weiterleitung auf die seite X247.mobi

jogine · 23.05.2014, 21:08

hallo ich habe ein problem mit dem laden von einigen webSeiten das laden der Seite wird abgebrochen und die seite von X247.mobi erscheint mit einer Fehlermeldung

Fehler

Die Transaktion ist fehlgeschlagen.

Klick hier, um zurück zu gehen

Was ist da los oder besser gesagt wie kann man die Umleitung verhindern

Machiavelli · 23.05.2014, 21:57

Hallo und willkommen an Board, jogine

Mein Name ist Machiavelli und werde bei Deinem Malware Problemen behilflich sein. Falls Du Dich im abgesicherten Modus befindest, würde ich Dir raten, alle Anweisungen von mir auszudrucken, um besseren Überblick auf die Gesamtsituation zu bekommen. Ich bin hier im Malwareteam und daher ist es mir möglich, Dir zu helfen.

Damit eine Bereinigung ermöglicht werden kann, musst Du ein paar Regeln/Tipps beachten:

Malware zu entfernen ist normalerweise recht schwierig
Heutige Malware kann sich sehr gut verstecken, so kann es sein, dass es bestimmte Tools nicht sehen. Eine Neuinstallation ist daher oft das klügere.
Bitte folge meinen Anweisung bis in das kleinste Detail
Falls Du was falsches machst, wie z.B. irgendwas fixt, was nicht durch mich genehmigt wurde, kann der PC dadurch beschädigt werden. Daher folge meinen Anweisungen ganz genau
Bleibe mit mir in Kontakt, bis Deine Probleme vollständig gelöst sind
Themen, in welchen innerhalb von 4 Tagen keine Antwort gepostet wird, werden geschlossen.
Bitte lasse keine anderen Tools laufen, während ich bereinige
Wenn Du Tools wie z.B. Malwarebytes etc. ohne meines Wissens laufen lässt, kann es unter Umständen Ergebnisse verfälschen.
Ließ meine Posts vollständig durch
Falls nicht, kann das zu schwerwiegenden Problemen (z.B. PC bootet nicht mehr) führen oder der Prozess der Malwareentfernung wird länger

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

jogine · 23.05.2014, 22:08

Vor ab eine Frage wie lange kann so eine bereinigung dauern.
ich habe hier keinen Drucker und bin mit usb stick unterwegs.
Desweiteren habe ich auch nicht so sehr viel ahnung von der tematik und viele fachbegriffe verstehe ich nicht.

Gruß jogine

Machiavelli · 23.05.2014, 22:10

Zitat:

Vor ab eine Frage wie lange kann so eine bereinigung dauern.

Ich bin kein Hellseher.

Mindestens 1 Tag, maximal paar Monate

Machiavelli · 26.05.2014, 14:07

Noch da?

jogine · 26.05.2014, 17:30

Hallo, ja bin noch da - Ich habe das Laptop nur an der Arbeit so nebenbei in gebrauch
und hatte drei tage frei.

kann man nicht vorab eine prüfung vornehmen ob überhaupt ein Virus vorhanden ist ?
Und kann ich nebenbei oder zwischendurch normal ins internet?

Gruß jogine

Zitat:

Zitat von jogine

Hallo, ja bin noch da - Ich habe das Laptop nur an der Arbeit so nebenbei in gebrauch
und hatte drei tage frei.

kann man nicht vorab eine prüfung vornehmen ob überhaupt ein Virus vorhanden ist ?
Und kann ich nebenbei oder zwischendurch normal ins internet?

Gruß jogine

Ich arbeite nur Nachtschicht von 18:00 bis 6:00

Machiavelli · 26.05.2014, 17:36

Zitat:

kann man nicht vorab eine prüfung vornehmen ob überhaupt ein Virus vorhanden ist ?

Siehe Post #2.

Zitat:

Und kann ich nebenbei oder zwischendurch normal ins internet?

Ja.

jogine · 26.05.2014, 19:24

OK habe Farbar's Recovery Scan Tool gestartet und auf scanen gedrückt - ach noch eines ich kann kein englisch

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Samsung (administrator) on SAMSUNG-PC on 26-05-2014 20:18:29
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FeatherySoft, Inc.) C:\Program Files (x86)\Screen Calendar\scrcal.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
() C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files (x86)\MAGIX\Foto_Designer_7\XtremePhoto.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2014-04-15] (RealNetworks, Inc.)
HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Screen Calendar] => C:\Program Files (x86)\Screen Calendar\scrcal.exe [1535488 2007-11-21] (FeatherySoft, Inc.)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll File Not Found
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=634181dd-a432-42d2-99c6-7dccc5da66ed&searchtype=ds&q={searchTerms}&installDate=01/01/1970
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.default-search.net?sid=476&aid=122&itype=n&ver=12302&tm=315&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=634181dd-a432-42d2-99c6-7dccc5da66ed&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=12302&tm=315&src=ds&p={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=12302&tm=315&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=634181dd-a432-42d2-99c6-7dccc5da66ed&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snap.do/?publisher=QuickOB&dpid=QuickOB&co=DE&userid=634181dd-a432-42d2-99c6-7dccc5da66ed&searchtype=ds&q={searchTerms}&installDate=01/01/1970
SearchScopes: HKCU - {62192D86-AB70-40B2-8AF7-634FDD0A4A4A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=39934d75-66b1-4ee6-b76b-f9b8452bc751&apn_sauid=18882594-E868-4ED9-A18B-7C0D050B4825
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = hxxp://www.default-search.net/search?sid=476&aid=122&itype=n&ver=12302&tm=315&src=ds&p={searchTerms}
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: No Name - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -  No File
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{EDC91F87-BEDA-40C6-AF9F-0E4412D7626A}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\user.js
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\Extensions\toolbar@web.de.xpi [2014-04-29]
FF HKLM\...\Firefox\Extensions: [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}] - C:\Program Files\V-bates\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google Search) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (Delta Toolbar) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-04-12]
CHR Extension: (RealDownloader) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Gmail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Samsung\AppData\Roaming\Delta\delta.crx [2012-11-25]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-28] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 20:18 - 2014-05-26 20:19 - 00020430 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 20:18 - 2014-05-26 20:18 - 00000000 ____D () C:\FRST
2014-05-26 20:17 - 2014-05-26 20:17 - 02066944 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-05-24 01:38 - 2014-05-24 01:46 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:06 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 03:06 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 03:06 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 03:06 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-15 18:25 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-15 18:25 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-15 18:25 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-15 18:25 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-15 18:25 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-15 18:24 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:24 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-15 18:24 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-15 18:24 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-15 18:24 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-15 18:24 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:24 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-14 20:00 - 2014-05-15 20:10 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 20:12 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-07 20:12 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-05-07 20:12 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-05-07 20:11 - 2014-05-07 20:12 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 03:00 - 2014-05-16 03:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:15 - 2014-05-26 18:19 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-06 21:15 - 2014-05-24 01:54 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-06 21:15 - 2014-05-24 01:54 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-06 21:15 - 2014-05-21 04:02 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-06 21:15 - 2014-05-21 04:02 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-01 01:28 - 2014-05-26 18:19 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-01 01:27 - 2014-05-26 18:19 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000

==================== One Month Modified Files and Folders =======

2014-05-26 20:19 - 2014-05-26 20:18 - 00020430 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 20:18 - 2014-05-26 20:18 - 00000000 ____D () C:\FRST
2014-05-26 20:17 - 2014-05-26 20:17 - 02066944 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-05-26 20:10 - 2014-04-13 00:40 - 00000286 _____ () C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job
2014-05-26 19:51 - 2013-02-06 13:30 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 18:27 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 18:27 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 18:25 - 2011-11-04 10:55 - 01316160 _____ () C:\windows\WindowsUpdate.log
2014-05-26 18:19 - 2014-05-06 21:15 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-26 18:19 - 2014-05-01 01:28 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 18:19 - 2014-05-01 01:27 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 18:19 - 2014-04-13 23:28 - 00002184 _____ () C:\windows\setupact.log
2014-05-26 18:19 - 2013-02-06 13:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps
2014-05-26 18:19 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-24 05:17 - 2013-07-27 22:36 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-05-24 01:54 - 2014-05-06 21:15 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-24 01:54 - 2014-05-06 21:15 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-24 01:46 - 2014-05-24 01:38 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-22 18:23 - 2014-01-16 19:19 - 00003370 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-22 18:23 - 2013-11-10 19:57 - 00003240 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-21 04:02 - 2014-05-06 21:15 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-21 04:02 - 2014-05-06 21:15 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-19 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:10 - 2014-05-07 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 03:06 - 2013-03-16 06:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 03:05 - 2013-07-25 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 03:03 - 2013-02-06 20:07 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-15 20:10 - 2014-05-14 20:00 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-15 18:10 - 2013-02-06 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 19:52 - 2013-02-06 13:30 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:52 - 2013-02-06 13:30 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:52 - 2013-02-06 13:30 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:26 - 2013-06-05 04:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:49 - 2013-02-06 13:42 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 19:49 - 2013-02-06 13:42 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-09 08:14 - 2014-05-15 18:25 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 18:25 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-07 20:13 - 2013-10-18 03:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-05-07 20:11 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 20:12 - 2013-07-18 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-07 04:15 - 2014-04-14 18:51 - 00003086 _____ () C:\windows\PFRO.log
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-06 18:14 - 2014-04-15 01:16 - 00000000 ____D () C:\ProgramData\Real
2014-05-06 06:40 - 2014-05-16 03:06 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 03:06 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 03:06 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 03:06 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-01 01:35 - 2011-11-04 10:02 - 00700126 _____ () C:\windows\system32\perfh007.dat
2014-05-01 01:35 - 2011-11-04 10:02 - 00149976 _____ () C:\windows\system32\perfc007.dat
2014-05-01 01:35 - 2009-07-14 07:13 - 01622196 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-01 01:26 - 2013-01-08 00:06 - 00000000 ____D () C:\Users\Samsung
2014-05-01 01:25 - 2013-11-05 03:45 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Screen Calendar
2014-05-01 01:25 - 2013-02-06 13:30 - 00000000 ____D () C:\windows\system32\Macromed
2014-05-01 01:25 - 2013-01-08 00:16 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-05-01 01:25 - 2011-11-03 19:43 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-04-27 22:16 - 2013-07-20 04:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Nvu
2014-04-27 21:55 - 2013-11-15 22:58 - 00000854 _____ () C:\Users\Samsung\Desktop\Demon Slayer - Anmeldeclient.lnk

Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe
C:\Users\Samsung\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Samsung\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:54

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Samsung at 2014-05-26 20:19:42
Running from C:\Users\Samsung\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Steady Video Plug-In  (Version: 2.02.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delta Chrome Toolbar (HKLM-x32\...\{177586E7-E42E-4F38-83D1-D15B4AF5B714}) (Version: 1.0.0.0 - DeltaInstaller) <==== ATTENTION
Delta toolbar   (HKLM-x32\...\delta) (Version: 1.8.10.0 - Delta) <==== ATTENTION
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
QuickShare (HKLM-x32\...\{AF860F85-54A3-4A28-879B-BF9E6E325776}) (Version: 1.6.1.952 - Linkury Inc.) <==== ATTENTION
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Screen Calendar 7.4 (HKLM-x32\...\Screen Calendar_is1) (Version:  - FeatherySoft, Inc., 2002-2007)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinTools.net 10.4.1 Professional (HKLM-x32\...\{727A7452-9B12-4E45-B29A-BFEFA2FF8A7E}_is1) (Version:  - Godlike Developers SEG, Ltd.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

07-05-2014 18:11:18 Installed Java 7 Update 55
11-05-2014 21:14:21 Windows-Sicherung
15-05-2014 16:17:59 Windows Update
16-05-2014 01:00:29 Windows Update
19-05-2014 16:28:48 Windows-Sicherung
20-05-2014 01:02:43 Windows Update
21-05-2014 23:51:26 Microsoft Office File Validation Add-In wird entfernt
23-05-2014 16:11:45 Windows Update
26-05-2014 16:29:57 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-22 03:59 - 00000906 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 hxxp://www.x247.mobi
127.0.0.1 www.x247.mobi
127.0.0.1 x247.mobi


==================== Scheduled Tasks (whitelisted) =============

Task: {114B9B5B-7E32-45A0-AE9E-AEE9B9FB71B2} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {16B4A539-1E0F-4494-A116-0F73C3892A4E} - System32\Tasks\ReclaimerUpdateXML_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {1A44EB23-71F0-4A11-9142-873EA06532D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {22168255-EFD8-45C2-A100-630857081863} - System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {292A0EEE-9024-484B-A396-D84357F8C626} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {377BBBE0-414A-4915-926D-EB06BB1BD677} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {42B50F42-EEB4-4A36-BF7A-64DA8AF64C03} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {438A3ABF-9338-4E28-8594-3DC780FB5F54} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {4A1BFE3E-8B8B-4166-A9ED-03FCFA6E346D} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {4CA439BD-9170-48F5-925D-9098229ACF6F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {56655CE9-50A1-4A30-A096-8FDB4DABAE32} - System32\Tasks\ReclaimerUpdateFiles_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {74FFFE52-D17E-4773-A457-858E77AE6B8D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {86FB5655-D695-4D53-8507-7FF08092FE88} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {89D87753-CB51-4FC0-BB6C-2A703971454E} - System32\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22} => C:\Program Files\V-bates\PrefHelper.exe
Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {A0A53534-6450-49E5-909D-C339CEB3FFF9} - System32\Tasks\RNUpgradeHelperResumePrompt_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {AA2A8B63-9CE9-4628-8997-C5D4E0380EAC} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {B57D0930-1EA3-4DB7-81C6-A4D55380B940} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {D053AA5A-B880-43CC-98D2-1F6944A9DB7D} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DA38EA6C-19C7-4BB4-93FE-42E9F901EC77} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DF668C1B-0695-4548-80A1-6FACF712B136} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-11-03 20:41 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00253264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00139088 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 01248080 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00718672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
2011-03-14 07:21 - 2011-03-14 07:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-13 10:01 - 2011-10-13 10:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-01-27 15:11 - 2011-01-27 15:11 - 05581088 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\XtremePhoto.exe
2013-11-05 19:24 - 2013-10-10 20:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-05 03:45 - 2003-08-23 14:42 - 00009728 _____ () C:\Program Files (x86)\Screen Calendar\scdesk.dll
2011-11-03 19:29 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2011-11-03 19:29 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-03 19:43 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00245584 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00372048 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00090448 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00142160 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00230224 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00125264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00141648 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00124752 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00089936 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00095568 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00184144 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00152400 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00222544 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00098128 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00095568 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00231760 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00177488 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00175440 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00236368 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00135504 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00699728 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00595792 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 01354064 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00675152 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00309584 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00323920 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00564560 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00617808 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll
2014-05-11 23:22 - 2014-05-11 23:22 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2010-06-09 08:58 - 2010-06-09 08:58 - 01908736 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\Bridge.dll
2006-12-06 12:50 - 2006-12-06 12:50 - 00442368 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\MFL.dll
2010-06-30 16:16 - 2010-06-30 16:16 - 00638976 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\PlayRIpl.dll
2010-06-09 08:58 - 2010-06-09 08:58 - 00024576 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\MumaIpl.dll
2010-06-09 08:58 - 2010-06-09 08:58 - 00999424 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\MumaIplW7.DLL
2010-11-24 11:26 - 2010-11-24 11:26 - 00633344 _____ () C:\Program Files (x86)\MAGIX\Foto_Designer_7\MFL_VC9.dll
2014-05-14 19:52 - 2014-05-14 19:52 - 16361136 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2014 06:20:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 06:19:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x718
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/23/2014 06:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 06:01:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x7d0
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/23/2014 05:23:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/23/2014 05:22:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/22/2014 06:25:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 06:24:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x304
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/22/2014 01:49:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/22/2014 01:48:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x768
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (05/24/2014 05:18:09 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/23/2014 05:38:27 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/23/2014 05:22:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎05.‎2014 um 04:48:31 unerwartet heruntergefahren.

Error: (05/22/2014 05:24:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/22/2014 01:46:51 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/21/2014 05:07:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/20/2014 07:31:40 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/20/2014 05:22:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/20/2014 02:59:15 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (05/20/2014 02:59:14 AM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 36%
Total physical RAM: 5611.74 MB
Available physical RAM: 3548.86 MB
Total Pagefile: 11221.66 MB
Available Pagefile: 8399.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178 GB) (Free:118.58 GB) NTFS
Drive d: () (Fixed) (Total:266.26 GB) (Free:100.03 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:670.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 933609DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ED53FD95)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Machiavelli · 26.05.2014, 19:56

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4
Bitte starte

FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Bitte poste mir die Inhalte der Logs von Adwarecleaner, MBAM, JRT und FRST hier in den Thread.

jogine · 26.05.2014, 21:12

Zu schritt 1:

Code:

ATTFilter

# AdwCleaner v3.211 - Bericht erstellt am 26/05/2014 um 21:16:59
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Samsung - SAMSUNG-PC
# Gestartet von : C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\Delta
Ordner Gelöscht : C:\Users\Samsung\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\Samsung\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Samsung\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Delta
Ordner Gelöscht : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\defaulttab.config
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\d
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Linkey
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\smartbarbackup
Schlüssel Gelöscht : HKCU\Software\smartbarlog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\Registry Helper
Schlüssel Gelöscht : HKLM\Software\SystemK
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{177586E7-E42E-4F38-83D1-D15B4AF5B714}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{AF860F85-54A3-4A28-879B-BF9E6E325776}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17041

Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v29.0.1 (de)

[ Datei : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\prefs.js ]

Zeile gelöscht : user_pref("browser.search.defaultenginename", "default-search.net");
Zeile gelöscht : user_pref("browser.search.order.1", "default-search.net");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=120518&tt=030213_de&babsrc=NT_ss&mntrId=30007d82000000000000e81132e96c6c");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.id", "30007d82000000000000e81132e96c6c");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15742");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.014:07:44");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
Zeile gelöscht : user_pref("extensions.helperbar.Country", "Germany");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22904463);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.UserID", "634181dd-a432-42d2-99c6-7dccc5da66ed");
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "634181dd-a432-42d2-99c6-7dccc5da66ed");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "quickobrw");
Zeile gelöscht : user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_whiteListSearch", "{\"isearch.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"se[...]

-\\ Google Chrome v

[ Datei : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht [Extension] : eooncjejnppfjjklapaamhcdmjbilmde

*************************

AdwCleaner[R0].txt - [24562 octets] - [26/05/2014 21:15:42]
AdwCleaner[S0].txt - [22096 octets] - [26/05/2014 21:16:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22157 octets] ##########

Zu Schritt 2
Antivirus hat zum schluss den zugriff auf die regestry verhindert

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.05.2014
Suchlauf-Zeit: 21:30:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.26.03
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Samsung

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 271124
Verstrichene Zeit: 17 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 6
PUP.DomaIQ, C:\Users\Samsung\Downloads\avira-premium-security-suite.exe, In Quarantäne, [bd3e9bba710a0432306c0a0631cf629e], 
PUP.DomaIQ, C:\Users\Samsung\Downloads\teamspeak.exe, In Quarantäne, [75861b3a6417280ed6c68987eb15758b], 
PUP.Optional.SmartBar.A, C:\Windows\Installer\88b03.msi, In Quarantäne, [5c9f71e4e893fe385e7bb671fc042fd1], 
PUP.Optional.DefaultSearch.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\default-search.xml, In Quarantäne, [24d7381df48775c14129a2f7e41ef30d], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [1cdf3025cdae76c095d68910ed15fa06], 
Rogue.ControlCenter, C:\Users\Public\Desktop\Control Center.lnk, In Quarantäne, [c3388dc802799e98869b7e5d26dca65a], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Zu Schritt 2
Antivirus hat zum schluss den zugriff auf die regestry verhindert

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 26.05.2014
Suchlauf-Zeit: 21:30:55
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.05.26.03
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Samsung

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 271124
Verstrichene Zeit: 17 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 6
PUP.DomaIQ, C:\Users\Samsung\Downloads\avira-premium-security-suite.exe, In Quarantäne, [bd3e9bba710a0432306c0a0631cf629e], 
PUP.DomaIQ, C:\Users\Samsung\Downloads\teamspeak.exe, In Quarantäne, [75861b3a6417280ed6c68987eb15758b], 
PUP.Optional.SmartBar.A, C:\Windows\Installer\88b03.msi, In Quarantäne, [5c9f71e4e893fe385e7bb671fc042fd1], 
PUP.Optional.DefaultSearch.A, C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\default-search.xml, In Quarantäne, [24d7381df48775c14129a2f7e41ef30d], 
PUP.Optional.DefaultSearch.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml, In Quarantäne, [1cdf3025cdae76c095d68910ed15fa06], 
Rogue.ControlCenter, C:\Users\Public\Desktop\Control Center.lnk, In Quarantäne, [c3388dc802799e98869b7e5d26dca65a], 

Physische Sektoren: 0
(No malicious items detected)


(end)

Zu Schritt 3

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Samsung on 26.05.2014 at 22:01:11,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62192D86-AB70-40B2-8AF7-634FDD0A4A4A}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{17797C6D-F242-4603-80A9-865182C86F4E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3DBD4757-4E02-45BA-AF7B-6DB958CA41DF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{45863239-AD90-4BE3-B705-B523244D748E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{5045AE8E-3C99-4E18-B538-D60EA69CA6A6}



~~~ FireFox

Emptied folder: C:\Users\Samsung\AppData\Roaming\mozilla\firefox\profiles\s37j0nmv.default\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at 22:10:53,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

jogine · 26.05.2014, 21:18

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Samsung at 2014-05-26 22:14:39
Running from C:\Users\Samsung\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Steady Video Plug-In  (Version: 2.02.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Screen Calendar 7.4 (HKLM-x32\...\Screen Calendar_is1) (Version:  - FeatherySoft, Inc., 2002-2007)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinTools.net 10.4.1 Professional (HKLM-x32\...\{727A7452-9B12-4E45-B29A-BFEFA2FF8A7E}_is1) (Version:  - Godlike Developers SEG, Ltd.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

11-05-2014 21:14:21 Windows-Sicherung
15-05-2014 16:17:59 Windows Update
16-05-2014 01:00:29 Windows Update
19-05-2014 16:28:48 Windows-Sicherung
20-05-2014 01:02:43 Windows Update
21-05-2014 23:51:26 Microsoft Office File Validation Add-In wird entfernt
23-05-2014 16:11:45 Windows Update
26-05-2014 16:29:57 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-22 03:59 - 00000906 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 hxxp://www.x247.mobi
127.0.0.1 www.x247.mobi
127.0.0.1 x247.mobi


==================== Scheduled Tasks (whitelisted) =============

Task: {114B9B5B-7E32-45A0-AE9E-AEE9B9FB71B2} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {16B4A539-1E0F-4494-A116-0F73C3892A4E} - System32\Tasks\ReclaimerUpdateXML_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {1A44EB23-71F0-4A11-9142-873EA06532D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {22168255-EFD8-45C2-A100-630857081863} - System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {377BBBE0-414A-4915-926D-EB06BB1BD677} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {42B50F42-EEB4-4A36-BF7A-64DA8AF64C03} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {438A3ABF-9338-4E28-8594-3DC780FB5F54} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {4A1BFE3E-8B8B-4166-A9ED-03FCFA6E346D} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {4CA439BD-9170-48F5-925D-9098229ACF6F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {56655CE9-50A1-4A30-A096-8FDB4DABAE32} - System32\Tasks\ReclaimerUpdateFiles_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {74FFFE52-D17E-4773-A457-858E77AE6B8D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {86FB5655-D695-4D53-8507-7FF08092FE88} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {870D5FDC-4696-4A6B-9EF1-5E47FBB54053} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {89D87753-CB51-4FC0-BB6C-2A703971454E} - System32\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22} => C:\Program Files\V-bates\PrefHelper.exe
Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {A0A53534-6450-49E5-909D-C339CEB3FFF9} - System32\Tasks\RNUpgradeHelperResumePrompt_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {AA2A8B63-9CE9-4628-8997-C5D4E0380EAC} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {B57D0930-1EA3-4DB7-81C6-A4D55380B940} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {C0F4D4C2-5F12-40F1-B7B9-1007BA40C942} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DA38EA6C-19C7-4BB4-93FE-42E9F901EC77} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DF668C1B-0695-4548-80A1-6FACF712B136} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-11-03 20:41 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00253264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00139088 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 01248080 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00718672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
2011-03-14 07:21 - 2011-03-14 07:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-13 10:01 - 2011-10-13 10:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-05 19:24 - 2013-10-10 20:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2011-11-03 19:29 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2011-11-03 19:29 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-03 19:43 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2013-11-05 03:45 - 2003-08-23 14:42 - 00009728 _____ () C:\Program Files (x86)\Screen Calendar\scdesk.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00245584 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00372048 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00090448 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00142160 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00230224 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00125264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00141648 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00124752 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00089936 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00095568 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00184144 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00152400 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00222544 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00098128 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00095568 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00231760 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00177488 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00175440 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00236368 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00135504 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00699728 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00595792 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 01354064 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00675152 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00309584 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00323920 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00564560 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00617808 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll
2014-05-11 23:22 - 2014-05-11 23:22 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 30%
Total physical RAM: 5611.8 MB
Available physical RAM: 3900.43 MB
Total Pagefile: 11221.78 MB
Available Pagefile: 8889.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178 GB) (Free:120.22 GB) NTFS
Drive d: () (Fixed) (Total:266.26 GB) (Free:100.03 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:670.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 933609DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ED53FD95)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Samsung on 26.05.2014 at 22:01:11,80
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62192D86-AB70-40B2-8AF7-634FDD0A4A4A}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{17797C6D-F242-4603-80A9-865182C86F4E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{3DBD4757-4E02-45BA-AF7B-6DB958CA41DF}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{45863239-AD90-4BE3-B705-B523244D748E}
Successfully deleted: [Empty Folder] C:\Users\Samsung\appdata\local\{5045AE8E-3C99-4E18-B538-D60EA69CA6A6}



~~~ FireFox

Emptied folder: C:\Users\Samsung\AppData\Roaming\mozilla\firefox\profiles\s37j0nmv.default\minidumps [42 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.05.2014 at 22:10:53,90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Samsung (administrator) on SAMSUNG-PC on 26-05-2014 22:14:04
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FeatherySoft, Inc.) C:\Program Files (x86)\Screen Calendar\scrcal.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
() C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Thisisu) C:\Users\Samsung\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2014-04-15] (RealNetworks, Inc.)
HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Screen Calendar] => C:\Program Files (x86)\Screen Calendar\scrcal.exe [1535488 2007-11-21] (FeatherySoft, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{EDC91F87-BEDA-40C6-AF9F-0E4412D7626A}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\Extensions\toolbar@web.de.xpi [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (No Name) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-04-12]
CHR Extension: (RealDownloader) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-28] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 22:10 - 2014-05-26 22:10 - 00001342 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-05-26 22:01 - 2014-05-26 22:01 - 00000000 ____D () C:\windows\ERUNT
2014-05-26 22:00 - 2014-05-26 22:00 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-05-26 21:57 - 2014-05-26 21:57 - 00001945 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-05-26 21:27 - 2014-05-26 21:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:27 - 2014-05-26 21:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:27 - 2014-05-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-26 21:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-26 21:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-26 21:24 - 2014-05-26 21:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-26 21:15 - 2014-05-26 21:17 - 00000000 ____D () C:\AdwCleaner
2014-05-26 21:13 - 2014-05-26 21:13 - 01327971 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
2014-05-26 20:19 - 2014-05-26 20:20 - 00042526 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-05-26 20:18 - 2014-05-26 22:14 - 00015775 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 20:18 - 2014-05-26 22:14 - 00000000 ____D () C:\FRST
2014-05-26 20:17 - 2014-05-26 20:17 - 02066944 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-05-24 01:38 - 2014-05-24 01:46 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:06 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 03:06 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 03:06 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 03:06 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-15 18:25 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-15 18:25 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-15 18:25 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-15 18:25 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-15 18:25 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-15 18:24 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:24 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-15 18:24 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-15 18:24 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-15 18:24 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-15 18:24 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:24 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-14 20:00 - 2014-05-15 20:10 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 20:12 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-07 20:12 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-05-07 20:12 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-05-07 20:11 - 2014-05-07 20:12 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 03:00 - 2014-05-16 03:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:15 - 2014-05-26 21:50 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-06 21:15 - 2014-05-24 01:54 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-06 21:15 - 2014-05-24 01:54 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-06 21:15 - 2014-05-21 04:02 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-06 21:15 - 2014-05-21 04:02 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-01 01:28 - 2014-05-26 21:51 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-01 01:27 - 2014-05-26 21:51 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000

==================== One Month Modified Files and Folders =======

2014-05-26 22:14 - 2014-05-26 20:18 - 00015775 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 22:14 - 2014-05-26 20:18 - 00000000 ____D () C:\FRST
2014-05-26 22:10 - 2014-05-26 22:10 - 00001342 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-05-26 22:10 - 2014-04-13 00:40 - 00000286 _____ () C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job
2014-05-26 22:01 - 2014-05-26 22:01 - 00000000 ____D () C:\windows\ERUNT
2014-05-26 22:00 - 2014-05-26 22:00 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-05-26 21:59 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:59 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:57 - 2014-05-26 21:57 - 00001945 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-05-26 21:56 - 2011-11-04 10:55 - 01331841 _____ () C:\windows\WindowsUpdate.log
2014-05-26 21:53 - 2014-05-26 21:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:53 - 2013-02-06 13:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps
2014-05-26 21:51 - 2014-05-01 01:28 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 21:51 - 2014-05-01 01:27 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 21:51 - 2013-02-06 13:30 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:50 - 2014-05-06 21:15 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-26 21:50 - 2014-04-14 18:51 - 00005072 _____ () C:\windows\PFRO.log
2014-05-26 21:50 - 2014-04-13 23:28 - 00002296 _____ () C:\windows\setupact.log
2014-05-26 21:50 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\DigitalLocker
2014-05-26 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-26 21:27 - 2014-05-26 21:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:27 - 2014-05-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:27 - 2014-05-26 21:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:24 - 2014-05-26 21:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:17 - 2014-05-26 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-26 21:13 - 2014-05-26 21:13 - 01327971 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
2014-05-26 20:20 - 2014-05-26 20:19 - 00042526 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-05-26 20:17 - 2014-05-26 20:17 - 02066944 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-05-24 05:17 - 2013-07-27 22:36 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-05-24 01:54 - 2014-05-06 21:15 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-24 01:54 - 2014-05-06 21:15 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-24 01:46 - 2014-05-24 01:38 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-22 18:23 - 2014-01-16 19:19 - 00003370 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-22 18:23 - 2013-11-10 19:57 - 00003240 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-21 04:02 - 2014-05-06 21:15 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-21 04:02 - 2014-05-06 21:15 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-19 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:10 - 2014-05-07 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 03:06 - 2013-03-16 06:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 03:05 - 2013-07-25 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 03:03 - 2013-02-06 20:07 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-15 20:10 - 2014-05-14 20:00 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-15 18:10 - 2013-02-06 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 19:52 - 2013-02-06 13:30 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:52 - 2013-02-06 13:30 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:52 - 2013-02-06 13:30 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:26 - 2013-06-05 04:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-26 21:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 21:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 21:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:49 - 2013-02-06 13:42 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 19:49 - 2013-02-06 13:42 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-09 08:14 - 2014-05-15 18:25 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 18:25 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-07 20:13 - 2013-10-18 03:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-05-07 20:11 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 20:12 - 2013-07-18 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-06 18:14 - 2014-04-15 01:16 - 00000000 ____D () C:\ProgramData\Real
2014-05-06 06:40 - 2014-05-16 03:06 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 03:06 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 03:06 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 03:06 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-01 01:35 - 2011-11-04 10:02 - 00700126 _____ () C:\windows\system32\perfh007.dat
2014-05-01 01:35 - 2011-11-04 10:02 - 00149976 _____ () C:\windows\system32\perfc007.dat
2014-05-01 01:35 - 2009-07-14 07:13 - 01622196 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-01 01:26 - 2013-01-08 00:06 - 00000000 ____D () C:\Users\Samsung
2014-05-01 01:25 - 2013-11-05 03:45 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Screen Calendar
2014-05-01 01:25 - 2013-02-06 13:30 - 00000000 ____D () C:\windows\system32\Macromed
2014-05-01 01:25 - 2013-01-08 00:16 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-05-01 01:25 - 2011-11-03 19:43 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-04-27 22:16 - 2013-07-20 04:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Nvu
2014-04-27 21:55 - 2013-11-15 22:58 - 00000854 _____ () C:\Users\Samsung\Desktop\Demon Slayer - Anmeldeclient.lnk

Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe
C:\Users\Samsung\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
C:\Users\Samsung\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:54

==================== End Of Log ============================

--- --- ---

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Samsung (administrator) on SAMSUNG-PC on 26-05-2014 22:14:04
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FeatherySoft, Inc.) C:\Program Files (x86)\Screen Calendar\scrcal.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
() C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Thisisu) C:\Users\Samsung\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2014-04-15] (RealNetworks, Inc.)
HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Screen Calendar] => C:\Program Files (x86)\Screen Calendar\scrcal.exe [1535488 2007-11-21] (FeatherySoft, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{EDC91F87-BEDA-40C6-AF9F-0E4412D7626A}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\Extensions\toolbar@web.de.xpi [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (No Name) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-04-12]
CHR Extension: (RealDownloader) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-28] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 22:10 - 2014-05-26 22:10 - 00001342 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-05-26 22:01 - 2014-05-26 22:01 - 00000000 ____D () C:\windows\ERUNT
2014-05-26 22:00 - 2014-05-26 22:00 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-05-26 21:57 - 2014-05-26 21:57 - 00001945 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-05-26 21:27 - 2014-05-26 21:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:27 - 2014-05-26 21:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:27 - 2014-05-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-26 21:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-26 21:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-26 21:24 - 2014-05-26 21:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-26 21:15 - 2014-05-26 21:17 - 00000000 ____D () C:\AdwCleaner
2014-05-26 21:13 - 2014-05-26 21:13 - 01327971 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
2014-05-26 20:19 - 2014-05-26 20:20 - 00042526 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-05-26 20:18 - 2014-05-26 22:14 - 00015775 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 20:18 - 2014-05-26 22:14 - 00000000 ____D () C:\FRST
2014-05-26 20:17 - 2014-05-26 20:17 - 02066944 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-05-24 01:38 - 2014-05-24 01:46 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:06 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 03:06 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 03:06 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 03:06 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-15 18:25 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-15 18:25 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-15 18:25 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-15 18:25 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-15 18:25 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-15 18:24 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:24 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-15 18:24 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-15 18:24 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-15 18:24 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-15 18:24 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:24 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-14 20:00 - 2014-05-15 20:10 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 20:12 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-07 20:12 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-05-07 20:12 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-05-07 20:11 - 2014-05-07 20:12 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 03:00 - 2014-05-16 03:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:15 - 2014-05-26 21:50 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-06 21:15 - 2014-05-24 01:54 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-06 21:15 - 2014-05-24 01:54 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-06 21:15 - 2014-05-21 04:02 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-06 21:15 - 2014-05-21 04:02 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-01 01:28 - 2014-05-26 21:51 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-01 01:27 - 2014-05-26 21:51 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000

==================== One Month Modified Files and Folders =======

2014-05-26 22:14 - 2014-05-26 20:18 - 00015775 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 22:14 - 2014-05-26 20:18 - 00000000 ____D () C:\FRST
2014-05-26 22:10 - 2014-05-26 22:10 - 00001342 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-05-26 22:10 - 2014-04-13 00:40 - 00000286 _____ () C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job
2014-05-26 22:01 - 2014-05-26 22:01 - 00000000 ____D () C:\windows\ERUNT
2014-05-26 22:00 - 2014-05-26 22:00 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-05-26 21:59 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:59 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 21:57 - 2014-05-26 21:57 - 00001945 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-05-26 21:56 - 2011-11-04 10:55 - 01331841 _____ () C:\windows\WindowsUpdate.log
2014-05-26 21:53 - 2014-05-26 21:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:53 - 2013-02-06 13:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps
2014-05-26 21:51 - 2014-05-01 01:28 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 21:51 - 2014-05-01 01:27 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 21:51 - 2013-02-06 13:30 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 21:50 - 2014-05-06 21:15 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-26 21:50 - 2014-04-14 18:51 - 00005072 _____ () C:\windows\PFRO.log
2014-05-26 21:50 - 2014-04-13 23:28 - 00002296 _____ () C:\windows\setupact.log
2014-05-26 21:50 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\DigitalLocker
2014-05-26 21:50 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-26 21:27 - 2014-05-26 21:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:27 - 2014-05-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:27 - 2014-05-26 21:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:24 - 2014-05-26 21:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:17 - 2014-05-26 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-26 21:13 - 2014-05-26 21:13 - 01327971 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
2014-05-26 20:20 - 2014-05-26 20:19 - 00042526 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-05-26 20:17 - 2014-05-26 20:17 - 02066944 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-05-24 05:17 - 2013-07-27 22:36 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-05-24 01:54 - 2014-05-06 21:15 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-24 01:54 - 2014-05-06 21:15 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-24 01:46 - 2014-05-24 01:38 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-22 18:23 - 2014-01-16 19:19 - 00003370 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-22 18:23 - 2013-11-10 19:57 - 00003240 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-21 04:02 - 2014-05-06 21:15 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-21 04:02 - 2014-05-06 21:15 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-19 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:10 - 2014-05-07 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 03:06 - 2013-03-16 06:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 03:05 - 2013-07-25 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 03:03 - 2013-02-06 20:07 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-15 20:10 - 2014-05-14 20:00 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-15 18:10 - 2013-02-06 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 19:52 - 2013-02-06 13:30 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:52 - 2013-02-06 13:30 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:52 - 2013-02-06 13:30 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:26 - 2013-06-05 04:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-26 21:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 21:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 21:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:49 - 2013-02-06 13:42 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 19:49 - 2013-02-06 13:42 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-09 08:14 - 2014-05-15 18:25 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 18:25 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-07 20:13 - 2013-10-18 03:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-05-07 20:11 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 20:12 - 2013-07-18 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-06 18:14 - 2014-04-15 01:16 - 00000000 ____D () C:\ProgramData\Real
2014-05-06 06:40 - 2014-05-16 03:06 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 03:06 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 03:06 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 03:06 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-01 01:35 - 2011-11-04 10:02 - 00700126 _____ () C:\windows\system32\perfh007.dat
2014-05-01 01:35 - 2011-11-04 10:02 - 00149976 _____ () C:\windows\system32\perfc007.dat
2014-05-01 01:35 - 2009-07-14 07:13 - 01622196 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-01 01:26 - 2013-01-08 00:06 - 00000000 ____D () C:\Users\Samsung
2014-05-01 01:25 - 2013-11-05 03:45 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Screen Calendar
2014-05-01 01:25 - 2013-02-06 13:30 - 00000000 ____D () C:\windows\system32\Macromed
2014-05-01 01:25 - 2013-01-08 00:16 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-05-01 01:25 - 2011-11-03 19:43 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-04-27 22:16 - 2013-07-20 04:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Nvu
2014-04-27 21:55 - 2013-11-15 22:58 - 00000854 _____ () C:\Users\Samsung\Desktop\Demon Slayer - Anmeldeclient.lnk

Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe
C:\Users\Samsung\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
C:\Users\Samsung\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:54

==================== End Of Log ============================

--- --- ---

Machiavelli · 26.05.2014, 21:24

Schritt 1: FRST Fix

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe
C:\Users\Samsung\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
C:\Users\Samsung\AppData\Local\Temp\stubhelper.dll
AlternateDataStreams: C:\ProgramData\Temp:373E1720

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2: FRST Scan

Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan.

Schritt 3: ESET

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4: Frage

Wie läuft Dein PC?

jogine · 27.05.2014, 02:34

Es kommt immer die meldung das er die Fixlist.txt nicht findet.

Zitat:

Zitat von jogine

Es kommt immer die meldung das er die Fixlist.txt nicht findet.

Hat nun doch geklappt

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Samsung at 2014-05-26 22:52:19 Run:2
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe
C:\Users\Samsung\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
C:\Users\Samsung\AppData\Local\Temp\stubhelper.dll
AlternateDataStreams: C:\ProgramData\Temp:373E1720
*****************

"C:\windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe => Moved successfully.
"C:\Users\Samsung\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Samsung\AppData\Local\Temp\stubhelper.dll" => File/Directory not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.

==== End of Fixlog ====

Schritt 2:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by Samsung (administrator) on SAMSUNG-PC on 26-05-2014 22:53:52
Running from C:\FRST
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(FeatherySoft, Inc.) C:\Program Files (x86)\Screen Calendar\scrcal.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
() C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
() C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12666984 2011-08-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2014-04-15] (RealNetworks, Inc.)
HKU\S-1-5-21-983883370-204824152-491102941-1000\...\Run: [Screen Calendar] => C:\Program Files (x86)\Screen Calendar\scrcal.exe [1535488 2007-11-21] (FeatherySoft, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{EDC91F87-BEDA-40C6-AF9F-0E4412D7626A}: [NameServer]139.7.30.126 139.7.30.125

FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WEB.DE MailCheck - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\s37j0nmv.default\Extensions\toolbar@web.de.xpi [2014-04-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-04-15]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://www.google.com"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-12]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-12]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-12]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-12]
CHR Extension: (No Name) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2014-04-12]
CHR Extension: (RealDownloader) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-04-12]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-12]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-12]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1017424 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] ()
R2 UI Assistant Service; C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [84720 2013-12-18] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-05-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-12-28] (Windows (R) 2003 DDK 3790 provider)
R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-26 22:50 - 2014-05-26 22:51 - 00000411 _____ () C:\Users\Samsung\Desktop\Fixlist.txt
2014-05-26 22:10 - 2014-05-26 22:10 - 00001342 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-05-26 22:01 - 2014-05-26 22:01 - 00000000 ____D () C:\windows\ERUNT
2014-05-26 22:00 - 2014-05-26 22:00 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-05-26 21:57 - 2014-05-26 21:57 - 00001945 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-05-26 21:27 - 2014-05-26 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 21:27 - 2014-05-26 21:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:27 - 2014-05-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:27 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:26 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-26 21:26 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-26 21:26 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-26 21:24 - 2014-05-26 21:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-05-26 21:15 - 2014-05-26 21:17 - 00000000 ____D () C:\AdwCleaner
2014-05-26 21:13 - 2014-05-26 21:13 - 01327971 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
2014-05-26 20:19 - 2014-05-26 22:15 - 00035841 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-05-26 20:18 - 2014-05-26 22:53 - 00000000 ____D () C:\FRST
2014-05-26 20:18 - 2014-05-26 22:15 - 00036903 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-24 01:38 - 2014-05-24 01:46 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:06 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 03:06 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 03:06 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 03:06 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 03:06 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-15 18:25 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-15 18:25 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-15 18:25 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-15 18:25 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-15 18:25 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-15 18:24 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-15 18:24 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-15 18:24 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-15 18:24 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-15 18:24 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-05-15 18:24 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-15 18:24 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-15 18:24 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2014-05-15 18:24 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2014-05-15 18:24 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-05-15 18:24 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-15 18:24 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-14 20:00 - 2014-05-15 20:10 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-04-14 20:13 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 20:12 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-05-07 20:12 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-05-07 20:12 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-05-07 20:11 - 2014-05-07 20:12 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 03:00 - 2014-05-16 03:10 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-06 21:15 - 2014-05-26 22:35 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-06 21:15 - 2014-05-24 01:54 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-06 21:15 - 2014-05-24 01:54 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-06 21:15 - 2014-05-21 04:02 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-06 21:15 - 2014-05-21 04:02 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-01 01:28 - 2014-05-26 22:35 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-01 01:27 - 2014-05-26 22:35 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000

==================== One Month Modified Files and Folders =======

2014-05-26 22:53 - 2014-05-26 20:18 - 00000000 ____D () C:\FRST
2014-05-26 22:51 - 2014-05-26 22:50 - 00000411 _____ () C:\Users\Samsung\Desktop\Fixlist.txt
2014-05-26 22:51 - 2013-02-06 13:30 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-26 22:43 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 22:43 - 2009-07-14 06:45 - 00020992 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 22:40 - 2014-04-13 00:40 - 00000286 _____ () C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job
2014-05-26 22:40 - 2011-11-04 10:55 - 01343941 _____ () C:\windows\WindowsUpdate.log
2014-05-26 22:37 - 2014-05-26 21:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-26 22:35 - 2014-05-06 21:15 - 00000384 _____ () C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job
2014-05-26 22:35 - 2014-05-01 01:28 - 00003218 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 22:35 - 2014-05-01 01:27 - 00003348 _____ () C:\windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-26 22:35 - 2014-04-13 00:42 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-05-26 22:35 - 2013-02-06 13:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CrashDumps
2014-05-26 22:34 - 2014-04-13 23:28 - 00002408 _____ () C:\windows\setupact.log
2014-05-26 22:34 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-26 22:33 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-05-26 22:22 - 2014-04-14 18:51 - 00005426 _____ () C:\windows\PFRO.log
2014-05-26 22:15 - 2014-05-26 20:19 - 00035841 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-05-26 22:15 - 2014-05-26 20:18 - 00036903 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-05-26 22:10 - 2014-05-26 22:10 - 00001342 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-05-26 22:01 - 2014-05-26 22:01 - 00000000 ____D () C:\windows\ERUNT
2014-05-26 22:00 - 2014-05-26 22:00 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-05-26 21:57 - 2014-05-26 21:57 - 00001945 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-05-26 21:50 - 2009-07-14 07:37 - 00000000 ____D () C:\windows\DigitalLocker
2014-05-26 21:27 - 2014-05-26 21:27 - 00001098 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-26 21:27 - 2014-05-26 21:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-05-26 21:27 - 2014-05-26 21:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-05-26 21:26 - 2014-05-26 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-26 21:24 - 2014-05-26 21:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:17 - 2014-05-26 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-26 21:13 - 2014-05-26 21:13 - 01327971 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.211.exe
2014-05-24 05:17 - 2013-07-27 22:36 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-05-24 01:54 - 2014-05-06 21:15 - 00002976 _____ () C:\windows\System32\Tasks\ReclaimerUpdateFiles_Samsung
2014-05-24 01:54 - 2014-05-06 21:15 - 00000378 _____ () C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job
2014-05-24 01:46 - 2014-05-24 01:38 - 00000033 _____ () C:\Users\Samsung\Desktop\Chat.txt
2014-05-22 18:23 - 2014-01-16 19:19 - 00003370 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-22 18:23 - 2013-11-10 19:57 - 00003240 _____ () C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000
2014-05-21 20:41 - 2014-05-21 20:41 - 00000854 _____ () C:\Users\Samsung\Desktop\10Slide-Video-Shows.lnk
2014-05-21 20:41 - 2014-05-21 20:41 - 00000812 _____ () C:\Users\Samsung\Desktop\10Slide-Shows.lnk
2014-05-21 04:02 - 2014-05-06 21:15 - 00002972 _____ () C:\windows\System32\Tasks\ReclaimerUpdateXML_Samsung
2014-05-21 04:02 - 2014-05-06 21:15 - 00000374 _____ () C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job
2014-05-19 20:01 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-05-19 18:25 - 2014-05-19 18:25 - 00001017 _____ () C:\Users\Samsung\Desktop\0-BA-Archiv.lnk
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 03:13 - 2013-01-08 00:12 - 00000000 ___RD () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 03:10 - 2014-05-07 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-16 03:06 - 2013-03-16 06:22 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 03:05 - 2013-07-25 03:00 - 00000000 ____D () C:\windows\system32\MRT
2014-05-16 03:03 - 2013-02-06 20:07 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-15 20:10 - 2014-05-14 20:00 - 00000896 _____ () C:\Users\Samsung\Desktop\0-Slide-Auswahl.lnk
2014-05-15 18:10 - 2013-02-06 13:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 19:52 - 2013-02-06 13:30 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-14 19:52 - 2013-02-06 13:30 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-14 19:52 - 2013-02-06 13:30 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-05-14 18:26 - 2013-06-05 04:16 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-26 21:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-26 21:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-26 21:26 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 23:22 - 2014-05-11 23:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-09 19:49 - 2013-02-06 13:42 - 00001155 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-09 19:49 - 2013-02-06 13:42 - 00001143 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-09 19:47 - 2014-05-09 19:47 - 29340824 _____ (Mozilla) C:\Users\Samsung\Downloads\WEB.DE_Firefox_Setup.exe
2014-05-09 08:14 - 2014-05-15 18:25 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 18:25 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-07 20:13 - 2013-10-18 03:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-07 20:12 - 2014-05-07 20:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-07 20:12 - 2014-05-07 20:11 - 00004253 _____ () C:\windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-05-07 20:12 - 2013-07-18 18:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-06 21:15 - 2014-05-06 21:15 - 00003624 _____ () C:\windows\System32\Tasks\RNUpgradeHelperResumePrompt_Samsung
2014-05-06 21:15 - 2014-05-06 21:15 - 00002680 _____ () C:\windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung
2014-05-06 18:30 - 2014-05-06 18:30 - 00000000 ____D () C:\Users\Samsung\Documents\Youcam
2014-05-06 18:27 - 2014-05-06 18:27 - 00000000 ____D () C:\Users\Samsung\AppData\Local\CyberLink
2014-05-06 18:14 - 2014-04-15 01:16 - 00000000 ____D () C:\ProgramData\Real
2014-05-06 06:40 - 2014-05-16 03:06 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 03:06 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 03:06 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 03:06 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-01 01:35 - 2011-11-04 10:02 - 00700126 _____ () C:\windows\system32\perfh007.dat
2014-05-01 01:35 - 2011-11-04 10:02 - 00149976 _____ () C:\windows\system32\perfc007.dat
2014-05-01 01:35 - 2009-07-14 07:13 - 01622196 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-01 01:26 - 2013-01-08 00:06 - 00000000 ____D () C:\Users\Samsung
2014-05-01 01:25 - 2013-11-05 03:45 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Screen Calendar
2014-05-01 01:25 - 2013-02-06 13:30 - 00000000 ____D () C:\windows\system32\Macromed
2014-05-01 01:25 - 2013-01-08 00:16 - 00000000 ____D () C:\Program Files (x86)\1&1 Surf-Stick
2014-05-01 01:25 - 2011-11-03 19:43 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-05-01 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\AppCompat
2014-04-27 22:16 - 2013-07-20 04:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Nvu
2014-04-27 21:55 - 2013-11-15 22:58 - 00000854 _____ () C:\Users\Samsung\Desktop\Demon Slayer - Anmeldeclient.lnk

Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-19 19:54

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by Samsung at 2014-05-26 22:54:34
Running from C:\FRST
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3538.0513 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.82 - WildTangent) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{1B4ED54A-A741-5D36-40C6-0DA839CA033F}) (Version: 3.0.851.0 - Advanced Micro Devices, Inc.)
AMD Steady Video Plug-In  (Version: 2.02.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.82 - WildTangent) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2011.1013.1701.28713 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2011.1013.1702.28713 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink Media Suite (x32 Version: 8.0.2227 - CyberLink Corp.) Hidden
CyberLink Media+ Player10 (HKLM-x32\...\InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}) (Version: 10.0.1110.00 - CyberLink Corp.)
CyberLink Media+ Player10 (x32 Version: 10.0.1110.00 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 5.0.1130a - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3802 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3802 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.3306 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.3306 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.4417 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.1.4417 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.82 - WildTangent) Hidden
Easy File Share (HKLM-x32\...\{95BB7324-77D3-4BF3-8CF6-29F0857AC175}) (Version: 1.1.1699 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics Co., Ltd.)
Farm Frenzy (x32 Version: 2.2.0.82 - WildTangent) Hidden
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
John Deere Drive Green (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MAGIX Foto Designer 7 (HKLM-x32\...\MAGIX_{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}) (Version: 7.0.1.1 - MAGIX AG)
MAGIX Foto Designer 7 (Version: 7.0.1.1 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nvu 1.0 (HKLM-x32\...\Nvu_is1) (Version: 1.0 - Thorsten Fritz)
Peggle (x32 Version: 2.2.0.82 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6433 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.1.5 - Samsung)
Screen Calendar 7.4 (HKLM-x32\...\Screen Calendar_is1) (Version:  - FeatherySoft, Inc., 2002-2007)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.3 - )
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.1.5 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live fotoattēlu galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogaléria (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Foto-galerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galeria de Fotos (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Galerija fotografija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Pošta (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 메일 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 사진 갤러리 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 필수 패키지 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinTools.net 10.4.1 Professional (HKLM-x32\...\{727A7452-9B12-4E45-B29A-BFEFA2FF8A7E}_is1) (Version:  - Godlike Developers SEG, Ltd.)
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

11-05-2014 21:14:21 Windows-Sicherung
15-05-2014 16:17:59 Windows Update
16-05-2014 01:00:29 Windows Update
19-05-2014 16:28:48 Windows-Sicherung
20-05-2014 01:02:43 Windows Update
21-05-2014 23:51:26 Microsoft Office File Validation Add-In wird entfernt
23-05-2014 16:11:45 Windows Update
26-05-2014 16:29:57 Windows-Sicherung

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-05-22 03:59 - 00000906 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 hxxp://www.x247.mobi
127.0.0.1 www.x247.mobi
127.0.0.1 x247.mobi


==================== Scheduled Tasks (whitelisted) =============

Task: {114B9B5B-7E32-45A0-AE9E-AEE9B9FB71B2} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2011-09-28] (Samsung Electronics)
Task: {16B4A539-1E0F-4494-A116-0F73C3892A4E} - System32\Tasks\ReclaimerUpdateXML_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {1A44EB23-71F0-4A11-9142-873EA06532D3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {22168255-EFD8-45C2-A100-630857081863} - System32\Tasks\RNUpgradeHelperLogonPrompt_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {377BBBE0-414A-4915-926D-EB06BB1BD677} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {42B50F42-EEB4-4A36-BF7A-64DA8AF64C03} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {438A3ABF-9338-4E28-8594-3DC780FB5F54} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2011-06-24] (SEC)
Task: {4A1BFE3E-8B8B-4166-A9ED-03FCFA6E346D} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2011-08-22] (Samsung Electronics Co., Ltd.)
Task: {4C8BB106-C58D-4D76-A474-8748A8D3175D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {4CA439BD-9170-48F5-925D-9098229ACF6F} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {56655CE9-50A1-4A30-A096-8FDB4DABAE32} - System32\Tasks\ReclaimerUpdateFiles_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {56886B43-1B4F-4E8F-BE92-BC8F6F20C3AF} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {74FFFE52-D17E-4773-A457-858E77AE6B8D} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {86FB5655-D695-4D53-8507-7FF08092FE88} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2011-08-19] (Samsung Electronics Co., Ltd.)
Task: {89D87753-CB51-4FC0-BB6C-2A703971454E} - System32\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22} => C:\Program Files\V-bates\PrefHelper.exe
Task: {8C128A29-BC22-409A-B3B4-B6A225FC4454} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-08-17] (CyberLink)
Task: {A0A53534-6450-49E5-909D-C339CEB3FFF9} - System32\Tasks\RNUpgradeHelperResumePrompt_Samsung => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-05-06] (RealNetworks, Inc.)
Task: {AA2A8B63-9CE9-4628-8997-C5D4E0380EAC} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2011-09-06] (Samsung Electronics Co., Ltd.)
Task: {B57D0930-1EA3-4DB7-81C6-A4D55380B940} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-08-19] (SAMSUNG Electronics co., LTD.)
Task: {DA38EA6C-19C7-4BB4-93FE-42E9F901EC77} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {DF668C1B-0695-4548-80A1-6FACF712B136} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-983883370-204824152-491102941-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FF Watcher {49148E1D-9E08-4D34-B991-ACF2642FAB22}.job => C:\Program Files\V-bates\PrefHelper.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Samsung.job => C:\Users\Samsung\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-11-03 20:41 - 2009-12-01 09:21 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00253264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\AssistantServices.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00139088 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIExec.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 01248080 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIMain.exe
2013-01-08 00:16 - 2010-12-08 11:45 - 00718672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\CMUpdater.exe
2011-03-14 07:21 - 2011-03-14 07:21 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-10-13 10:01 - 2011-10-13 10:01 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-11-05 19:24 - 2013-10-10 20:14 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-11-05 03:45 - 2003-08-23 14:42 - 00009728 _____ () C:\Program Files (x86)\Screen Calendar\scdesk.dll
2011-11-03 19:29 - 2011-02-16 18:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2011-11-03 19:29 - 2006-08-12 05:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2011-11-03 19:43 - 2010-05-07 16:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2009-11-02 07:20 - 2009-11-02 07:20 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 07:23 - 2009-11-02 07:23 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00245584 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UICommonDlg.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00372048 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UISkin.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00090448 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\SysService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00142160 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00230224 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BISetting.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00125264 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BILog.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00141648 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDevManager.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00270672 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIDataBase.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00124752 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConnectRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00089936 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BICallRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00095568 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIVoice.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00184144 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BICodec.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00152400 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIRas.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00222544 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BISms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00098128 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIStk.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00095568 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIUssd.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00231760 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIConfig.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00177488 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIXml.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00175440 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIPhoneBook.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00236368 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BKService.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00135504 _____ () C:\Program Files (x86)\1&1 Surf-Stick\Component\BIOptimizationClient.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00699728 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00595792 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIConnectRecord.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 01354064 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UISetting.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00675152 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIPhoneBook.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00309584 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIStk.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00323920 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIUssd.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00564560 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UIPlugIn\UIMms.dll
2013-01-08 00:16 - 2010-12-08 11:45 - 00617808 _____ () C:\Program Files (x86)\1&1 Surf-Stick\UpdateAgent.dll
2014-05-11 23:22 - 2014-05-11 23:22 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/26/2014 10:36:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 10:35:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x708
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3

Error: (05/26/2014 10:24:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/26/2014 10:23:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: comctl32.dll, Version: 6.10.7601.17514, Zeitstempel: 0x4ce7c45b
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000087756
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3


System errors:
=============
Error: (05/26/2014 10:34:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (05/26/2014 10:34:05 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (05/26/2014 10:21:59 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 31%
Total physical RAM: 5611.8 MB
Available physical RAM: 3839.59 MB
Total Pagefile: 11221.78 MB
Available Pagefile: 8895.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:178 GB) (Free:120.23 GB) NTFS
Drive d: () (Fixed) (Total:266.26 GB) (Free:100.03 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:670.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 933609DD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=178 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=266 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=21 GB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: ED53FD95)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Schritt 3 :

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fdcac220fc580048825622f1fa970f15
# engine=18420
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-27 01:06:54
# local_time=2014-05-27 03:06:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 31444 19723972 24186 0
# compatibility_mode=5893 16776573 100 94 17564 152782664 0 0
# scanned=678651
# found=38
# cleaned=0
# scan_time=14611
sh=1409EBB3A3E32D47579100DF86DC75C2C3251B1D ft=1 fh=1bb22fea6c29b3c4 vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaApp.dll.vir"
sh=D698B030B32596B463C472026A960115CF8BA08D ft=1 fh=757d60309ad51e46 vn="möglicherweise Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaEng.dll.vir"
sh=FF2381AE65749BA610DF97FAF88952CF15FEF138 ft=1 fh=d64f7ddedf260d1b vn="Variante von Win32/Toolbar.Montiera.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltasrv.exe.vir"
sh=074AD2C240AB3B311E098DA70E99C4C89063B7C8 ft=1 fh=6104037dd21597ba vn="Variante von Win32/Toolbar.Montiera.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll.vir"
sh=3400046C996E0D40BFDA36663BE83C5AF213497E ft=1 fh=ee0b8dcbe432084b vn="Win32/Toolbar.Montiera.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\escortShld.dll.vir"
sh=C9B1C1D6B536D17E425934058F0D49A0876B8C14 ft=1 fh=0271089e341685c4 vn="Win32/Toolbar.Montiera.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\uninstall.exe.vir"
sh=B268732563F607687B0B5E63991763FEBF315D46 ft=1 fh=a9a8061b52917652 vn="Variante von Win32/Toolbar.Escort.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll.vir"
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=E9592266103DB5DB9AEFA9DC275C428776FAA6B3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\1Extension.crx.vir"
sh=1D60057E31D68DAC129E88544FCEAC06BA2641EF ft=1 fh=d5c45b9c3795e895 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\BrowserHelper.exe.vir"
sh=51150324F19B3A230711F33EA649F0FD27593BEC ft=1 fh=85d04357595d9d9a vn="Variante von Win32/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll.vir"
sh=B3F2A663EA12BD3FCF12C0155831A507D049880C ft=1 fh=9a8b07dd42880503 vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll.vir"
sh=ED61837EA13EB2345D60A2DC6913E50D6E9F1845 ft=1 fh=727bb84eddd6957d vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=59C35A4143BEA5B68903A35A3B49389A13E27C07 ft=1 fh=31beb38548f87e69 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=98A97020BD5971B7930AB76EE6BAA83E1DABC374 ft=1 fh=7f7f8030d70457d7 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\SmartbarVersionsHelper.exe.vir"
sh=BF7FE30C503946693F1B259C3FEE344E99FBEB16 ft=1 fh=2c7c2b40cf232b45 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\ar\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=E2B5E4B63882FD2AF0A66C976EE705B2090A4DBC ft=1 fh=7adf479c1795d6a8 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=90CA2A3BBE1438B67F7EFCF7E395D5CE0D1B670B ft=1 fh=47bde7c32977b69b vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\es\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=EA7B84467A95967AF9079BD198A89B8B25CA406B ft=1 fh=58bb92387d6cbfba vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\fr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=A514CCA0A83D106BCD3D6B0DE8EE734E523F344F ft=1 fh=2fa8d838e9da82e6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\he\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=48C826EF00938F035C91C9F6B3E167CB21D96633 ft=1 fh=59fac0a23423ab50 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_16.dll.vir"
sh=45F4ABE93E1FB333545719948B418FB1207A5085 ft=1 fh=3a58b09db4698b9d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_17.dll.vir"
sh=FED76CBD8D5660DEC60B3F16547372DEE7F87FA6 ft=1 fh=9705b06916654cd4 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_18.dll.vir"
sh=C8F23EFE19C6A36D8921AE5C96F95808EBEFBE05 ft=1 fh=8064b8d931435e04 vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_19.dll.vir"
sh=C7E054C7BA58AE2D703DB29C52346A3ED84FEF57 ft=1 fh=53532950b9749a4f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_20.dll.vir"
sh=C546BA3CA78F93EB65DCCEA191BC40B9F940E2EA ft=1 fh=6fd80785d353cf5d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_21.dll.vir"
sh=2929625AF0E9E86636D63D4897C1280CC188B7F1 ft=1 fh=cd0cfdbf6d0c8563 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\it\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=568041F03905BB15B91281A1BE70C23B42D56901 ft=1 fh=2846c5eb46e1a0d6 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\nl\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=D846AB5B21A3FEA12124DE25C8535B3795DA272C ft=1 fh=8fe426b95015bcf5 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\pt\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=0970809A93EE68C14DABDA82BF39ECF82CDB7A6A ft=1 fh=fb8388dd95fa8e01 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\ru\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=EAE6B13F28FCC474E5033192739D1126DEBB0EF9 ft=1 fh=8c295593cc4df9e1 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Local\Smartbar\Application\tr\Smartbar.Resources.LanguageSettings.resources.dll.vir"
sh=EF4C360417A228609DEB6138034F27B245EAF0ED ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\e60ddef-7d91f323"
sh=B4B5F63FC0ACE7BC099D7454C5295A670DC2CC17 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\52d511f0-4ca036ca"
sh=59CAFA6945852F1F2D3D75951E4335D346F361C4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2b926585-6583d4da"
sh=EB9BD8ED168522F8FEE1405E7DDA70D6E1F10930 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\51683437-7eea8b1d"
sh=FF8AB93B285C66D45C4DF48FB81B86806F582C9F ft=1 fh=20a03832ce4d50ab vn="Variante von Win32/SoftonicDownloader.F evtl. unerwünschte Anwendung" ac=I fn="F:\Sicherung\Downloads\SoftonicDownloader_fuer_ws-ftp.exe"
sh=BE6DF413F8E7D87A7B5DAD15FDDED148EDAB56D0 ft=1 fh=8326362d6880baa8 vn="Win32/Toolbar.SearchSuite evtl. unerwünschte Anwendung" ac=I fn="F:\Sicherung G\Programme\Free Flv Converter\Setup74_FreeFlvConverter.exe"
sh=AA7A2020946BDEF7F0A5B31C451ED2B1497AD989 ft=1 fh=101dd94e71e19a21 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="F:\Sicherung G\Programme\X Code pack\SoftonicDownloader_fuer_x-codec-pack.exe"

Zu Schritt 4 Frage:
Also der PC läuft, ich habe den PC neu gestartet und eine Seite im Internet aufgerufen bei der ich immer zu x247.mobi weitergeleitet wurde. Daran hat sich nichts geändert. Allerdings glaube ich auch das es vieleicht ein Problem bei der Seite sein kann.
Bei den meisten Seiten 99% habe ich keine Probleme damit.

Allerdings habe ich dieses Problem auf meinem anderen rechner zu hause noch nicht so feststellen können, auch nicht beim Aufruf der besagten Seite.

Eine andere Sache wozu ich noch eine Frage habe: Wie ist das mit dem Programm " Malwarebytes Anti-Malware " muss das auch deinstaliert werden? Dises meldet sich ab und zu und warnt vor gefählichen seiten und blockiert diese. gibt es evtl. probleme mit Antivirus? Man soll ja nicht zwei Virusprogramme paralell laufen lassen habe ich gehört.

Der Onlinscann hat ja auch noch was gesunden - aber ich weis nicht ob das relevant ist.

Gruß jogine

Machiavelli · 27.05.2014, 15:34

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\e60ddef-7d91f323
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\52d511f0-4ca036ca
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2b926585-6583d4da
F:\Sicherung G\Programme\Free Flv Converter
F:\Sicherung G\Programme\X Code pack
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Nach diesem Fix sollte das Problem verschwunden sein, stimmts?

Zitat:

Eine andere Sache wozu ich noch eine Frage habe: Wie ist das mit dem Programm " Malwarebytes Anti-Malware " muss das auch deinstaliert werden? Dises meldet sich ab und zu und warnt vor gefählichen seiten und blockiert diese. gibt es evtl. probleme mit Antivirus? Man soll ja nicht zwei Virusprogramme paralell laufen lassen habe ich gehört.

Deine Entscheidung.

jogine · 27.05.2014, 17:42

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-05-2014 02
Ran by Samsung at 2014-05-27 18:30:36 Run:3
Running from C:\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\e60ddef-7d91f323
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\52d511f0-4ca036ca
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2b926585-6583d4da
F:\Sicherung G\Programme\Free Flv Converter
F:\Sicherung G\Programme\X Code pack
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe
*****************

C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\e60ddef-7d91f323 => Moved successfully.
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\52d511f0-4ca036ca => Moved successfully.
C:\Users\Samsung\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\2b926585-6583d4da => Moved successfully.
F:\Sicherung G\Programme\Free Flv Converter => Moved successfully.
F:\Sicherung G\Programme\X Code pack => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
C:\Users\Samsung\AppData\Local\Temp\avgnt.exe => Moved successfully.

==== End of Fixlog ====

Also das Problem mit der Seit ist nach wie vor vorhanden - Ich rufe die seite auf nach ein paar Sekunden ist sie weg und die Seite x247.mobi erscheint dort soll ich eine Altersbestätigung anklicken was ich allerdings nicht tue. die webadresse ist dann www.otmsrv.comundsoweiter, manchmal blockiert Firefox die Weiterleitung aber nicht immer.

Gruß jogine

weiterleitung auf die seite X247.mobi

Alles rund um Windows: weiterleitung auf die seite X247.mobi

Problem: weiterleitung auf die seite X247.mobi