 16:50 - 2014-05-13 15:17 - 00119512 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-13 16:50 - 2014-04-26 17:59 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job 2014-05-13 16:50 - 2014-04-26 17:59 - 00000382 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job 2014-05-13 16:50 - 2013-07-07 13:28 - 00001124 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-05-13 16:47 - 2014-05-11 11:01 - 00001166 _____ () C:\windows\PFRO.log 2014-05-13 16:47 - 2013-09-03 11:42 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\AVG SafeGuard toolbar 2014-05-13 16:47 - 2012-07-26 09:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-05-13 16:45 - 2014-05-13 16:45 - 00001342 _____ () C:\Users\Andreas Uhl\Desktop\Google Chrome.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00001019 _____ () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00000989 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2014-05-13 16:45 - 2014-05-13 16:45 - 00000977 _____ () C:\Users\Public\Desktop\Opera.lnk 2014-05-13 16:45 - 2014-05-13 16:39 - 00000000 ____D () C:\AdwCleaner 2014-05-13 16:45 - 2013-07-07 17:21 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-05-13 16:45 - 2013-05-27 20:05 - 00000000 ___RD () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-13 16:39 - 2013-07-07 17:19 - 00001152 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA.job 2014-05-13 16:39 - 2013-07-07 13:28 - 00001128 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-05-13 16:31 - 2014-02-26 18:18 - 00045571 _____ () C:\Users\Andreas Uhl\Documents\GFS Geschichte 2WK.pptx 2014-05-13 16:30 - 2014-05-13 16:30 - 01325827 _____ () C:\Users\Andreas Uhl\Desktop\adwcleaner.exe 2014-05-13 16:28 - 2014-05-13 16:28 - 00000438 _____ () C:\Users\Andreas Uhl\Desktop\mbam.txt 2014-05-13 15:15 - 2013-06-15 19:43 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\TS3Client 2014-05-13 14:56 - 2014-05-13 14:56 - 00001132 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-13 14:56 - 2014-05-13 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-05-13 14:56 - 2014-05-13 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-05-13 14:56 - 2014-05-13 14:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-13 14:53 - 2014-05-13 14:53 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Andreas Uhl\Downloads\mbam-setup-2.0.1.1004.exe 2014-05-13 14:50 - 2013-06-11 21:06 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Adobe 2014-05-12 19:39 - 2013-07-07 17:19 - 00001100 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core.job 2014-05-12 18:46 - 2012-10-19 23:07 - 12320634 _____ () C:\windows\system32\perfh007.dat 2014-05-12 18:46 - 2012-10-19 23:07 - 03649526 _____ () C:\windows\system32\perfc007.dat 2014-05-12 18:46 - 2012-07-26 09:28 - 00005434 _____ () C:\windows\system32\PerfStringBackup.INI 2014-05-11 15:14 - 2013-05-29 19:15 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\Word Dateien 2014-05-11 11:52 - 2014-05-11 11:50 - 00039580 _____ () C:\Users\Andreas Uhl\Downloads\Addition.txt 2014-05-11 11:52 - 2014-05-11 11:47 - 00055588 _____ () C:\Users\Andreas Uhl\Downloads\FRST.txt 2014-05-10 19:34 - 2013-07-07 13:28 - 00004100 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-05-10 19:34 - 2013-07-07 13:28 - 00003864 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-05-10 19:06 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\ELAM 2014-05-10 09:53 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\system32\NDF 2014-05-10 09:52 - 2014-05-10 09:52 - 00000165 ____H () C:\Users\Andreas Uhl\Documents\~$GFS Geschichte 2WK.pptx 2014-05-09 19:34 - 2013-07-07 17:19 - 00004110 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001UA 2014-05-09 19:34 - 2013-07-07 17:19 - 00003730 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1225493163-4127186220-2738876131-1001Core 2014-05-08 18:54 - 2014-05-07 18:20 - 00024191 _____ () C:\windows\WindowsUpdate.log 2014-05-08 18:34 - 2013-09-03 11:41 - 00003790 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml 2014-05-08 18:32 - 2013-09-03 11:42 - 00050464 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys 2014-05-08 18:31 - 2013-05-27 20:03 - 00000000 ____D () C:\Users\Andreas Uhl 2014-05-07 17:38 - 2014-05-07 17:38 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Skype 2014-05-07 17:36 - 2013-05-30 12:56 - 00000000 ____D () C:\ProgramData\Skype 2014-05-07 17:35 - 2014-05-07 17:35 - 00002729 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-05-07 17:35 - 2014-05-07 17:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-05-06 19:18 - 2014-05-06 19:18 - 00000002 _____ () C:\Users\Andreas 2014-05-06 19:17 - 2014-05-06 19:17 - 00991848 _____ () C:\Users\Andreas Uhl\Downloads\setup (3).exe 2014-05-06 18:58 - 2014-05-06 18:58 - 00001996 _____ () C:\Users\Public\Desktop\SeaMonkey.lnk 2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey 2014-05-06 18:58 - 2014-05-06 18:58 - 00000000 ____D () C:\Program Files (x86)\SeaMonkey 2014-05-06 18:58 - 2013-05-27 22:50 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Mozilla 2014-05-06 18:58 - 2013-05-27 22:50 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\Mozilla 2014-05-06 18:52 - 2014-05-06 18:51 - 26335205 _____ () C:\Users\Andreas Uhl\Downloads\SeaMonkey_Setup_de2.26.exe 2014-05-06 18:45 - 2013-06-02 15:15 - 00000000 ____D () C:\windows\Minidump 2014-05-06 18:45 - 2013-05-27 20:05 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Local\CrashDumps 2014-05-06 18:45 - 2012-08-06 00:07 - 00000000 ____D () C:\windows\Panther 2014-05-06 18:43 - 2014-05-06 18:43 - 00002784 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC 2014-05-06 18:43 - 2014-05-06 18:43 - 00000828 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2014-05-06 18:43 - 2014-05-06 18:43 - 00000000 ____D () C:\Program Files\CCleaner 2014-05-06 18:40 - 2014-05-06 18:40 - 03671432 _____ (Piriform Ltd) C:\Users\Andreas Uhl\Downloads\ccsetup413_slim.exe 2014-05-06 18:34 - 2013-08-22 14:36 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\Euro Truck Simulator 2 2014-05-03 18:14 - 2014-05-03 18:14 - 00698337 _____ () C:\Users\Andreas Uhl\Downloads\ManSpedEckhardtSkinV1.2.rar 2014-05-03 18:03 - 2014-05-03 18:02 - 09656654 _____ () C:\Users\Andreas Uhl\Downloads\zZz_schmitz_sko_v2.7z 2014-05-03 17:58 - 2014-05-03 17:58 - 00499720 _____ () C:\Users\Andreas Uhl\Downloads\Player_Setup.exe 2014-05-01 13:36 - 2013-05-27 20:07 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\Bluetooth Folder 2014-04-26 17:59 - 2014-04-26 17:59 - 00002656 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rmv 2014-04-26 17:59 - 2014-04-26 17:59 - 00002654 _____ () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0414c_rel 2014-04-26 17:59 - 2014-04-26 17:59 - 00000000 ____D () C:\Program Files (x86)\Avg Secure Update 2014-04-25 20:03 - 2012-07-26 07:26 - 00262144 ___SH () C:\windows\system32\config\BBI 2014-04-25 19:29 - 2014-04-25 19:29 - 00991832 _____ () C:\Users\Andreas Uhl\Downloads\setup (2).exe 2014-04-25 08:43 - 2014-04-25 08:43 - 04317175 _____ () C:\Users\Andreas Uhl\Downloads\Michael Jackson Show Truck .rar 2014-04-23 09:19 - 2014-04-23 09:19 - 00000000 ____D () C:\Users\dub_cm_auto 2014-04-22 10:24 - 2014-04-18 14:47 - 00000000 ____D () C:\Program Files\WinRAR 2014-04-22 10:06 - 2014-04-22 10:05 - 04313606 _____ () C:\Users\Andreas Uhl\Downloads\EfficientLine.RAR 2014-04-22 09:56 - 2014-04-22 09:53 - 00001124 _____ () C:\Users\Public\Desktop\WinRAR.lnk 2014-04-22 09:56 - 2014-04-18 14:47 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-22 09:56 - 2014-04-18 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-04-22 09:25 - 2014-04-22 09:25 - 00993712 _____ () C:\Users\Andreas Uhl\Downloads\setup (1).exe 2014-04-18 15:15 - 2014-04-17 09:36 - 00000000 ____D () C:\Program Files (x86)\Freeven pro 2014-04-18 14:48 - 2014-04-18 14:48 - 00000000 ____D () C:\Users\Andreas Uhl\AppData\Roaming\WinRAR 2014-04-18 14:46 - 2014-04-18 14:46 - 02087616 _____ () C:\Users\Andreas Uhl\Downloads\winrar-x64-501d.exe 2014-04-18 14:40 - 2014-04-18 14:19 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part2.rar 2014-04-18 14:40 - 2014-04-18 14:18 - 209715200 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part1.rar 2014-04-18 14:26 - 2014-04-18 14:22 - 17180155 _____ () C:\Users\Andreas Uhl\Downloads\promods-v1.62.part3.rar 2014-04-18 14:16 - 2014-04-18 14:16 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java (1).exe 2014-04-18 14:11 - 2014-04-18 14:11 - 00337562 _____ () C:\Users\Andreas Uhl\Downloads\promods-def-v162.scs 2014-04-17 18:38 - 2014-04-17 18:38 - 00012519 _____ () C:\Users\Andreas Uhl\Downloads\Fahrtenbuch TIMO.ods 2014-04-17 10:24 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\AUInstallAgent 2014-04-17 09:35 - 2014-04-17 09:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-04-17 09:35 - 2012-07-26 10:12 - 00000000 ___HD () C:\windows\system32\GroupPolicy 2014-04-17 09:35 - 2012-07-26 10:12 - 00000000 ____D () C:\windows\SysWOW64\GroupPolicy 2014-04-17 09:30 - 2014-04-17 09:30 - 00630808 _____ () C:\Users\Andreas Uhl\Downloads\Java.exe 2014-04-16 19:07 - 2014-02-10 19:44 - 00000000 ____D () C:\Program Files (x86)\Euro Truck Simulator 2 2014-04-16 19:03 - 2014-04-16 19:03 - 00133200 _____ () C:\Users\Andreas Uhl\Downloads\Scania CAT GTB.scs 2014-04-16 18:50 - 2014-04-16 18:38 - 701254664 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe 2014-04-16 18:37 - 2014-04-16 18:37 - 00053921 _____ () C:\Users\Andreas Uhl\Documents\EuroTruckSimulator2_1_9_22_patch.exe.torrent 2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (2).torrent 2014-04-16 18:35 - 2014-04-16 18:35 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe (1).torrent 2014-04-16 18:33 - 2014-04-16 18:33 - 00994872 _____ () C:\Users\Andreas Uhl\Downloads\setup.exe 2014-04-16 18:33 - 2014-04-16 18:33 - 00053921 _____ () C:\Users\Andreas Uhl\Downloads\EuroTruckSimulator2_1_9_22_patch.exe.torrent 2014-04-16 12:17 - 2013-09-04 13:01 - 00000000 ____D () C:\Users\Andreas Uhl\Documents\My Games 2014-04-16 11:53 - 2014-04-16 11:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games 2014-04-16 11:29 - 2014-04-16 11:28 - 00000000 ____D () C:\0d43f13f00f98aa4e739aa4c4d43 2014-04-16 11:29 - 2013-09-07 15:27 - 00000000 ____D () C:\windows\system32\MRT 2014-04-16 11:12 - 2014-04-16 11:12 - 00000000 ____D () C:\ProgramData\InstallShield Files to move or delete: ==================== C:\ProgramData\MakeMarkerFile.exe C:\Users\EasySurvey\EasySurvey.exe C:\Users\Public\AlexaNSISPlugin.34328.dll Some content of TEMP: ==================== C:\Users\Andreas Uhl\AppData\Local\Temp\install_flashplayer13x32_mssa_aaa_aih.exe C:\Users\Andreas Uhl\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-07 18:27 ==================== End Of Log ============================ so hier bitteschön ich hoffe so ist alles richtig |
|
14.05.2014, 18:58
| #8 |
| /// the machine /// TB-Ausbilder | Ständige Werbung im InternetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Ständige Werbung im Internet |
| board, browser, fenster, freund, funktionier, funktioniert, hilfe, inter, interne, internet, komplette, online, problem, spiel, spiele, ständige, ständige werbung, troja, trojaner, verursacht, werbung, woche, wochen |
Linear-Darstellung
